[SAtalk] memory leaking spamd procs
(writing on behalf of the day job) We are suffering from run-away spamd processes, growing to large memory usage and in effect killing all mail delivery. This last happened Sunday pm and until someone gets to the office we are still without mail. Looking through the archives I found a message from Daniel Siegers dated last July which describes the same situation, but there does not seem to be a response. > After a while everythings running fine, there are some spamd procs > left that leak memory. All spamd procs start with a memory usage of > about 20MB and exit after a while. These leaking procs use up to 250MB > and where still growing when i killed them. We are running Redhat 7.x I think. Spamassassin was installed this autumn; cannot check which version but I think 2.60 (machine only replies to ping but not ssh). Any suggestions? ==John ffitch --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
Re: [SAtalk] To: you Cc: friend -- New spammer trick?
--On Sunday, December 21, 2003 3:13 PM -0700 Bob Proulx <[EMAIL PROTECTED]> wrote: In the last month my girlfriend and I have been getting a number of spams which have been addressed To: me and Cc: to her. This seems to be a new spammer trick. Use not just a database of email addresses but a database of To: Cc: headers combined in an attempt to get through people's filters. And it worked because when she saw that it was addressed to me she read them, and then told me about them. This must have been scraped from some greeting card site or someplace but I can't deduce any association. Not sure what can be done about those other than just to ignore them. Note that SA was able to tag these just fine from the contents. But it would be useful if there were a way to make use of this association. I get a bunch of these - oddly addressed to evan and then cc'd [EMAIL PROTECTED] Evan --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
[SAtalk] spamp.py and 4 hard messages
Hello, I created a Python script that can process Unix mbox files and generate statistics on the Bayesian filtering of SpamAssassin. I've ran the script (called 'spamp.py') on a Unix mbox containing a total of 4381 messages. The mbox contained 2615 dutch non-spam messages, 1 misclassified english non-spam message and 728 spam messages (all from december 2003). The mbox also contained 133 messages that didn't have a "X-Spam-Status" header, and 904 of the messages didn't have a BAYES_* test. The script produced the following results: SPAMP_REPORT_BAYES, (#=4381, no_saheader=133, no_bayes=904) === Bayes Non-spam Spam Total -- BAYES_00 1836 2 1838 BAYES_01 567 1 568 BAYES_10 109 0 109 BAYES_2061 061 BAYES_3029 029 BAYES_40 2 0 2 BAYES_44 7 2 9 BAYES_50 2 6 8 BAYES_60 1 0 1 BAYES_70 0 4 4 BAYES_80 0 5 5 BAYES_90 1 7 8 BAYES_99 0 702 702 -- Total:2615 729 3344 Interpretation of the results = So only 1 out of the 3344 e-mails was misclassified! I'm not very unsatisfied with my Bayesian filter ;) I've then interpreted the spam mails with BAYES_00 or BAYES_01, and the ham mail with BAYES_90: X-Comment: This is a Japanse mail of which I assume it is correctly classified as spam (as far as I can see) Subject: [Plone-developers] ?$BL$>5Bz9-9p"( X-Spam-Status: Yes, hits=5.5 required=5.0 tests=BAYES_00, CHARSET_FARAWAY_HEADER,JAPANESE_UCE_SUBJECT,NO_REAL_NAME, RCVD_IN_BL_SPAMCOP_NET,UNWANTED_LANGUAGE_BODY autolearn=no version=2.60 X-Comment: this is definite spam, but why did it have BAYES_00? Subject: [Zope] How to make $250.000.- X-Spam-Status: Yes, hits=5.6 required=5.0 tests=AWL,BAYES_00,EARN_MONEY, FORGED_HOTMAIL_RCVD,HTML_FONT_BIG,HTML_MESSAGE,MIME_BASE64_LATIN, MIME_BASE64_TEXT,RAZOR2_CF_RANGE_51_100,RAZOR2_CHECK, RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_SORBS autolearn=no version=2.60 X-Comment: This mail is correctly classified as ham, but it has quite a high score and BAYES_90 From: "eBay" <[EMAIL PROTECTED]> Subject: Who's left on your list? X-Spam-Status: No, hits=4.3 required=5.0 tests=AWL,BAYES_90,EXCUSE_14, HTML_50_60,HTML_MESSAGE,HTML_TITLE_UNTITLED,OFFERS_ETC autolearn=no version=2.60 X-Comment: This is the only misclassified ham document I could find The To-header contains a lot of repetition, and it sent using an asian (?) mailclient (I didn't obfuscate the e-mailadress in this e-mail yet) Subject: jahia.properties Database X-Spam-Status: Yes, hits=8.5 required=5.0 tests=AWL,BAYES_01,BODY_8BITS, CHARSET_FARAWAY_HEADER,DATE_IN_PAST_12_24,INVALID_DATE, MIME_BASE64_TEXT, MIME_CHARSET_FARAWAY, SORTED_RECIPS, SUSPICIOUS_RECIPS autolearn=no version=2.60 --- The mailboxes of the 4 messages can be found at my public corpus: http://gewis.nl/~pieterb/spamp/publiccorpus/small/20031222-hardham.mbox.txt http://gewis.nl/~pieterb/spamp/publiccorpus/small/20031222-hardspam.mbox.txt (i did some obfuscation already) Download spamp.py version 0.100 (alpha) === The Python script can be downloaded from: http://www.gewis.nl/~pieterb/spamp/spamp.py/ The Python code and it's documentation (called the 'work') is licenced under the Creative Commons Attribution-ShareAlike 1.0 licence, see http://creativecommons.org/licenses/by-sa/1.0/ All disputes should be handled according to Dutch law. All bugs, questions, patches, feedback are welcome ;) Regards, PieterB -- No matter what goes wrong, there is always somebody who knew it would. --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
[SAtalk] Scanning bounce message attachments ?
Hi All, Recently our domain has been "joe jobbed" by some spammer, so our users are getting a lot of bounce messages with spam attachments. Unfortunately SpamAssassin is letting most of them through because the header tests won't match the headers from the attached spam message. Is there any way to get SpamAssassin to also scan the contents of the RFC822 attachment on a bounce message and flag it as spam if the attached returned message is spam ? I'm using procmail and spamc so I guess I could use the mime tools to extract RFC822 attachments and scan them seperately, but that means calling spamc twice, something I can't really afford to do when our server is under seige already. Anyone else have any thoughts ? Regards, Simon --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
[SAtalk] Strange DNSBL problem with spamassassin
Hi all, I have a strange problem with SpamAssassin and I can't find out a solution to this: We use a McAfee Webshield SMTP in front of an IMail server, that scans for viruses and passes emails to IMail which runs on another port than 25. IMail analyzes the email then using spamc/spamd. When a client uses the virusscan smtp to send a new mail spamassassin determines the following hits for the mail: X-Spam-Status: No, hits=-0.7 required=5.0 tests=BAYES_00,RCVD_IN_DYNABLOCK, RCVD_IN_NJABL,RCVD_IN_NJABL_DIALUP,RCVD_IN_SORBS autolearn=no version=2.61 When I deactivate virusscan and use the IMail smtp directly the result is as follows: X-Spam-Status: No, hits=-4.9 required=5.0 tests=BAYES_00 autolearn=no version=2.61 The problem is that I don't see any real difference in the header between using virusscan + imail or only imail. I attached both headers, maybe you see a difference. Thanks, Robert virusscan+imail: -- Received: from belasrv4.belacove.com [10.0.0.166] by belasrv4.belacove.com (SMTPD32-8.04) id A653BD0003C; Sat, 20 Dec 2003 15:01:55 +0100 Received: From server14.asklepios.com ([194.25.110.113]) by belasrv4.belacove.com (WebShield SMTP v4.5 MR1a); id 1071928914522; Sat, 20 Dec 2003 15:01:54 +0100 Received: from server14.asklepios.com [194.25.110.113] by server14.asklepios.com (SMTPD32-8.04) id A6503423008E; Sat, 20 Dec 2003 15:01:52 +0100 Received: From jfk ([217.234.86.31]) by server14.asklepios.com (WebShield SMTP v4.5 MR1a); id 1071928911642; Sat, 20 Dec 2003 15:01:51 +0100 Reply-To: <[EMAIL PROTECTED]> From: "Robert Lacroix" <[EMAIL PROTECTED]> To: "'Robert Lacroix'" <[EMAIL PROTECTED]> Subject: test Date: Sat, 20 Dec 2003 15:01:51 +0100 Organization: Asklepios Kliniken GmbH MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook, Build 11.0.5510 Thread-Index: AcPHAdEKlZHDxGaKQUefPU1dKOZQ/A== X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Message-Id: <[EMAIL PROTECTED]> X-Spam-Checker-Version: SpamAssassin 2.61 (1.212.2.1-2003-12-09-exp) X-Spam-Level: X-Spam-Status: No, hits=-0.7 required=5.0 tests=BAYES_00,RCVD_IN_DYNABLOCK, RCVD_IN_NJABL,RCVD_IN_NJABL_DIALUP,RCVD_IN_SORBS autolearn=no version=2.61 X-RCPT-TO: <[EMAIL PROTECTED]> Status: U X-UIDL: 367860621 Return-Path: [EMAIL PROTECTED] X-OriginalArrivalTime: 20 Dec 2003 14:02:57.0726 (UTC) FILETIME=[F8A985E0:01C3C701] imail only: -- Received: from belasrv4.belacove.com [10.0.0.166] by belasrv4.belacove.com (SMTPD32-8.04) id AD3B15870132; Sat, 20 Dec 2003 14:23:07 +0100 Received: From asklepios.com ([194.25.110.113]) by belasrv4.belacove.com (WebShield SMTP v4.5 MR1a); id 1071926586614; Sat, 20 Dec 2003 14:23:06 +0100 Received: from jfk [217.234.86.31] by asklepios.com with ESMTP (SMTPD32-8.04) id AD393566011A; Sat, 20 Dec 2003 14:23:05 +0100 Reply-To: <[EMAIL PROTECTED]> From: "Robert Lacroix" <[EMAIL PROTECTED]> To: "'Robert Lacroix'" <[EMAIL PROTECTED]> Subject: test Date: Sat, 20 Dec 2003 14:23:05 +0100 Organization: Asklepios Kliniken GmbH MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook, Build 11.0.5510 Thread-Index: AcPG/GaDybDNfoLdQLSFUpCK2STYEA== X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Message-Id: <[EMAIL PROTECTED]> X-Spam-Checker-Version: SpamAssassin 2.61 (1.212.2.1-2003-12-09-exp) X-Spam-Level: X-Spam-Status: No, hits=-4.9 required=5.0 tests=BAYES_00 autolearn=no version=2.61 X-RCPT-TO: <[EMAIL PROTECTED]> Status: U X-UIDL: 367860617 Return-Path: [EMAIL PROTECTED] X-OriginalArrivalTime: 20 Dec 2003 13:24:00.0586 (UTC) FILETIME=[879E42A0:01C3C6FC] --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id78&alloc_id371&op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
Re: [SAtalk] Non-functioning sa-learn in SA 2.61 on Mandrake 9.2 system
The message that is returned looks something like this: Learned from 0 message(s) (5 message(s) examined) It appears that sa-learn is examining the file but is not learning from the messages. It looks to me that sa-learn is working -- you're just feeding it messages that it's already learnt from. It memorizes the message id to keep a record of what bayes has already seen. Casper. --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
Re: [SAtalk] Image-only spam
Are you making use of any of the distributed clearing houses such as DCC etc? On Dec 21, 2003, at 4:05 PM, Barry Callahan wrote: I installed Spamassassin from a RedHat RPM as a test a day or two ago, and it's properly flagging about 1/3 of the incoming SPAM as such. I have not played around with any of the settings yet. Half of what's getting through has a score of 3.6 - 4.0. This is not the group that overly concerns me, as I'm sure I can adjust things to get these properly detected. The other half of what's getting through, I'm not so sure about. It has a score of -1.1 - +1.1. Yes, I'm getting SPAM with a negative SPAM score. In all cases, the messages in the last group have the following in common: 1) They're Multipart Mime-formatted messages. 2) A text/plain section exists, but contains only blank lines. 3) The text/html section contains two or more HTML comments containing random alphanumeric strings. 4) The text/html section contains one or more image tags which reference images on some random webserver. 5) At least one of the images is a link. 6) The text/html section contains absolutely no displayable text. So, an example of what the text/html section might contain is: Is anyone else seeing SPAM like this? Would anyone be able to make suggestions on how to go about writing a ruleset to tag these? Thanks. Barry --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
Re: [SAtalk] Image-only spam
Heh. Ya know what? You were right. RedHat gave me 2.44. I just upgraded to 2.6.1 We'll see how it goes. Thanks. Barry Tom Meunier wrote: Before you play with the settings, consider updating to the current version of SpamAssassin. You're probably using 2.44; the current version is 2.61. At this point, that much spam getting through would be expected behavior. -tom --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
Re: [SAtalk] Non-functioning sa-learn in SA 2.61 on Mandrake 9.2 system
--On Sunday, December 21, 2003 17:48:35 -0500 Clive Dove <[EMAIL PROTECTED]> wrote: On Sunday 21 December 2003 15:28, Ian Southam wrote: > My sa-learn is no longer working. I had it functioning under Mandrake > 9.1 and > again under Mandrake 9.2 upgraded from 9.1. Check you have a perl module called DB_File installed. Without this, sa-learn will quietly fail (unless you have debug switched on). Ian Thank you. I have installed the perl-DB_file package and sa-learn is now working normally. I am now just waiting to see when the Bayesian routine kicks in on my incoming mail. 200 spam + 200 Ham. Clive --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk -- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 972-414-9812 E-Mail: [EMAIL PROTECTED] US Mail: 1905 Steamboat Springs Drive, Garland, TX 75044-6749 pgp0.pgp Description: PGP signature
Re: [SAtalk] Non-functioning sa-learn in SA 2.61 on Mandrake 9.2 system
On Sunday 21 December 2003 15:28, Ian Southam wrote: > > My sa-learn is no longer working. I had it functioning under Mandrake > > 9.1 > > and > > > again under Mandrake 9.2 upgraded from 9.1. > > Check you have a perl module called DB_File installed. Without this, > sa-learn will quietly fail (unless you have debug switched on). > > Ian Thank you. I have installed the perl-DB_file package and sa-learn is now working normally. I am now just waiting to see when the Bayesian routine kicks in on my incoming mail. Clive --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] Image-only spam
Try Fred's rules, http://www.merchantsoverseas.com/wwwroot/gorilla/90_FVGT.cf esp. this combo image only rule: metaFVGT_combo_IMAGEONLY1 ((HTML_IMAGE_ONLY_02 + MIME_HTML_ONLY + MIME_HTML_ONLY_MULTI) > 1) describeFVGT_combo_IMAGEONLY1 FVGT - Image only type spam? score FVGT_combo_IMAGEONLY1 4.3 I've seen it hitting on quite a few of the marginal spams, and pushing them over the top. If you send an offending example as a separate attachment with headers in tact, we can try out our custom rules and tell you which ones hit. Also, the version of SA you're using is important. Some earlier versions of SA did not properly decode base64 attachments, and thus a lot of spam got by. > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Barry > Callahan > Sent: Sunday, December 21, 2003 2:05 PM > To: [EMAIL PROTECTED] > Subject: [SAtalk] Image-only spam > > > I installed Spamassassin from a RedHat RPM as a test a day or two ago, > and it's properly flagging about 1/3 of the incoming SPAM as such. I > have not played around with any of the settings yet. > > Half of what's getting through has a score of 3.6 - 4.0. This is not > the group that overly concerns me, as I'm sure I can adjust things to > get these properly detected. > > The other half of what's getting through, I'm not so sure about. It has > a score of -1.1 - +1.1. Yes, I'm getting SPAM with a negative SPAM score. > > In all cases, the messages in the last group have the following in common: > > 1) They're Multipart Mime-formatted messages. > 2) A text/plain section exists, but contains only blank lines. > 3) The text/html section contains two or more HTML comments containing > random alphanumeric strings. > 4) The text/html section contains one or more image tags which reference > images on some random webserver. > 5) At least one of the images is a link. > 6) The text/html section contains absolutely no displayable text. > > So, an example of what the text/html section might contain is: > > > src="REMOVED" border=0> > > > Is anyone else seeing SPAM like this? > Would anyone be able to make suggestions on how to go about writing a > ruleset to tag these? > > Thanks. > > Barry > > > > > --- > This SF.net email is sponsored by: IBM Linux Tutorials. > Become an expert in LINUX or just sharpen your skills. Sign up for IBM's > Free Linux Tutorials. Learn everything from the bash shell to sys admin. > Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click > ___ > Spamassassin-talk mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/spamassassin-talk > --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] Image-only spam
Before you play with the settings, consider updating to the current version of SpamAssassin. You're probably using 2.44; the current version is 2.61. At this point, that much spam getting through would be expected behavior. -tom > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On > Behalf Of Barry Callahan > Sent: Sunday, December 21, 2003 4:05 PM > To: [EMAIL PROTECTED] > Subject: [SAtalk] Image-only spam > > I installed Spamassassin from a RedHat RPM as a test a day or > two ago, and it's properly flagging about 1/3 of the incoming > SPAM as such. I have not played around with any of the settings yet. > > Half of what's getting through has a score of 3.6 - 4.0. > This is not the group that overly concerns me, as I'm sure I > can adjust things to get these properly detected. > > The other half of what's getting through, I'm not so sure > about. It has a score of -1.1 - +1.1. Yes, I'm getting SPAM > with a negative SPAM score. > > In all cases, the messages in the last group have the > following in common: > > 1) They're Multipart Mime-formatted messages. > 2) A text/plain section exists, but contains only blank lines. > 3) The text/html section contains two or more HTML comments > containing random alphanumeric strings. > 4) The text/html section contains one or more image tags > which reference images on some random webserver. > 5) At least one of the images is a link. > 6) The text/html section contains absolutely no displayable text. > > So, an example of what the text/html section might contain is: > > > src="REMOVED" border=0> > > > Is anyone else seeing SPAM like this? > Would anyone be able to make suggestions on how to go about > writing a ruleset to tag these? > > Thanks. > > Barry > > > > > --- > This SF.net email is sponsored by: IBM Linux Tutorials. > Become an expert in LINUX or just sharpen your skills. Sign > up for IBM's Free Linux Tutorials. Learn everything from the > bash shell to sys admin. > Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click > ___ > Spamassassin-talk mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/spamassassin-talk > > --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id78&alloc_id371&op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
[SAtalk] To: you Cc: friend -- New spammer trick?
In the last month my girlfriend and I have been getting a number of spams which have been addressed To: me and Cc: to her. This seems to be a new spammer trick. Use not just a database of email addresses but a database of To: Cc: headers combined in an attempt to get through people's filters. And it worked because when she saw that it was addressed to me she read them, and then told me about them. This must have been scraped from some greeting card site or someplace but I can't deduce any association. Not sure what can be done about those other than just to ignore them. Note that SA was able to tag these just fine from the contents. But it would be useful if there were a way to make use of this association. Bob P.S. I received the first one like this in November with one style and then all of the others just recently with a second different style. Nov02 Shane Warren(5.9K) theres more to life than bills Dec18 Sharron Sizemor (8.6K) Bob go on vacation Dec19 Timmy Webster (9.0K) Bob go shopping Dec19 Elvira Koehler (7.3K) Bob Notice: 15 & 30 year rates at an all time low. Dec21 Clinton Lockwoo (9.0K) Bob we will help you get your loan --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
[SAtalk] Image-only spam
I installed Spamassassin from a RedHat RPM as a test a day or two ago, and it's properly flagging about 1/3 of the incoming SPAM as such. I have not played around with any of the settings yet. Half of what's getting through has a score of 3.6 - 4.0. This is not the group that overly concerns me, as I'm sure I can adjust things to get these properly detected. The other half of what's getting through, I'm not so sure about. It has a score of -1.1 - +1.1. Yes, I'm getting SPAM with a negative SPAM score. In all cases, the messages in the last group have the following in common: 1) They're Multipart Mime-formatted messages. 2) A text/plain section exists, but contains only blank lines. 3) The text/html section contains two or more HTML comments containing random alphanumeric strings. 4) The text/html section contains one or more image tags which reference images on some random webserver. 5) At least one of the images is a link. 6) The text/html section contains absolutely no displayable text. So, an example of what the text/html section might contain is: Is anyone else seeing SPAM like this? Would anyone be able to make suggestions on how to go about writing a ruleset to tag these? Thanks. Barry --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
Re: [SAtalk] replacing .cf files
At Sun Dec 21 20:04:48 2003, Amnon wrote: > > Since I didn't get any replies to my question about replacing the > .cf files in /usr/share/spamassassin with the newer ones that are on > the SA site (running ver. 2.60), I decided to try it anyway. Well > no errors, log looks fine, and spam is being flaged. That is > until. Later on in the day I noticed an email flagged as spam > which shouldn't have been because the address is in my user_prefs > file whitelist section. Looking at the headers it said nothing to > the fact that sender is in the whitelist. Turned out that > 20_head_tests.cf is the culprit. As long as I had the old one in > there everything was OK, until I replaced it. Well I took all the > new ones out of there, not knowing if/what else is broken. > > So I guess one cannot just replace the .cf files with newer ones, right? That's correct. The rules and scores are tied up with the code in the Perl module itself. The only way to upgrade SpamAssassin is to move wholesale from one version to a later one -- you can't just pick and choose components from different releases and expect it to work. You can however add regexp-rules and scores, which you'll see discussed regularly on this list. Martin -- Martin Radford | "Only wimps use tape backup: _real_ [EMAIL PROTECTED] | men just upload their important stuff -o) Registered Linux user #9257 | on ftp and let the rest of the world /\\ - see http://counter.li.org | mirror it ;)" - Linus Torvalds _\_V --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
Re: [SAtalk] replacing .cf files
On Sun, Dec 21, 2003 at 03:04:48PM -0500, Amnon wrote: > So I guess one cannot just replace the .cf files with newer ones, right? Can, with some kluging. Want to? Probably not. Most rule changes take place via code than via the cf files. -- Randomly Generated Tagline: I can't believe I ate the whole thing. -- Homer Simpson The Front pgp0.pgp Description: PGP signature
Re: [SAtalk] Non-functioning sa-learn in SA 2.61 on Mandrake 9.2 system
> My sa-learn is no longer working. I had it functioning under Mandrake 9.1 and > again under Mandrake 9.2 upgraded from 9.1. Check you have a perl module called DB_File installed. Without this, sa-learn will quietly fail (unless you have debug switched on). -- Ian --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
Re: [SAtalk] replacing .cf files
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sunday 21 December 2003 12:04 pm, Amnon wrote: > So I guess one cannot just replace the .cf files with newer ones, right? not sure what version you are using but it would appear not. On a side not when I upgraded my servers to using 2.60 I found it was quite a bit faster and the bayes was a little more accurate. - -- -~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~- Brook Humphrey Mobile PC Medic, 420 1st, Cheney, WA 99004, 509-235-9107 http://www.webmedic.net, [EMAIL PROTECTED], [EMAIL PROTECTED] Holiness unto the Lord -~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~- -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE/5gHcnT1TkA6FgPgRAmuuAJ9oPhUsth7WM6qkZ37n15jh4wWqCgCfSXH3 I63IuocUvryXfkftDBdUpCY= =b9C/ -END PGP SIGNATURE- --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id78&alloc_id371&op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
[SAtalk] replacing .cf files
Since I didn't get any replies to my question about replacing the .cf files in /usr/share/spamassassin with the newer ones that are on the SA site (running ver. 2.60), I decided to try it anyway. Well no errors, log looks fine, and spam is being flaged. That is until. Later on in the day I noticed an email flagged as spam which shouldn't have been because the address is in my user_prefs file whitelist section. Looking at the headers it said nothing to the fact that sender is in the whitelist. Turned out that 20_head_tests.cf is the culprit. As long as I had the old one in there everything was OK, until I replaced it. Well I took all the new ones out of there, not knowing if/what else is broken. So I guess one cannot just replace the .cf files with newer ones, right? --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
Re: [SAtalk] ... SA 2.61 eats mails ...
SA Can't delete anything, so it's either your MDA (probably Procmail) or your email client (broken filter?) that's doing the deleting. HTH, Rubin On Sun, 2003-12-21 at 12:34, Kai Poppe/Redaktion SDCE wrote: > Hello list, > > i've got a serious problem on my hand. Having installed postfix i set up > SpamAssassin and it perfectly worked until 2 days ago. I believe, I changed > nothing important but suddenly the mails piped from spamassassin through > sendmail to run into the appropiate mailboxes are deleted the instance they > arrive in the mailbox-file. > anyone had similar problems ? > > Regards > > Kai Michael Poppe, [EMAIL PROTECTED] > > > > --- > This SF.net email is sponsored by: IBM Linux Tutorials. > Become an expert in LINUX or just sharpen your skills. Sign up for IBM's > Free Linux Tutorials. Learn everything from the bash shell to sys admin. > Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click > ___ > Spamassassin-talk mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/spamassassin-talk -- Rubin Bennett <[EMAIL PROTECTED]> RB Technologies signature.asc Description: This is a digitally signed message part
[SAtalk] Non-functioning sa-learn in SA 2.61 on Mandrake 9.2 system
My sa-learn is no longer working. I had it functioning under Mandrake 9.1 and again under Mandrake 9.2 upgraded from 9.1. I had been running Spamassassin 2.60 and upgraded to 2.61. The only change that I made apart from installing the rpm was to delete my prior ~/.spamassassin/user_prefs and allow the new spamassassin to insert a default user_prefs. When I saw that 2.61 was working, I replaced the prior user_prefs which contained whitelisted friends and friendly organizations. The sa-learn utility worked in that set-up. Spamassassin worked in that setup and the Bayesian filter kicked in after about a fortnight. For reasons unrelated to spamassassin, I cleaned out my system and re-installed Mandrake 9.2 on a clean install (not upgraded as was the above setup) I installed spamassassin 2.61 from the rpm package that was linked from the Spamassassin site. I again piped spamassassin from KMail as its first rule and used X-Spam-Flag contains YES as the second KMail rule. I did not configure spamassassin in any manner but simply let it use the defaults and install the default user_prefs. Spamassassin is working and catching about 2/3 of the incoming spam. The Bayesian routines have not yet kicked in (after 2 days) However, sa-learn is not functioning at all. When I drag uncaught span to a folder created for the purpose (zsa-learn-spam) and then run this command: $ sa-learn ~/Mail/zsa-learn/cur The message that is returned looks something like this: Learned from 0 message(s) (5 message(s) examined) This command worked in the prior setup. I also tried using this instead (with a fresh group of messages): $ sa-learn ~/Mail/zsa-learn/* The same message was returned. It appears that sa-learn is examining the file but is not learning from the messages. I am at a loss as to how to get sa-learn to again start learning. Clive --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
Re: [SAtalk] Re: random words spam
David Gibbs said: > [EMAIL PROTECTED] wrote: >> Is there an sa recipe for this latest innovation, with body as follows? > > This spam seems to be designed to bypass bayesian analysis ... and it > appears to work. Almost every piece of spam like this I've seen has the > BAYES_00 rule, which has a negative score. FYI, a well maintained bayes DB should not get BAYES_00 on a significant number of spam, even bayes busters. Here are my bayes stats from my verified spam folder for the last 500 spam which includes many bayes busters: 1 BAYES_00 1 BAYES_10 1 BAYES_40 6 BAYES_44 22 BAYES_50 5 BAYES_56 7 BAYES_60 11 BAYES_70 5 BAYES_80 33 BAYES_90 395 BAYES_99 Most bayes busters score bayes_99. The bayes_10 is a monster.com-like spam, similar to ham I receive. The bayes_00 was a misclassified ham, an image only forward from a friend (doh, gotta fix that one). -- Chris Thielen Easily generate SpamAssassin rules to catch obfuscated spam phrases: http://www.sandgnat.com/cmos/ --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] MSGID_FROM_MTA_SHORT problem
Known problem/bug? http://bugzilla.spamassassin.org/show_bug.cgi?id=2311 If it is not working for you, you can disable the test by setting its score to 0: SCORE MSGID_FROM_MTA_SHORT 0 in your user_prefs, or local.cf depending upon whether you're running as a user or a sysadmin. > -Original Message- > From: Andreas Kotowicz > Sent: Sunday, December 21, 2003 6:56 AM [...] > > I just received an email from a friend that was marked as spam - though > it isn't spam. (I'm using spamassassin 2.61). here are the headers: > > > why is the MSGID_FROM_MTA_SHORT rule getting called? this a normal > outlook client sending out email. --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] a few newbie questions
Couple of things: 1) this SA Talk list can help you more if you attach an example of the offending message, complete with headers (all headers, unchanged). That way we can run it through our collection of tweaked rules, and let you know what's working for us. , 2) Mosie on over to Chris Santerre's "Rules Emporium" at, http://www.merchantsoverseas.com/wwwroot/gorilla/sa_rules.htm and read the FAQ's and such. I highly recommend the collection of hand crafted recipes there. You'll need to concatenate the whole lot and append it onto the end of your .spamassassin/user_prefs file, if you're running SA from a user account, or plunk them into /etc/mail/spamassassin with a .cf file extension, and restart spamd if you're running that. ALWAYS run 'spamassassin --lint' after adding rules and then run a test message through SA to make sure things are working. Adding all those rules (esp. BigEvil, and the From blacklist) *will* slow down SA noticeably. Only do this if you have the spare cpu cycles and memory necessary to handle the increased load. Recommended (by me) rule sets: Big Evil: http://www.merchantsoverseas.com/wwwroot/gorilla/bigevil.cf Popcorn/weeds/backhair: http://www.merchantsoverseas.com/wwwroot/gorilla/popcorn.cf Fred's rules: http://www.merchantsoverseas.com/wwwroot/gorilla/90_FVGT.cf Basic new rules: http://www.merchantsoverseas.com/wwwroot/gorilla/nov2rules.cf Stern's blacklist: http://www.stearns.org/sa-blacklist/sa-blacklist.current Those links will likely change, and new Rules will be added to the Emporirium as time goes on, so it is worth checking the top-level page to see the current state of the art. As well as the Rules Emporium, the SA Wiki page (linked from the Emporium)offers more resources: http://www.exit0.us/index.php > -Original Message- > From: Geoffrey Lane > Sent: Sunday, December 21, 2003 6:54 AM > To: [EMAIL PROTECTED] > Subject: [SAtalk] a few newbie questions > [...] > It's been working fantastic up til now I've been getting alot of mail > lately with random words in the subject and body (eg. "Re: > HQJIYGK, trying to > stick" / "leakage larkin six biconcave infelicitous") from random > IPs /email > addresses. > also in the header it says "X-Spam-Status: No, hits=1.3 required=3.0 > tests=HTML_20_30,HTML_IMAGE_ONLY_08, HTML_MESSAGE autolearn=no > version=2.60" > i've already tried using "use_bayes", "bayes_auto_learn" with "1" > switch to > turn it on.. Am I missing anything else? > --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
[SAtalk] ... SA 2.61 eats mails ...
Hello list, i've got a serious problem on my hand. Having installed postfix i set up SpamAssassin and it perfectly worked until 2 days ago. I believe, I changed nothing important but suddenly the mails piped from spamassassin through sendmail to run into the appropiate mailboxes are deleted the instance they arrive in the mailbox-file. anyone had similar problems ? Regards Kai Michael Poppe, [EMAIL PROTECTED] --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
Re: [SAtalk] Provider issue
On Sat, Dec 20, 2003 at 12:29:26PM +0100, Erik van der Meulen wrote: > Now I thought of the following scenario: > If I filter my incoming mail first with: > spamassassin -d > in order to get 'vanilla' messages (remove signs of my ISP's check) and > consecutively do a normal SA spam-check as I used to. > Would anyone be able to comment on this if it is possible and safe? And > what procmail lines would be best to accomplish this. That would be very > helpful. I am no expert at this and always a little causious when live > mail is involved... With some invaluable assistance I have managed to come up with: :0fw: spamassassin.lock | /usr/local/bin/spamassassin -d :0fw: spamassassin.lock | /usr/local/bin/spamassassin :0: * ^X-Spam-Status: Yes $MAILDIR/spam.incoming which seems to do exactly what I want. Remaining question still is: am I safe in using spamassassin this way? Thanks for any comments! -- Erik van der Meulen <[EMAIL PROTECTED]> --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
[SAtalk] Re: random words spam
[EMAIL PROTECTED] wrote: Is there an sa recipe for this latest innovation, with body as follows? This spam seems to be designed to bypass bayesian analysis ... and it appears to work. Almost every piece of spam like this I've seen has the BAYES_00 rule, which has a negative score. Almost all the spam of this nature seems to include just a link to an image on a few specific domains. As such, I've added a new rule that puts a very high score on any spam that includes that URL ... uri BAYES_BUSTER /rx359|2004hosting|53X|openseed|er5hdh|quickforms/i describe BAYES_BUSTER Trying to bypass BAYES score BAYES_BUSTER 10.0 The high score is designed to negate the low baysian score. I'm not sure if this is the best aproach, but it seems to be working for me. david -- | Internet: [EMAIL PROTECTED] | WWW: http://david.fallingrock.net | | We're not in the middle of nowhere... | we're on the outskirts of everywhere! | | - DMRoth (adapted) --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
[SAtalk] spamd timeouts
Every now and then a spam slips through with no header markups. I finally tracked some of these down and found that spamd took so long to finish that spamc finally timed out. (In this case, 742 seconds.) I'm not sure what causes this. I'm running 2.60, and I thought that very slow RBLs were handled so as to avoid this. The machine wasn't particularly busy, but resource contention is always possible, especially if there is a burst of spam. I once suggested a header be added to show a timeout, and was told that it was beyond the scope of the spamc logic. How about just a log message? Something to help distinguish between a legit false negative and a resource problem. -- Jack Gostl [EMAIL PROTECTED] --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
[SAtalk] random words spam
Is there an sa recipe for this latest innovation, with body as follows? pique tantrum bob deduce bizarre proscribe tropopause amtrak goal canst fool earphone anisotropic horrify casein traversable anion cell stolen contact uproot descent Thanks Newbie question - how do I automatically have my spamassassin updated with the latest recipes (like my virus scanner is for example)? -- Eric Smith --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
[SAtalk] MSGID_FROM_MTA_SHORT problem
Hi, I just received an email from a friend that was marked as spam - though it isn't spam. (I'm using spamassassin 2.61). here are the headers: MIME-Version: 1.0 Content-Type: multipart/related; boundary="=_NextPart_000_0075_01C3C7D9.80663B40" X-Mailer: Microsoft Office Outlook, Build 11.0.5510 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Thread-Index: AcPFM9XyuEibfAfnTWy65oaIWFYIeABz6R3A Message-Id: <[EMAIL PROTECTED]> X-Spam-Status: Yes, hits=5.2 tagged_above=0.1 required=5.0 tests=BAYES_00, HTML_60_70, HTML_FONTCOLOR_BLUE, HTML_FONTCOLOR_RED, HTML_FONT_BIG, HTML_IMAGE_ONLY_10, HTML_MESSAGE, MSGID_FROM_MTA_SHORT, RCVD_IN_DYNABLOCK, RCVD_IN_NJABL, RCVD_IN_NJABL_DIALUP, RCVD_IN_SORBS X-Spam-Level: * X-Spam-Flag: YES why is the MSGID_FROM_MTA_SHORT rule getting called? this a normal outlook client sending out email. thanks, andreas --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
[SAtalk] a few newbie questions
I would like to increase the accuracy of my spamassassin rules... First I have used kmail and piped my mail through the standard "/usr/bin/spamassassin" without any switches if size of message is less than 250kb and my next rule filters the mail with a X-Spam-Status: YES header to filter to a mbox from a standard .rpm install from binaries off www.spamassassin.org. It's been working fantastic up til now I've been getting alot of mail lately with random words in the subject and body (eg. "Re: HQJIYGK, trying to stick" / "leakage larkin six biconcave infelicitous") from random IPs /email addresses. also in the header it says "X-Spam-Status: No, hits=1.3 required=3.0 tests=HTML_20_30,HTML_IMAGE_ONLY_08, HTML_MESSAGE autolearn=no version=2.60" i've already tried using "use_bayes", "bayes_auto_learn" with "1" switch to turn it on.. Am I missing anything else? I've been looking at the http://spamassassin.org/tests.html to increase accuracy and number to tests performed from ~/.spamassassin/user_prefs but I'm confused... It says that there are 4 settings (local, net, with bayes, with bayes+net) I want bayes+net/net but do I use the interger numbers eg. REMOVE_IN_QUOTES 0.001 0.187 0.001 0.001 which I would use 0.001, 0.187 ?? or do I just add a "1" to switch that test on!?! I would appreciate and welcome any and all suggestions, hints or info that will answer my questions and/or make my hits more accurate and more spam being filtered... P.S. I have also tried using sa-learn --spam on folder but it did not "learn" any new email + I will be upgrading my version to latest later today. Thanks for your time, Freeballer -- .-. /v\L I N U X // \\ >Penguins are your friend< /( )\ ^^-^^ --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk