[SAtalk] amavislogsumm
Hi, i wrote a litle Perlscript. It counts detected Spam and Viruses from amavis.log and creates a litle report about Spam by Sender Spam by Recipient If you are interested you can download it from: http://homepages.hs-bremen.de/~renegat/amavislogsumm regards sascha --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
[SAtalk] Local rules apparently not working
Title: Message Hi - Apologies for what is probably an awful newbie blunder, but... I have installedMailScanner with SpamAssassin (no spamd) on RedHat Linux, and now I'm trying to get some local rules going, so I edited /etc/mail/spamassassin/local.cf to contain lines like the following: body RMRTEST /queen/idescribe RMRTEST temporary test of local configscore RMRTEST 1.0 and sent a test message with the wordqueen in it. However, the rule has not been triggered despite my best efforts, including - linking to /etc/mail/spamassassin/local.cf from /usr/share/spamassassin/99_local.cf - copying /etc/mail/spamassassin/local.cfto /usr/share/spamassassin/99_local.cf each time re-starting MailScanner (and I believe by implication SpamAssassin, since it runs as part of MailScanner rather than as a separate process) and sendmail. I'm sure I'm missing something obvious - but what? Thanks Richard The information in this email is confidential and is intended solely for the addressee. Access to this email by anyone else is unauthorised. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, except for the purpose of delivery to the addressee, is prohibited and may be unlawful. Kindly notify the sender and delete the message and any attachment from your computer.
[SAtalk] Hello, new to list ! :-)
Hello list ! I am kinda new here chaps, so please bare with me. A simple question (which I didn't pose on the xmail forum in case I get flamed/cursed) :-) From what it seems, one must let spamassassin know of what to filter as spam mail; So far so good. It also looks like one has to invoke a special format of expressions (regex's?) to the .cf file living under /etc/mail/spamassassin/local.cf Would anyone out there bother giving me a real-world example for a simple spam mail message ? It would help me if I could have a look on the filter expression and the actuall mail, so I could (probably) create something relevant. Any ideas ?? TIA, Spyros Tsiolis - I merely function as a channel that filters music through the chaos of noise - Vangelis _ Add photos to your e-mail with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
[SAtalk] This spam scores too low
Hi all, in the last view days I experienced some (for me) strange kind of spam. The first part of the email is a random text (that's what I see in my email client when opening the email): snip embedding rose abalone freedman havana bayport regretful menlo gate blomquist force parasitic infelicity crayon insidious brasilia pinsky noel priestley fried praiseworthy gimmick even /snip Makes no sense to me at all ;-) And besides that, there is a html part with an ad section (scrambled letter words) and below that an irritating set of words. Is there any way to get rid (say: score 5) of those mails with SA? Some rules? I have SA 2.61 and the latest Bigevel rules installed. Best regards, Jürgen ps. Here is the email source Return-Path: [EMAIL PROTECTED] Received: from mailserver ([unix socket]) (authenticated user=cyrus bits=0) by mailserver (Cyrus v2.1.16) with LMTP; Wed, 21 Jan 2004 11:04:46 +0100 X-Sieve: CMU Sieve 2.2 Return-Path: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] Received: by mailserver.example.com (Postfix, from userid 65534) id 1F70F60441F; Wed, 21 Jan 2004 11:04:46 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by mailserver.example.com (Postfix) with ESMTP id 0A0806042D6; Wed, 21 Jan 2004 11:04:44 +0100 (CET) Received: from mailserver.example.com (localhost [127.0.0.1]) by localhost (AvMailGate-2.0.1) id 23887-263A9B8D; Wed, 21 Jan 2004 11:04:44 +0100 Received: from pD954857A.dip.t-dialin.net (pD954857A.dip.t-dialin.net [217.84.133.122]) by mailserver.example.com (Postfix) with SMTP id AED3A6042D6; Wed, 21 Jan 2004 11:04:11 +0100 (CET) Received: from [104.221.238.124] by 66.41.127.38 with HTTP; Wed, 21 Jan 2004 03:14:44 -0700 From: Ruth Walden [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: kirchner acquaint sanctify acrobatic Mime-Version: 1.0 X-Mailer: animadversion Date: Wed, 21 Jan 2004 06:14:44 -0400 Reply-To: Ruth Walden [EMAIL PROTECTED] Content-Type: multipart/alternative; boundary=5846461431537959 Message-Id: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.61-myrulesjrp20040121 (1.212.2.1-2003-12-09-exp) on mailserver.example.com X-Spam-Level: ** X-Spam-Status: No, hits=2.6 required=5.0 tests=FORGED_HOTMAIL_RCVD2, HTML_MESSAGE autolearn=no version=2.61-myrulesjrp20040121 embedding rose abalone freedman havana bayport regretful menlo gate blomquist force parasitic infelicity crayon insidious brasilia pinsky noel priestley fried praiseworthy gimmick even HTML part !DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.0 Transitional//EN HTMLHEAD TITLEMessage/TITLE META content=MSHTML 6.00.2800.1276 name=GENERATOR/HEAD BODY DIV!-- Converted from text/plain format --FONT face=Arial size=2 pHi,br br Genierc and Sepur Viarga (Caiils) available onlnie!br Most trsuted onilne source!br br br Cilais or (Spuer Vagira)br takes afefct right away amp; lasts 24-36 huors!br A HREF=http://www.qwhhjaak.gjoovm.com=www.qaoy.oxunz.butetoit.com/cv/?AFF_ID =cv0119rzcxctqhu=mnxbFOR SUEPR VAIRGA TOCUH HERE/abr br br Genierc Virgaabr costs 60% less! save a lot of $.br A HREF=http://www.kghhakaat.qyhpi.com=www.emqdxl.bkted.butetoit.com/cv/?AFF_ ID=cv0119fppnboy=getnFOR VIGARA TOCUH HERE/abr br br Both prudocts shipped dicsretely to your doorbr br br br br br br br br br br A HREF=http://www.tzelxglc.rqxinuh.com=www.zgahucwbdj.bcfr.butetoit.com/home page/?mrfzabrpbv=oqajNot itnreseted/abr/FONT/DIV/BODY/HTML maximilian scant durham grim euterpe palestinian pastiche peaceful gary ineducable jubilant alamo rickshaw hercules br gratis hippopotamus imbecile illicit invade fulsome print blizzard pivot brocade elate bureaucracy auberge geography chang infinity plaster decay br sextuplet belgrade emile coruscate borneo imaginate barbecue maybe patio erudition br bright cry beck calm footprint chiropractor evidential alberta amphibian lucerne grille aristotle glycerol sec cambridge pertain br crucial armenian elliot bittern copybook demit allotropic grope ecumenist fujitsu infallible complainant nauseum mellon scaffold francoise fragmentary puerto flurry impermissible bounce access agony healy faint modulus sandusky backbone biltmore exclusion lexicon antiperspirant chart forward acton epsilon chariot efflorescent br preferred commensurable azimuth mini bullock jot impelling cultural curvaceous backstitch endemic convect limbo dot exploitation coppery colorado deport bunyan arteriole cleric fluid astute contraption captive ganglion calm br enterprise harrisburg lawmake citroen axolotl edwin herdsman chronicle escheat brant configure epitaxial handline bulb fbi br pile derogate livery clamber pickup grantee hypochlorous gossip jurisprudent define egypt inaccessible farsighted basepoint poll prevention hairdo d'art moines eastbound circumcircle br citric mercenary credential ashame middletown demote penultimate headset paulo bicep coke occurred br annum berlioz eager bromide dobbin curia
[SAtalk] Recieved From database
It would be nice if one could take into account a Spam probability also based from the originating Received From: header lines. I.e. I would want to have a whitelist of known good mail servers and assign them a negative score test value and a have a blacklist which is assigned a positive score. Is this possible? Cheers, Chris --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
Re: [SAtalk] Local rules apparently not working
At 10.48 21/01/2004 +, ROGERS Richard wrote: each time re-starting MailScanner (and I believe by implication SpamAssassin, since it runs as part of MailScanner rather than as a separate process) and sendmail. I'm sure I'm missing something obvious - but what? MailScanner uses it's own config file for SpamAssassin. Usually it's spam.assassin.prefs.conf under /etc/MailScanner dir. I suggest link this file to /etc/mail/spamassassin/local.cf so you have only one file to look at BTW, you don't need to restar MailScanner when you change something in local.cf or when you add a new .cf file in /etc/mail/spamassassin Bye, Gio. -- System Engineer @ Reitek S.p.A. [EMAIL PROTECTED]
Re: [SAtalk] amavislogsumm
* Jim Knuth ([EMAIL PROTECTED]) wrote: Hallo und guten Tag Sascha, danke für die Email, die Du am 21.01.2004 um 11:07 schriebst - you wrote: Hi, i wrote a litle Perlscript. It counts detected Spam and Viruses from amavis.log and creates a litle report about Spam by Sender Spam by Recipient If you are interested you can download it from: http://homepages.hs-bremen.de/~renegat/amavislogsumm danke. Was bedeuten denn die Optionen/Anweisungen? --snip usage: amavislogsumm [-d today|yesterday] [-h cnt] [file] --snap cnt is the number of lines listet in every section. All parameters are optional. Without a logfile as Parameter amavislogsumm read from stdin. Example: amavislogsumm -d today -h 3 /var/log/amavis.log regards sascha --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] Local rules apparently not working
Title: Message That's got it working - about as basic as I thought ;-) Thanks (or should I say grazie?) Richard -Original Message-From: Giovanni Carbone [mailto:[EMAIL PROTECTED] Sent: 21 January 2004 11:24To: [EMAIL PROTECTED]Subject: Re: [SAtalk] Local rules apparently not workingAt 10.48 21/01/2004 +, ROGERS Richard wrote: each time re-starting MailScanner (and I believe by implication SpamAssassin, since it runs as part of MailScanner rather than as a separate process) and sendmail.I'm sure I'm missing something obvious - but what?MailScanner uses it's own config file for SpamAssassin.Usually it's spam.assassin.prefs.conf under /etc/MailScanner dir. I suggest link this file to /etc/mail/spamassassin/local.cf so you have only one file to look atBTW, you don't need to restar MailScanner when you change something in local.cf or when you add a new .cf file in /etc/mail/spamassassinBye,Gio. -- System Engineer @ Reitek S.p.A.[EMAIL PROTECTED] The information in this email is confidential and is intended solely for the addressee. Access to this email by anyone else is unauthorised. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, except for the purpose of delivery to the addressee, is prohibited and may be unlawful. Kindly notify the sender and delete the message and any attachment from your computer.
Re: [SAtalk] This spam scores too low
Hi Jürgen! you need some rules for SA which can detect obfuscated spellings of those keywords like vagira, cilais a.s.o. heres a sample rule i normally use for such words body MY_OBF1 /((?!*censored*)(?:(?:[EMAIL PROTECTED]|@])|(?:v\W*[i|1]\W*[a|@]\W*g\W*r\W*[a|@])))/i describe MY_OBF1 body: contains obfuscated keyword *censored* score MY_OBF1 1.0 this rule would catch many many spellings (but surely not all) of *censored* which i'm not allowed to post on this list. :S drawback is that those rules are hard to write, i'm thinking about coding a template that can generate such rules out of keywords. or is there such a thing already? Jürgen R. Plasser wrote: Hi all, in the last view days I experienced some (for me) strange kind of spam. The first part of the email is a random text (that's what I see in my email client when opening the email): snip embedding rose abalone freedman havana bayport regretful menlo gate blomquist force parasitic infelicity crayon insidious brasilia pinsky noel priestley fried praiseworthy gimmick even /snip Makes no sense to me at all ;-) And besides that, there is a html part with an ad section (scrambled letter words) and below that an irritating set of words. Is there any way to get rid (say: score 5) of those mails with SA? Some rules? I have SA 2.61 and the latest Bigevel rules installed. Best regards, Jürgen ps. Here is the email source Return-Path: [EMAIL PROTECTED] Received: from mailserver ([unix socket]) (authenticated user=cyrus bits=0) by mailserver (Cyrus v2.1.16) with LMTP; Wed, 21 Jan 2004 11:04:46 +0100 X-Sieve: CMU Sieve 2.2 Return-Path: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] Received: by mailserver.example.com (Postfix, from userid 65534) id 1F70F60441F; Wed, 21 Jan 2004 11:04:46 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by mailserver.example.com (Postfix) with ESMTP id 0A0806042D6; Wed, 21 Jan 2004 11:04:44 +0100 (CET) Received: from mailserver.example.com (localhost [127.0.0.1]) by localhost (AvMailGate-2.0.1) id 23887-263A9B8D; Wed, 21 Jan 2004 11:04:44 +0100 Received: from pD954857A.dip.t-dialin.net (pD954857A.dip.t-dialin.net [217.84.133.122]) by mailserver.example.com (Postfix) with SMTP id AED3A6042D6; Wed, 21 Jan 2004 11:04:11 +0100 (CET) Received: from [104.221.238.124] by 66.41.127.38 with HTTP; Wed, 21 Jan 2004 03:14:44 -0700 From: Ruth Walden [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: kirchner acquaint sanctify acrobatic Mime-Version: 1.0 X-Mailer: animadversion Date: Wed, 21 Jan 2004 06:14:44 -0400 Reply-To: Ruth Walden [EMAIL PROTECTED] Content-Type: multipart/alternative; boundary=5846461431537959 Message-Id: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.61-myrulesjrp20040121 (1.212.2.1-2003-12-09-exp) on mailserver.example.com X-Spam-Level: ** X-Spam-Status: No, hits=2.6 required=5.0 tests=FORGED_HOTMAIL_RCVD2, HTML_MESSAGE autolearn=no version=2.61-myrulesjrp20040121 embedding rose abalone freedman havana bayport regretful menlo gate blomquist force parasitic infelicity crayon insidious brasilia pinsky noel priestley fried praiseworthy gimmick even HTML part !DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.0 Transitional//EN HTMLHEAD TITLEMessage/TITLE META content=MSHTML 6.00.2800.1276 name=GENERATOR/HEAD BODY DIV!-- Converted from text/plain format --FONT face=Arial size=2 pHi,br br Genierc and Sepur Viarga (Caiils) available onlnie!br Most trsuted onilne source!br br br Cilais or (Spuer Vagira)br takes afefct right away amp; lasts 24-36 huors!br A HREF=http://www.qwhhjaak.gjoovm.com=www.qaoy.oxunz.butetoit.com/cv/?AFF_ID =cv0119rzcxctqhu=mnxbFOR SUEPR VAIRGA TOCUH HERE/abr br br Genierc Virgaabr costs 60% less! save a lot of $.br A HREF=http://www.kghhakaat.qyhpi.com=www.emqdxl.bkted.butetoit.com/cv/?AFF_ ID=cv0119fppnboy=getnFOR VIGARA TOCUH HERE/abr br br Both prudocts shipped dicsretely to your doorbr br br br br br br br br br br A HREF=http://www.tzelxglc.rqxinuh.com=www.zgahucwbdj.bcfr.butetoit.com/home page/?mrfzabrpbv=oqajNot itnreseted/abr/FONT/DIV/BODY/HTML maximilian scant durham grim euterpe palestinian pastiche peaceful gary ineducable jubilant alamo rickshaw hercules br gratis hippopotamus imbecile illicit invade fulsome print blizzard pivot brocade elate bureaucracy auberge geography chang infinity plaster decay br sextuplet belgrade emile coruscate borneo imaginate barbecue maybe patio erudition br bright cry beck calm footprint chiropractor evidential alberta amphibian lucerne grille aristotle glycerol sec cambridge pertain br crucial armenian elliot bittern copybook demit allotropic grope ecumenist fujitsu infallible complainant nauseum mellon scaffold francoise fragmentary puerto flurry impermissible bounce access agony healy faint modulus sandusky backbone biltmore exclusion lexicon antiperspirant chart forward acton epsilon chariot
Re: [SAtalk] [OT] - The current state spam.
On Tue, 2004-01-20 at 18:28, Fred wrote: I can not imagine what it would be like to work for an abuse dept. at an internet company and receive hundreds or thousands of complaints about customers computers being hijacked or turned into spam zombies. Non-original joke: I think that job is usually assigned to /Dave/Null. -- AltGrendel [EMAIL PROTECTED] --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
Re: [SAtalk] SpamAssassin checks on Received headers (and RBL's such as RCVD_IN_SORBS)
At 04:33 PM 1/20/04 +0100, Ralf Vitasek wrote: i tested many things with the trusted users settings and googled around but i had no luck so far. except that i stumbled on a posting from this lists archive that makes me think that something is broken and that it would be fixed in the upcoming 2.7 version of SA. i can't say i fully understand the concept of the trusted_networks and when it is supposed to perform the RBL checks. Theoreticaly trusted_networks should have nothing to do with it. It's an unrelated setting, with an unrelated behavior. However, this is a bug we are talking about, and bugs are strange at times. However most people afflicted with this bug are fixed by declaring a trusted_networks (note this is NOT just nated servers. Multi-IPed servers are affected sometimes too, and other non-simple setups) . As a work-around, just TRY it.. Just add this to your local.cf trusted_networks 1.1.1.1/32 Replace 1.1.1.1 with the IP address of your mailserver (yes, this IS going to be one of the IP addresses of one of the interfaces on the machine running SA in most cases) It's not a proper fix, as you shouldn't need to declare a trusted_networks unless you're using multiple hops in your own network. However it's not going to break your config, theoreticaly trusted_networks should contain this information automatically, you're just forcing it. --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
Re: [SAtalk] Hello, new to list ! :-)
Hi, On Wed, 21 Jan 2004 10:51:12 + Spyros Tsiolis [EMAIL PROTECTED] wrote: Hello list ! I am kinda new here chaps, so please bare with me. A simple question (which I didn't pose on the xmail forum in case I get flamed/cursed) :-) This list is usually civil, probably the most polite of any of the anti-spam lists I'm on. Don't suggest that SpamAssassin should delete mail automatically and you'll be fine. :) From what it seems, one must let spamassassin know of what to filter as spam mail; So far so good. Just pipe mail through SpamAssassin and SA will analyze and tag it. If you're using the Bayesian analyzer, you should train it with sa-learn using spam and non-spam (ham) messages that you've manually verified and sorted. SA will learn automatically but autolearning is cautious and therefore slow. It also looks like one has to invoke a special format of expressions (regex's?) to the .cf file living under /etc/mail/spamassassin/local.cf Only if you need custom rules. See 'perldoc -U Mail::SpamAssassin::Conf' for the official documentation. Would anyone out there bother giving me a real-world example for a simple spam mail message ? It would help me if I could have a look on the filter expression and the actuall mail, so I could (probably) create something relevant. Any ideas ?? There are a few rule writing guides available: http://mywebpages.comcast.net/mkettler/sa/SA-rules-howto.txt http://www.intuitive.com/spam-assassin-rule-help.html (roughly the same material but a little easier to read) You'll find a lot of custom rules and rule-writing guidance on http://www.exit0.us, too. hth, -- Bob --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
Re: [SAtalk] This spam scores too low
At 11:56 AM 1/21/04 +0100, Jürgen R. Plasser wrote: Is there any way to get rid (say: score 5) of those mails with SA? Some rules? I have SA 2.61 and the latest Bigevel rules installed. Well, antidrug is a good start. http://mywebpages.comcast.net/mkettler/sa/antidrug.cf --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
Re: [SAtalk] bayes should ignore habeas headers?
At 12:37 AM 1/21/04 -0500, Pedro Sam wrote: My question, should bayes ignore the habeas headers by default? Perhaps not by default, but right now it's probably a good idea. In general, any sudden shift of behavior from something commonly seen only in nonspam to commonly seen in both causes trouble for bayes. The current SWE situation is only a problem because it is scored based on the history of SWE. If I started a fresh new bayes database today and trained it with only fresh email, the SWE headers would be learned as a neutral token. --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
Re: [SAtalk] [OT] - The current state spam.
AltGrendel wrote: On Tue, 2004-01-20 at 18:28, Fred wrote: I can not imagine what it would be like to work for an abuse dept. at an internet company and receive hundreds or thousands of complaints about customers computers being hijacked or turned into spam zombies. Non-original joke: I think that job is usually assigned to /Dave/Null. grumble That's what I'm all worked up about. If these large broadband providers were more pro-active a lot of things would be different. Take the following events for example: Massive DDOS attacks which take down large sites like yahoo.com and many others. Massive Habeas forgery causing mass-confusion on why people are seeing spam. (majority cable / dsl zombies) Preventing those people who choose to use our computers without our permission and knowledge. Most people I know have to pay for their cable DSL connection and they pay way too much money for it. Maybe a simple solution would to be making the cable / dsl customers receive a new IP address every 2 hours? I am sure this will anger many but would make spam advertised sites go down much faster. Give all cable / dsl a private IP address and allow real IP if requested. Those who are not familiar with the internet tend to get themselves into trouble by accident. Protected behind a private IP would protect them from many of the issues I'm upset about. That alone would have helped to prevent spread of Blaster type worms. Why leave un-knowing people in front of the defenses when they don't even know a war is being waged. From a litle research I find that cable dsl are being used for hosting the spam content as well as DNS hosting for their domains and also for sending the spam messages. If we take out that massive source of zombies the spammers would be in deep trouble. They would be force to pay for hosting, or hack into companies / schools which would make them more likely to be caught. Or funnier yet, hack modems for hosting, that'll be the day! If I'm going after a website for spamming me I target the following in order: Step 1: Whois records, against valid contact information. Many registrars say they will suspend a domain for invalid contact records. Step 2: Next comes DNS servers. Check the domain name on the dns servers and attempt step 1. Step 3: Netblock of website. Most times I find a massive listing of cable / dsl zombies used for hosting website. Step 4: Netblock of DNS provider. Same results of step 3 found. Step 5: Get mad and give up. Re-think attack and plan new methods. /grumble Frederic Tarasevicius --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
Re: [SAtalk] 'spamassassin -d' not stripping SA reports from email
At 10:41 PM 1/20/04 -0600, C. Bensend wrote: Is the problem that I'm _forwarding_ the tagged emails from one host to the other? I don't have the capability to bounce, I can only forward. A forwarded message is a brand new message. That brand new message is NOT sa tagged, even though it may contain some SA markups because the other message was tagged. Once you've forwarded a message, there's generaly no way to reconstruct the original. All new headers are created, Mime sections are changed, the body is modified with things like forwarded message from, you mailclient may wind up re-encoding the HTML, etc. To a reader, it looks a lot the same, but to a mailer, it bears little resemblance to the original. --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
[SAtalk] Another one for BigEvil
Sneaky bastard... got through with a 4.7 -- Rubin Bennett [EMAIL PROTECTED] RB Technologies ---BeginMessage--- Page loading Image not loading? View message here.Discontinue iJadp0tVrCS/91fN6/XSvXW0yL/QI1S0R9f/xKf7i/oMe1w/ dlfx ytou, xjjk, biieve . cpsd aflrkw kmwdc, tcb, owf . ejujzy rbhti ktskd, iil, bnd . dance zpyzpp yiju, ene, vosgot . rbzr dwoe medd, dlsy, xnngib . ppu ixlam ycvlqb, tiugb, nah . gpb gsbr yednxd, tqiwhb, diiz . igwq zxesax bbyozd, utpscr, fbhewr . uik foq llj, lzp, gljwe . pdt laocm myhu, zcz, lqx . fns woxk cexp, mus, grgafh . hrpxq eduxbk mqzqn, wbk, arhir . pwui tynx hvftrt, slzj, atxd . hle dcs nlmcip, fwfzrq, cpcl . ylvks qolsi itlk, cwjbdi, tbxlg . det onkfd zlxhg, skoqt, vdkoeh . kpeo gfarke lrot, ynimf, cago . mvq mwnz sawe, nqz, lxby . ndkr sftf lepkr, pmqns, akydv . evftyr dmqzrv xmwqc, cvyxta, rffr . cwdbpq bifud rpo, scm, ajidtc . atu pzf poixv, dnwse, mgq . icklxm xfqbw jegz, furii, dotp . jrc dokpmh eluvw, dvn, pevzt . nmr vikjna eofasq, pmx, jke . oba bnvt sdhd, jzvzey, wwgk . atdgtt tcjhz esi, vzyw, xcwqy . yimyds xlq qaz, gfjo, hps . orgk gffpsf mmrzc, pejhn, qblx . edhv rfrxkg qbfeue, ewpod, fvf . vywaf lzz yllpd, whias, wjdb . kzscwr wyvh wlxhyo, okuzlm, jvrni . odfk ggwdp zctjd, ursoq, dgra . glcuok msmiw exfy, kicca, uiwb . wahjfd pjjhxs awdh, lseow, hqpd . sbwb bekqpw mofo, ivltp, hlwo . ntzfv igwmso oopetd, dbcwst, eswkf . jnnfv dknunc fgdkz, nde, xkkpj . wzf mmhh twmiy, nhzyg, nmltjy . ahby jkwvr nmbz, avijw, pdvdr . opwoya gjzceq ucit, krg, polvmo . ddd tbdijm ltzunb, iap, iirxvm . kyqp ticx njayca, rdy, dnb . yslte feq hjf, gyysyw, aso . rojgp ekka khvae, kjo, jmm . ljid owlx cxjmhl, stas, ceiszr . lasukx yueyzj iveuay, arof, yxwpei . wccu cqc plx, jetl, kov . tty ppv hrej, cndgqu, nud . pqwa raxkb cql, xehi, lwxsm . mbm vdhr miglvh, zxmc, rmfj . bipp btoso chxor, bood, mpql . eqtbu tlewe runtbm, vskjgn, ufrf . vyhy lrf omkfgz, kmj, etqmjp . qgod omcixt njczq, zqulz, rvsfgj . wsd vrox ltq, csa, czjx . lydgs mexiw jrvxr, lknlmh, hkkrhw . hbkam glgcn vipoga, vlndx, njn . ipd zfxxni pxvnik, okcl, powjdg . zqof qmznah rhoe, agfm, qjz . gkiojk yrf dgd, qwxxkd, klryv . iuoq zgqj oar, fak, qgkntp . fbsewb tqe pkqaw, cpnhpx, fgg . bwv zpm taqj, sas, couegj . vjkd szqo ypmlnf, fqsask, ubha . qogz ---End Message--- signature.asc Description: This is a digitally signed message part
Re: [SAtalk] Hello, new to list ! :-)
On Wed, 21 Jan 2004, Spyros Tsiolis wrote: Hello list ! Hello. I am kinda new here chaps, so please bare with me. A simple question (which I didn't pose on the xmail forum in case I get flamed/cursed) :-) From what it seems, one must let spamassassin know of what to filter as spam mail; So far so good. It also looks like one has to invoke a special format of expressions (regex's?) to the .cf file living under /etc/mail/spamassassin/local.cf Spamassassin is already configured to filter spam, the local.cf is for customization. You will find thousands of examples of regular expressions in your /usr/share/spamassassin directory. You will also find loads of rules covering recent trends here http://www.merchantsoverseas.com/wwwroot/gorilla/sa_rules.htm http://kepler.acns.bethel.edu/~bjn/spamassassin/ http://www.emtinc.net/spamhammers.htm There is also this list. Would anyone out there bother giving me a real-world example for a simple spam mail message ? I don't know what to say here. Simply firing up the mail server should provide you will all the real world examples that you could ever hope for. Brad --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
Re: [SAtalk] Hello, new to list ! :-)
This list is usually civil, probably the most polite of any of the anti-spam lists I'm on. Don't suggest that SpamAssassin should delete mail automatically and you'll be fine. :) And don't top-post. :) It also looks like one has to invoke a special format of expressions (regex's?) to the .cf file living under /etc/mail/spamassassin/local.cf Only if you need custom rules. See 'perldoc -U Mail::SpamAssassin::Conf' for the official documentation. I'm pretty new too, and I'd like some clarification about what is stock in SA and what's custom. I see various rules suggested here and names like BigEvil and MrWiggly etc. I'm not sure what the flow is here - Do some of these things get incorporated into SA eventually? IOW, how do I tell what to incorporate into my local.cf and what to simply wait for to be included in a regular release. That's probably not asked quite right, but I think you see the idea? One other question - It seems like most of you get rid of most spam with a cutoff value of 5? I've got mine down to 2.4 right now. This works pretty well, with only an occasional ham getting through. I suspect that mine is this low because I haven't been SA-learning much...?? If I set it at 5.0, lots would be getting through. Is this the usual? IOW, as my system learns more, I will be able to raise the cutoff? tnx - John --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
Re: [SAtalk] 'spamassassin -d' not stripping SA reports from email
A forwarded message is a brand new message. That brand new message is NOT sa tagged, even though it may contain some SA markups because the other message was tagged. Ah, that would certainly explain it. Thanks for the info, Matt. :) I'll just have to figure out some other way of doing it, I suppose. Benny -- Have you ever tried simply turning off the TV, sitting down with your children, and hitting them? -- Bender, Futurama --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
[SAtalk] Upgrading from 2.60 to 2.63
Hello All, Here is a question that might seem easy to most. I am running spamassassin 2.60 and would like to upgrade to 2.63. What are some of the issues that I have to be aware of? I am fairly new to spamassassin and I would like a seemless upgrade to ensure that I do not ruin the current setup I currently have. Thanks Spam Administrator (Bryan) --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
[SAtalk] Spelling mistakes in spam
Title: Spelling mistakes in spam Hi, We've been looking and trialling No Spam Today which is based upon spamassasin. When we first tried it, it was catching probably 99% of all spam. However, over the past three months this figure has decreased noticeably. It appears to be because spammers are spelling words incorrectly - sometimes completely misspelled but recognisable to a human reader. Does this call into doubt the validity of word/phrase blocking as used in spamassasin? Regards, Rob.
RE: [SAtalk] [OT] - The current state spam.
-Original Message- From: Fred [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 21, 2004 9:39 AM To: AltGrendel; Spamassassin-Talk (E-mail) Subject: Re: [SAtalk] [OT] - The current state spam. AltGrendel wrote: On Tue, 2004-01-20 at 18:28, Fred wrote: I can not imagine what it would be like to work for an abuse dept. at an internet company and receive hundreds or thousands of complaints about customers computers being hijacked or turned into spam zombies. Non-original joke: I think that job is usually assigned to /Dave/Null. grumble That's what I'm all worked up about. If these large broadband providers were more pro-active a lot of things would be different. Take the following events for example: Massive DDOS attacks which take down large sites like yahoo.com and many others. Massive Habeas forgery causing mass-confusion on why people are seeing spam. (majority cable / dsl zombies) Preventing those people who choose to use our computers without our permission and knowledge. Most people I know have to pay for their cable DSL connection and they pay way too much money for it. Maybe a simple solution would to be making the cable / dsl customers receive a new IP address every 2 hours? I am sure this will anger many but would make spam advertised sites go down much faster. Give all cable / dsl a private IP address and allow real IP if requested. Those who are not familiar with the internet tend to get themselves into trouble by accident. Protected behind a private IP would protect them from many of the issues I'm upset about. That alone would have helped to prevent spread of Blaster type worms. Why leave un-knowing people in front of the defenses when they don't even know a war is being waged. From a litle research I find that cable dsl are being used for hosting the spam content as well as DNS hosting for their domains and also for sending the spam messages. If we take out that massive source of zombies the spammers would be in deep trouble. They would be force to pay for hosting, or hack into companies / schools which would make them more likely to be caught. Or funnier yet, hack modems for hosting, that'll be the day! If I'm going after a website for spamming me I target the following in order: Step 1: Whois records, against valid contact information. Many registrars say they will suspend a domain for invalid contact records. Step 2: Next comes DNS servers. Check the domain name on the dns servers and attempt step 1. Step 3: Netblock of website. Most times I find a massive listing of cable / dsl zombies used for hosting website. Step 4: Netblock of DNS provider. Same results of step 3 found. Step 5: Get mad and give up. Re-think attack and plan new methods. /grumble Frederic Tarasevicius I also try the same. Some ISPs are useless to try to talk to, Above.net. THey will end up blacklisting the complainee! (Is that a word?) :) I'm trying to find some stats on spam origins. Particularly by ISP. I see very little spam coming from cox.net cable modems vs. a buttload from Comcast. Would be nice to know the biggest ones and start a movement one at a time to get this problem fixed. If I've learned anything from this list, its a group has a far better chance of getting things done then 1 person. Consider me with you Fred. --Chris --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
[SAtalk] Spamassassin on Suse 9.0?
Looking at changing from Redhat 9.0 to new hardware and thought given the redhat/fedora support/lifespam issues I'd look at Suse.. seems well regarded, well supported and has newbie-friendly admin tools even in console mode.. Any thoughts on the simplest way of installing spamassassin _and_ keeping it current? On Redhat I used CPAN, no problems with it, guess I'm not 100% sure on the benefits of doing it using CPAN vs RPM. Any other gotchas with Suse and Spamassassin that I should know of? Quick search of the archives didn't turn much up but it may be a case of knowing what to look for.. regards, Paul -- Paul Hutchings Network Administrator, MIRA Ltd. Tel: 44 (0)24 7635 5378, Fax: 44 (0)24 7635 8378 mailto:[EMAIL PROTECTED] --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
Re: [SAtalk] Spelling mistakes in spam
At 09:51 AM 1/21/2004, Nicholson, Rob wrote: We've been looking and trialling No Spam Today which is based upon spamassasin. When we first tried it, it was catching probably 99% of all spam. However, over the past three months this figure has decreased noticeably. It appears to be because spammers are spelling words incorrectly - sometimes completely misspelled but recognisable to a human reader. Does this call into doubt the validity of word/phrase blocking as used in spamassasin? No, because recent versions of spamassassin also use a Bayes engine, which can be quickly trained for these kinds of things. --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] [OT] - The current state spam.
It's not strictly a spam measurement, but www.senderbase.org has excellent real-time lists of outbound mail volume by ISP and IP address. Pierre -Original Message- From: Chris Santerre [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 21, 2004 10:08 AM To: 'Fred'; AltGrendel; Spamassassin-Talk (E-mail) Subject: RE: [SAtalk] [OT] - The current state spam. ... I'm trying to find some stats on spam origins. Particularly by ISP. I see very little spam coming from cox.net cable modems vs. a buttload from Comcast. Would be nice to know the biggest ones and start a movement one at a time to get this problem fixed. If I've learned anything from this list, its a group has a far better chance of getting things done then 1 person. Consider me with you Fred. --Chris --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] [OT] - The current state spam.
-Original Message- From: Chris Santerre [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 21, 2004 10:08 AM To: 'Fred'; AltGrendel; Spamassassin-Talk (E-mail) Subject: RE: [SAtalk] [OT] - The current state spam. -Original Message- From: Fred [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 21, 2004 9:39 AM To: AltGrendel; Spamassassin-Talk (E-mail) Subject: Re: [SAtalk] [OT] - The current state spam. AltGrendel wrote: On Tue, 2004-01-20 at 18:28, Fred wrote: I can not imagine what it would be like to work for an abuse dept. at an internet company and receive hundreds or thousands of complaints about customers computers being hijacked or turned into spam zombies. Non-original joke: I think that job is usually assigned to /Dave/Null. grumble That's what I'm all worked up about. If these large broadband providers were more pro-active a lot of things would be different. Take the following events for example: Massive DDOS attacks which take down large sites like yahoo.com and many others. Massive Habeas forgery causing mass-confusion on why people are seeing spam. (majority cable / dsl zombies) Preventing those people who choose to use our computers without our permission and knowledge. Most people I know have to pay for their cable DSL connection and they pay way too much money for it. Maybe a simple solution would to be making the cable / dsl customers receive a new IP address every 2 hours? I am sure this will anger many but would make spam advertised sites go down much faster. Give all cable / dsl a private IP address and allow real IP if requested. Those who are not familiar with the internet tend to get themselves into trouble by accident. Protected behind a private IP would protect them from many of the issues I'm upset about. That alone would have helped to prevent spread of Blaster type worms. Why leave un-knowing people in front of the defenses when they don't even know a war is being waged. From a litle research I find that cable dsl are being used for hosting the spam content as well as DNS hosting for their domains and also for sending the spam messages. If we take out that massive source of zombies the spammers would be in deep trouble. They would be force to pay for hosting, or hack into companies / schools which would make them more likely to be caught. Or funnier yet, hack modems for hosting, that'll be the day! If I'm going after a website for spamming me I target the following in order: Step 1: Whois records, against valid contact information. Many registrars say they will suspend a domain for invalid contact records. Step 2: Next comes DNS servers. Check the domain name on the dns servers and attempt step 1. Step 3: Netblock of website. Most times I find a massive listing of cable / dsl zombies used for hosting website. Step 4: Netblock of DNS provider. Same results of step 3 found. Step 5: Get mad and give up. Re-think attack and plan new methods. /grumble Frederic Tarasevicius I also try the same. Some ISPs are useless to try to talk to, Above.net. THey will end up blacklisting the complainee! (Is that a word?) :) I'm trying to find some stats on spam origins. Particularly by ISP. I see very little spam coming from cox.net cable modems vs. a buttload from Comcast. Would be nice to know the biggest ones and start a movement one at a time to get this problem fixed. If I've learned anything from this list, its a group has a far better chance of getting things done then 1 person. Consider me with you Fred. --Chris --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
[SAtalk] BigEvil Scoring
Is there an easy way of changing the BigEvil Scores without modifying bigevil.cf which gets updated a lot? And without duplicating them into local.cf. -=B --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
Re: [SAtalk] Turning off Habeas?
On Tue, 20 Jan 2004 14:23:44 -0600 Kang , Joseph S. [EMAIL PROTECTED] wrote: The HABEAS_VIOLATOR test is nice for those sites that also have SA do network tests. MINE DOESN'T. For next runs of GA, maybe HABEAS rules should have four scores. So we could have something like: score HABEAS_SWE -2.0 -8.0 -2.0 -8.0 When network tests are not used, HABEAS_SWE cannot be counterbalanced by HABEAS_VIOLATOR in case of abuse, so it's score is less negative. That's just an idea... -- Jérémy JUST [EMAIL PROTECTED] --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
Re: [SAtalk] Another one for BigEvil
On Wed, 2004-01-21 at 09:33, Rubin Bennett wrote: Sneaky bastard... got through with a 4.7 Chris: Would you prefer that we email you this stuff offlist? I have a few too, but I don't want to contribute to the line noise on this list. -- AltGrendel [EMAIL PROTECTED] --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
Re: [SAtalk] Enable localized rule descriptions
On Tue, 20 Jan 2004 12:46:38 -0500 Matt Kettler [EMAIL PROTECTED] wrote: If you want your server to be in german, tell it. export LANG=de note: this may affect other programs on the system that are language-smart as well. Yes, but you change this in the init script, e.g. case $1 in start) echo -n Starting $DESC: LANGUAGE=de_DE start-stop-daemon --start --pidfile $PIDFILE --name $PNAME \ --oknodo --startas $DAEMON -- $OPTIONS $DOPTIONS echo $NAME. ;; Ciao Racke -- LinuXia Systems = http://www.linuxia.de/ Expert Interchange Consulting and System Administration ICDEVGROUP = http://www.icdevgroup.org/ Interchange Development Team --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
[SAtalk] Not able to run sa-learn
Hello, I'm running spamassassin 2.62 with MailScanner on redhat 9. What I'm trying to run is this: sa-learn -p /etc/MailScanner/spam.assassin.prefs.conf --spam --mbox /var/spool/mail/bayes But, it just sits there. Sa-learn --rebuild and --force-expire work fine. When I first upgraded from 2.61 to 2.62, it worked great. But, it only worked that one time. Is there something wrong with the command I'm running? -- Jody Cleveland ([EMAIL PROTECTED]) --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
Re: [SAtalk] Hello, new to list ! :-)
On Wed, 2004-01-21 at 09:38, Brad Hazledine wrote: On Wed, 21 Jan 2004, Spyros Tsiolis wrote: Hello list ! Hello. I am kinda new here chaps, so please bare with me. A simple question (which I didn't pose on the xmail forum in case I get flamed/cursed) :-) From what it seems, one must let spamassassin know of what to filter as spam mail; So far so good. It also looks like one has to invoke a special format of expressions (regex's?) to the .cf file living under /etc/mail/spamassassin/local.cf Spamassassin is already configured to filter spam, the local.cf is for customization. You will find thousands of examples of regular expressions in your /usr/share/spamassassin directory. You will also find loads of rules covering recent trends here http://www.merchantsoverseas.com/wwwroot/gorilla/sa_rules.htm http://kepler.acns.bethel.edu/~bjn/spamassassin/ http://www.emtinc.net/spamhammers.htm There is also http://wiki.spamassassin.org and http://www.exit0.us -- AltGrendel [EMAIL PROTECTED] --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
[SAtalk] Spam Assassin as a Filter then Forward Mail to MS Exchange
I have a RedHat 9.0 box that I want to turn into a Spam Filtering Device. Basically all that I want the RedHat box to do is: 1). take in the emails, 2). then filter them with Spam Assassin, 3). mark the subject lines as *** SPAM ***, 4). and finally pass all of the emails to my MS Exchange Server for client pick-up. The only reason why I need to keep the MS Exchange box is that my boss will not let me get rid of it. Does anyone know of any How To articles that I can read that deals with this sort of thing? I am fairly new at linux too. :) Thanks everyone for the help. Dustin O Williams - Web Developer/Designer Intelligent eBusiness Consultants www.einsteinsystems.com< /body> --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
[SAtalk] Popcorn Backhair have been combined into 1 Set
Hello spam peeps Well I was going to hold off posting this until I had the time to edit the page explaining the Rule Sets, but I got a spam this morning, tagged only by this updated Backhair Set. I was irked enough (thinking these spams might be getting through on other machines) that I will go ahead and at least announce the change. [we all know that cd, I shant mention them] Adam Lopresto and I have recently begun working together on Chickenpox, and while working on that set, it occurred to him how to fix the limitations in Backhair, using similar ideas we're using in pox. This change in essence combines Backhair Popcorn. If you use this newest version of Backhair, you may delete the Popcorn Set. It covers the whole!silly obfu taggamut. I will update the page when I get some free time in the hopes of making this change more clear. I left Popcorn on there for now, but like I said, if you use Backhair version 1.1 (just posted it) you no longer (sniff sniff...) need Popcorn... ..That makes me very sad :'( Popcorn was my first ruleset. http://www.emtinc.net/spamhammers.htm Jenn/ifer -- 44 on new Backhair set ;) ...oooh the urge to say it! B..(cough cough) (cough cough cough) nah, best not to. --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
Re: [SAtalk] BigEvil Scoring
Yes: http://www.exit0.us/index.php/RulesDuJourMungeScripts On Wed, 2004-01-21 at 09:16, Rose, Bobby wrote: Is there an easy way of changing the BigEvil Scores without modifying bigevil.cf which gets updated a lot? And without duplicating them into local.cf. -=B --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk -- Chris Thielen Easily generate SpamAssassin rules to catch obfuscated spam phrases: http://www.sandgnat.com/cmos/ --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] Spam Assassin as a Filter then Forward Mail to MS Ex change
http://postfix.cnc.bc.ca/twiki/bin/view/Main/SpamAssassinTaggingOnly is what I use with Postfix to do pretty much the same thing. Very simple and it works. regards, Paul -- Paul Hutchings Network Administrator, MIRA Ltd. Tel: 44 (0)24 7635 5378, Fax: 44 (0)24 7635 8378 mailto:[EMAIL PROTECTED] -Original Message- From: Dustin O Williams [mailto:[EMAIL PROTECTED] Sent: 21 January 2004 15:38 To: [EMAIL PROTECTED] Subject: [SAtalk] Spam Assassin as a Filter then Forward Mail to MS Exchange I have a RedHat 9.0 box that I want to turn into a Spam Filtering Device. Basically all that I want the RedHat box to do is: 1). take in the emails, 2). then filter them with Spam Assassin, 3). mark the subject lines as *** SPAM ***, 4). and finally pass all of the emails to my MS Exchange Server for client pick-up. The only reason why I need to keep the MS Exchange box is that my boss will not let me get rid of it. Does anyone know of any How To articles that I can read that deals with this sort of thing? I am fairly new at linux too. :) Thanks everyone for the help. Dustin O Williams - Web Developer/Designer Intelligent eBusiness Consultants www.einsteinsystems.com /body --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
[SAtalk] RE: auto_learn question
I get over 50 spam messages every day and a lot of valid mail, which is usually whitelisted. I see, at most, one spam message that gets through every 2 or 3 weeks. Excellent job, SA team! I train Bayes on all spam regularly and I want to use auto_learn to train Bayes when the score is over 9. Spam over 9 is delivered to a spam account. Spam under 9 is only about 2% of the total spam and is delivered a different spam account. I can continue to manually train Bayes for this small percentage. My question is which Bayes database is auto trained? It appears under the User Preferences section, but I only have a site wide database. When messages are filtered, SA records a log entry for user root:spamd. Spamd is running with -u spamd. The user spamd owns the confdir directory and all files in that directory. Thanks, Alex --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
[SAtalk] missed spam?
Greetings We're seeing lots of the =?iso in the header messages getting through. We have this rule in place: header SUBJECT_ENCODED_MY_TEST Subject:raw =~ /=\?.*\?=/i describe SUBJECT_ENCODED_MY_TEST Subject begins with =? scoreSUBJECT_ENCODED_MY_TEST 5.0 When I try to send a test message with the full header ( =?iso-8859-1?B?U2hpcHBlZCB0byB5b3UgbmV4dCBkYXkgdG8geW91ciBkb29y?=) that's in some of the spams, it translates to How are you doing... when the messages is received, so I'm guessing that's why it's passing through. X-Spam-Score: 1.8 BAYES_30,HTML_60_70,HTML_IMAGE_ONLY_02,HTML_MESSAGE,HTML_TAG_BALANCE_BODY,MSGID_GOOD_EXCHANGE,OACYS_CONS_6,RM_rb_ANCHOR,RM_rb_BODY,RM_rb_HTML,RM_sl_Parens,SUBJECT_ENCODED_MY_TEST What am I missing? Thanks... Paul --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] [OT] - The current state spam.
Not to flame anyone, but I sure do hope my isp never blocks ports. I don't pay for obstructed internet access. I do run a small mail server from my home dsl connection. I allow family members to use that to send to/from. The local cable provider here (Brighthouse) just about blocks all inbound ports. This is fine for the normal internet user, but for those of us who know what we are doing this hurts us. If my isp were to block ports, that would hinder on what I am doing. I don't have a professional dsl line (3x as much as residential) and in order for me to get a professional line, I would need to buy a professional phone service from the phone co (again, 3x the price). A whole lot of bloat I don't need nor want. My modem has a very good firewall built in and uses nat. This is the normal, default setup. The isp doesn't provide any solutions in overriding it, but is allowed. I use an internal router with nat instead of the modem's built in. I think this is a much better way of blocking ports than isp's blocking ports. If isp's set up this feature properly, then allow us advanced users to unlock so to speak, this is more desirable IMHO. This technology obviously exists and I think is a much better option. Thanks, James -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pierre Thomson Sent: Wednesday, January 21, 2004 10:13 AM To: Chris Santerre Cc: Spamassassin-Talk (E-mail) Subject: RE: [SAtalk] [OT] - The current state spam. It's not strictly a spam measurement, but www.senderbase.org has excellent real-time lists of outbound mail volume by ISP and IP address. Pierre -Original Message- From: Chris Santerre [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 21, 2004 10:08 AM To: 'Fred'; AltGrendel; Spamassassin-Talk (E-mail) Subject: RE: [SAtalk] [OT] - The current state spam. ... I'm trying to find some stats on spam origins. Particularly by ISP. I see very little spam coming from cox.net cable modems vs. a buttload from Comcast. Would be nice to know the biggest ones and start a movement one at a time to get this problem fixed. If I've learned anything from this list, its a group has a far better chance of getting things done then 1 person. Consider me with you Fred. --Chris --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
Re: [SAtalk] Recieved From database
On Wed, 21 Jan 2004, Christian Nygaard wrote: It would be nice if one could take into account a Spam probability also based from the originating Received From: header lines. I.e. I would want to have a whitelist of known good mail servers and assign them a negative score test value and a have a blacklist which is assigned a positive score. One of the things I'm intending to work on, (and it won't likely happen this week, I'm afraid -- perhaps not even this month), is a check against the system that handed a message to the first of my mail servers to handle it. If that system is registered as an MX for the envelope sender, (maybe check also the from sender?), assign a negative score, since spammers usually relay through client systems, or use third-party mail servers ... A friend of mine also has suggested the following (the coding is my own, so if it doesn't work, I've poorly implemented the suggestion): header SYL_BAD_XOIP X-Originating-IP !~ /\[?(\d{1,3}\.){3}\d{1,3}\]?/ describe SYL_BAD_XOIP Improperly formatted X-Originating-IP header scoreSYL_BAD_XOIP 4.0 # frankly, this alone should be grounds # for rejection ... NOTE: I've not yet tested this rule, but so far in the mail I have, it would match only on spam ... -- -- Sylvain Robitaille [EMAIL PROTECTED] Systems analyst / Postmaster Concordia University Instructional Information TechnologyMontreal, Quebec, Canada -- --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
Re: [SAtalk] More obfuscation
On Tue, 20 Jan 2004, Robert Menschel wrote: CS I'm not sure where the post is, but about 3 weeks ago I think Dallas CS put a semi-end to the spell-checker debate :) Perhaps I need to re-clarify. The idea is NOT to treat mis-spelled words as spam. The idea is to find specific 'close matches' to words that spammers like to obfuscate - another example from yesterday was penDXHis - and (1) note that it is an obfuscation of a known word, BUT (2) do NOT count it if it is a properly spelled dictionary word. The idea is to use spell checking to avoid false positives in the 'close match' testing. However, approximation technology, which identifies key words (such as found in antidrug), and tests for near-matches, can be beneficial. I think a suitable example is 'enlargement' spams that talk about your pens. It's a valid word, so we couldn't/shouldn't block it on an obfuscation checker. Someone might use penTiUMs to do the obfuscation, so we would have to let that through. I am going to suggest a check like this to catch the spam that uses capital letters mid-word. It needs to be refined, and checked against a decent corpus. body LOC_MIDWORDCAPS /[a-z][A-Z]{1,5}[a-z]/ Variations for the number of non-caps letters before/after might help avoid false positives, as well as separate higher-scoring tests for multiple caps in a row within a word - C --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] Spam Assassin as a Filter then Forward Mail to MS Exchange
Try MailScanner. That's what we use. It works well for just relaying mail onto an exchange server. Spamassassin ties into it, and it's pretty easy to configure. http://www.sng.ecs.soton.ac.uk/mailscanner/ -Original Message- From: Dustin O Williams [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 21, 2004 8:38 AM To: [EMAIL PROTECTED] Subject: [SAtalk] Spam Assassin as a Filter then Forward Mail to MS Exchange I have a RedHat 9.0 box that I want to turn into a Spam Filtering Device. Basically all that I want the RedHat box to do is: 1). take in the emails, 2). then filter them with Spam Assassin, 3). mark the subject lines as *** SPAM ***, 4). and finally pass all of the emails to my MS Exchange Server for client pick-up. The only reason why I need to keep the MS Exchange box is that my boss will not let me get rid of it. Does anyone know of any How To articles that I can read that deals with this sort of thing? I am fairly new at linux too. :) Thanks everyone for the help. Dustin O Williams - Web Developer/Designer Intelligent eBusiness Consultants www.einsteinsystems.com /body --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
Re: [SAtalk] fresh installation not working (yp_match: clnt_call: RPC: timed out)
I believe you have neglected to hook SA into your mail delivery path. There are a number of ways to do this; but the most straight forward is to use procmail and add a .forward and a .procmailrc file into your home directory. Fernan Aguero wrote: Hi, I just installed SpamAssassin-2.6.1 under FreeBSD-4.9. Installation was from the FreeBSD ports collection. I have not configured anything yet. I just opened INSTALL and USAGE and went through the steps listed there. It appears that, because I've installed SpamAssassin from ports, everything in INSTALL is just done. So I started with USAGE, which says that before anything else, I should check spamassassing doing something like: spamassassin -t sample-nospam.txt nospam.out I have tested this and after creating a user_prefs under ~/.spamassassin, the program keeps reporting the following error: yp_match: clnt_call: RPC: Timed out In case it's useful I have run the same example, now adding -D to collect more debug info. I am attaching the output. From what I see, there's nothing suspicious, but, alas, I'm not the one who should know what the output should look like! As for the possible cause, yes I have NIS (YP) running. But as far as I can tell, I've seen no problem. I am running spamassassing at the host that is acting as the YP master host. Can anyone tell me what calls is spamassassing making that need to be passed to yp? I don't see anything in the attached output. Thanks in advance, Fernan --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] Popcorn Backhair have been combined into 1 Set
OY! That set had the original testing scores. Fixed now. Sorry Haste = Bad said, if you use Backhair version 1.1 (just posted it) you no longer http://www.emtinc.net/spamhammers.htm Jenn/ifer -- 44 on new Backhair set ;) ...oooh the urge to say it! B..(cough cough) (cough cough cough) nah, best not to. --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
[SAtalk] SA missed an 'invisible font'?
X-Spam-Level: ** X-Spam-Status: No, hits=2.7 required=3.5 autolearn=no tests=HTML_20_30=0.474, HTML_FONT_BIG=0.1,HTML_MESSAGE=0.001,LOC_LOWPRICE=0.9, LOC_WEIGHTPATCH=1,RCVD_IN_NJABL=0.1,RCVD_IN_SORBS=0.1 Example HTML below. SA seems to have not recognized the EE font as 'invisible', perhaps because it is just one or two points outside the 'range' permitted by SA? But also note that they have used a ZERO point size for the font. Can we test for that? I will be. :-) body font COLOR=EE style=font-family: arial; font-size: 0pt; - Charles --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
Re: [SAtalk] missed spam?
At 10:55 AM 1/21/2004, Paul Diaguila wrote: X-Spam-Score: 1.8 BAYES_30,HTML_60_70,HTML_IMAGE_ONLY_02,HTML_MESSAGE,HTML_TAG_BALANCE_BODY,MSGID_GOOD_EXCHANGE,OACYS_CONS_6,RM_rb_ANCHOR,RM_rb_BODY,RM_rb_HTML,RM_sl_Parens,SUBJECT_ENCODED_MY_TEST What am I missing? What version of SA are you running? MSGID_GOOD_EXCHANGE was an exploitable bug for spammers in SA versions 2.50-2.53 --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] [OT] - The current state spam.
Yeah, we have had this same conversation on another list a week ago. We are saying by DEFAULT and ISP should block the ports, BUT it should be removed if asked, and FREE of charge. I'm sure the percentage of users who would request it would be like 5%. THen it would be easy to monitor traffic (not data) of those 5%. ISPs used to complain about the costs of hardware vs. traffic. I'd say this would help them in the long run. DON't raise my broadband bill, decrease the spam traffic on your net! --Chris -Original Message- From: James [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 21, 2004 10:58 AM To: [EMAIL PROTECTED] Subject: RE: [SAtalk] [OT] - The current state spam. Not to flame anyone, but I sure do hope my isp never blocks ports. I don't pay for obstructed internet access. I do run a small mail server from my home dsl connection. I allow family members to use that to send to/from. The local cable provider here (Brighthouse) just about blocks all inbound ports. This is fine for the normal internet user, but for those of us who know what we are doing this hurts us. If my isp were to block ports, that would hinder on what I am doing. I don't have a professional dsl line (3x as much as residential) and in order for me to get a professional line, I would need to buy a professional phone service from the phone co (again, 3x the price). A whole lot of bloat I don't need nor want. My modem has a very good firewall built in and uses nat. This is the normal, default setup. The isp doesn't provide any solutions in overriding it, but is allowed. I use an internal router with nat instead of the modem's built in. I think this is a much better way of blocking ports than isp's blocking ports. If isp's set up this feature properly, then allow us advanced users to unlock so to speak, this is more desirable IMHO. This technology obviously exists and I think is a much better option. Thanks, James -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pierre Thomson Sent: Wednesday, January 21, 2004 10:13 AM To: Chris Santerre Cc: Spamassassin-Talk (E-mail) Subject: RE: [SAtalk] [OT] - The current state spam. It's not strictly a spam measurement, but www.senderbase.org has excellent real-time lists of outbound mail volume by ISP and IP address. Pierre -Original Message- From: Chris Santerre [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 21, 2004 10:08 AM To: 'Fred'; AltGrendel; Spamassassin-Talk (E-mail) Subject: RE: [SAtalk] [OT] - The current state spam. ... I'm trying to find some stats on spam origins. Particularly by ISP. I see very little spam coming from cox.net cable modems vs. a buttload from Comcast. Would be nice to know the biggest ones and start a movement one at a time to get this problem fixed. If I've learned anything from this list, its a group has a far better chance of getting things done then 1 person. Consider me with you Fred. --Chris --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
Re: [SAtalk] fresh installation not working (yp_match: clnt_call: RPC: timed out)
+[ Eric W. Bates [EMAIL PROTECTED] (21.Jan.2004 13:04): | | I believe you have neglected to hook SA into your mail delivery path. | There are a number of ways to do this; but the most straight forward is | to use procmail and add a .forward and a .procmailrc file into your home | directory. Hi Eric, and thanks for your reply. I was waiting to pass this first test before attempting to hook anything. Perhaps I've been misleaded from reading the docs, but from what I understood, I was supposed to run this test on the command-line, just to see check if the installation went right. I have already a working procmail (no need for a .forward, procmail is used as the local delivery agent by sendmail) and procmailrc. I will test it from within procmail, and report back if I succeed ... Fernan | | Fernan Aguero wrote: | | Hi, | | I just installed SpamAssassin-2.6.1 under FreeBSD-4.9. | Installation was from the FreeBSD ports collection. | | I have not configured anything yet. I just opened INSTALL | and USAGE and went through the steps listed there. It | appears that, because I've installed SpamAssassin from | ports, everything in INSTALL is just done. So I started with | USAGE, which says that before anything else, I should check | spamassassing doing something like: | | spamassassin -t sample-nospam.txt nospam.out | | I have tested this and after creating a user_prefs under | ~/.spamassassin, the program keeps reporting the following error: | yp_match: clnt_call: RPC: Timed out | | In case it's useful I have run the same example, now adding | -D to collect more debug info. I am attaching the output. | From what I see, there's nothing suspicious, but, alas, I'm | not the one who should know what the output should look | like! | | As for the possible cause, yes I have NIS (YP) running. But | as far as I can tell, I've seen no problem. I am running | spamassassing at the host that is acting as the YP master host. | Can anyone tell me what calls is spamassassing making that | need to be passed to yp? I don't see anything in the | attached output. | | Thanks in advance, | | Fernan | | +] -- F e r n a n A g u e r o http://genoma.unsam.edu.ar/~fernan --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
[SAtalk] No To line in header
Can someone tell me how to look for no To or CC field in the header. I get several emails sent to me like this and would like to score them. Best I could come up with is ToCc !~ /To|cc/i Can someone tell me how Im suppose to do this. Regards Steve Get advanced SPAM filtering on Webmail or POP Mail ... Get Lycos Mail! http://login.mail.lycos.com/r/referral?aid=27005 --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
[SAtalk] better whitelisting - using feedback?
One of the speakers at Spamcon 2004, talked about the effectiveness of automatically generated white lists. As I recall, his scheme depended upon two sources of info: the mail addresses that typically appeared in your To: From: and Cc: lines in your corpus of ham, during training and automatically collected from similar info. in mail that you send out. This of course assumes that you don't correspond directly with spammers. g I was wondering how this might be integrated with SA. In particular, how does one intercept addresses on the outbound mail route? Would this be done in some sort of milter (like mimedefang, if you're using sendmail as your MTA)? It seemed to me that if one can build a more effective white list, that the number of false positives can be reduced considerably, and thus, the spam cut-off could be lowered, making sure more actual spam makes it over the dam. Separate question (may be a faq): is there a database (SQL, etc) implementation of from/received white lists? This would make updating a whitelist easier, and more efficient than hacking the user_prefs file, for example. --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
Re: [SAtalk] Not able to run sa-learn
At 10:36 AM 1/21/2004, Jody Cleveland wrote: I'm running spamassassin 2.62 with MailScanner on redhat 9. What I'm trying to run is this: sa-learn -p /etc/MailScanner/spam.assassin.prefs.conf --spam --mbox /var/spool/mail/bayes But, it just sits there. Sa-learn --rebuild and --force-expire work fine. When I first upgraded from 2.61 to 2.62, it worked great. But, it only worked that one time. Is there something wrong with the command I'm running? Well, I doubt it's your problem, but the first thing that jumps out at me is it's an extraordinarily bad idea to learn from files that are still in /var/spool/mail. This is because your mailserver could write to it while sa-learn is running... copy or move them elsewhere first, then run sa-learn on them. I'd suggest turning on debug output with the -D parameter, and see where it gets stuck. --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
Re: [SAtalk] [OT] - The current state spam.
I made this point on a mimedefang list. Some people didn't really like it. Computers are too complicated for people to be responsible some said. So I tried equating it to maintaining your car in that, if your car smokes and causes pollution - it is NOT the manufacturers responsibility to come fix your car. It's your responsibility to take it to the nearest mechanic. If it smokes too much the police might just have to remove you from the road for other peoples safety. What I got in return to that was - Yeah sure, but doesn't relate. Auto manufacturers don't put out buggy cars like microsoft puts out buggy software. Hmm... good point - but doesn't microsoft put out these things called patches? Is it not the users responsibility to maintain their software (vehicle) but obtaining these patches (tune up). I don't see how this doesn't equate. It's the same friggin thing. If you are going to put yourself on the internet then you should be held accountable for what happens to your computer. It isn't microsoft/linux 's responsibility to educate users. It's their own responsibility to educate themselves or suffer the consequences. You have to think of this in terms of the dsl/cable connections. Everyone is now always on which in essence makes them like a little open node on the internet. The government is NOT responsible, NOR the ISP, NOR the software manufacturer for maintaining safety of these little nodes. I'm sorry, but I will not see this any other way. The government doesn't know their head from their ass as far as the internet, the ISP should only be responsible for shutting the nodes down originating from their own network, and the software manufacturers should make patches available when they fix bugs. The USER is/SHOULD BE held responsible to secure, maintain, upgrade, etc etc their little node. Too complicated? Then they don't need to be on the net all the time (or period for that matter as far as I'm concerned). Or they need to hire a mechanic PC-TECH. All this really becomes is a whole debate of how responsible should a user be? I agree - the user should have responsibility. No one is/can or should be responsible to go out and hold every little users hand, and assist them with every little nuance of owning a computer. Maybe that sounds a bit harsh, but I still say it's like maintaining your car. All of this knowledge and info is freely available (some even in little paper books or cd's called manuals). If you're stupid and don't read the owners manual for your car, never change the oil, wear your tires bald, never change the windshield wipers, and people force you to quit driving the vehicle, it's your OWN fault. If you don't RTFM, do a little research, (my god - it is NOT THAT FRIGGIN HARD) get the basics of owning a computer, and get your little node shut down because your a friggin idiot spewing crap out on the net, because your computers infected, because it got hacked, because you had no protection, etc etc, yadda, yadda - then it's your OWN fault. Think logically here folks. - Original Message - From: Pedro Sam [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, January 20, 2004 11:44 PM Subject: Re: [SAtalk] [OT] - The current state spam. I take an opposite view point. ISP's should disable a user's account, if that account is found to be launching any malicious attacks, regardless of whether that account was intentionally malicious or was simply hacked. It's time people own up to the responsibility of a presence on the internet. -- In those days he was wiser than he is now -- he used to frequently take my advice. -- Winston Churchill --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
Re: [SAtalk] Popcorn Backhair have been combined into 1 Set
On Wed, 2004-01-21 at 15:40, Jennifer Wheeler wrote: I will update the page when I get some free time in the hopes of making this change more clear. I left Popcorn on there for now, but like I said, if you use Backhair version 1.1 (just posted it) you no longer (sniff sniff...) need Popcorn... So if I grab Jennifer's backhair I don't need any popcorn? There must be some hidden meaning there. I've removed popcorn from the default list of thinggies to snag in RulesDeJour. -- Chris Thielen Easily generate SpamAssassin rules to catch obfuscated spam phrases (0BFU$C/\TED SPA/\/\ P|-|RA$ES): http://www.sandgnat.com/cmos/ --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
Re: [SAtalk] Per-user exceptions
Fred Bennett wrote: I have SA 2.61 running spamd on a Mandrake server with Postfix. It sends mail to our Exchange 2000 server on the LAN. All is ok, except for one user that wants to opt-out. This user wants to get all messages unmodified by SA (I think header mods would be acceptable as long as subject and body are unmodified). Allowing one user to opt-out like this depends a great deal on how you're calling SA. In my case, for instance, if I were using report_safe 0 globally on one server here, I could easily set it to 1 or 2 for a specific user because I'm calling SA from procmail on delivery, not in the middle of the SMTP chain. I can score rules differently, whitelist/blacklist, and set the spam threshold differently for each user. Fortunately for my administrative time, defaults work pretty well for most users- but I *can* (and have) made specific changes for a few users with somewhat unusal mail. On the other machine I run SA on, it's a little different. The first machine only hosts accounts for one domain; the second is our domain hosting server and has ~40 domains right now. I call SA from MIMEDefang, which is called during sendmail's SMTP conversation with the remote host. This machine splits mail streams on a per-domain basis, allowing some individuality for each domain without imposing the load that full per-user preferences would. I'm not sure whether Postfix will allow you to do this sort of per-recipient or group-of-recipients processing; if not it sounds like you might have to redesign your inbound relay server. :/ This seemed simple enough (all_spam_to), but when I use that or whitelist_to, it affects a whole bunch of other users. They are all listed in the To, Cc, and/or Bcc fields as co-recipients. I see that this is a documented problem on the SA to-do list, Which likely wouldn't help in your case, as at the SMTP level there may only be *one* message that SA is working with. :( Unless you can get Postfix to (re)generate a copy of the message for each recipient *before* the SA processing, fixing this SA bug won't help you. but in the meantime I would like to know if there's another method that would work. One such method that I've seen suggested is to set required_hits to a high number for this user, If you do actually have per-user prefs like this, you should also be able to use whitelist_to without trouble. This assumes that you're calling SA in such a way that it runs once for each recipient. Good luck. -kgd -- Sendmail administration is not black magic. There are legitimate technical reasons why it requires the sacrificing of a live chicken. - Unknown --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
Re: [SAtalk] This spam scores too low
Your email made it into my spam folder. Mostly due to my very strict rules (courtesy of my friend Chris): [mail:root]# cat /etc/mail/spamassassin/local.cf body RANDOM_WORD_10 /(?:\b(?!(?:from|even|more|that|this|were|with)\b)[a-z]{4,12}\s+){10}/ describe RANDOM_WORD_10 string of 10+ random words score RANDOM_WORD_101.0 body RANDOM_WORD_15 /(?:\b(?!(?:from|even|more|that|this|were|with)\b)[a-z]{4,12}\s+){15}/ describe RANDOM_WORD_15 string of 15+ random words score RANDOM_WORD_153.0 Your's is the first false positive I've gotten from this, but you did include the spam email to be fair. -Scott Jürgen R. Plasser wrote: Spam detection software, running on the system mail.troutpocket.org, has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or block similar future email. If you have any questions, see the administrator of that system for details. Content preview: Hi all, in the last view days I experienced some (for me) strange kind of spam. The first part of the email is a random text (that's what I see in my email client when opening the email): [...] Content analysis details: (5.9 points, 5.0 required) pts rule name description -- -- 1.0 RANDOM_WORD_10 BODY: string of 10+ random words 3.0 RANDOM_WORD_15 BODY: string of 15+ random words 0.0 HTML_MESSAGE BODY: HTML included in message 0.1 FVGT_TRIPWIRE_QA FVGT_TRIPWIRE_QA 0.1 FVGT_TRIPWIRE_QX FVGT_TRIPWIRE_QX 0.1 FVGT_TRIPWIRE_JR FVGT_TRIPWIRE_JR 0.1 FVGT_TRIPWIRE_WB FVGT_TRIPWIRE_WB 0.1 FVGT_TRIPWIRE_SJ FVGT_TRIPWIRE_SJ 0.1 FVGT_TRIPWIRE_QW FVGT_TRIPWIRE_QW 0.1 FVGT_TRIPWIRE_ZC FVGT_TRIPWIRE_ZC 0.1 FVGT_TRIPWIRE_YH FVGT_TRIPWIRE_YH 0.1 FVGT_TRIPWIRE_NX FVGT_TRIPWIRE_NX 0.1 FVGT_TRIPWIRE_PB FVGT_TRIPWIRE_PB 0.1 FVGT_TRIPWIRE_QK FVGT_TRIPWIRE_QK 0.1 FVGT_TRIPWIRE_MN FVGT_TRIPWIRE_MN 0.1 FVGT_TRIPWIRE_LX FVGT_TRIPWIRE_LX 0.1 FVGT_TRIPWIRE_QY FVGT_TRIPWIRE_QY 0.1 FVGT_TRIPWIRE_TQ FVGT_TRIPWIRE_TQ 0.1 FVGT_TRIPWIRE_KG FVGT_TRIPWIRE_KG 0.1 FVGT_TRIPWIRE_BD FVGT_TRIPWIRE_BD 0.1 FVGT_TRIPWIRE_NL FVGT_TRIPWIRE_NL 0.1 FVGT_TRIPWIRE_FZ FVGT_TRIPWIRE_FZ 0.1 FVGT_TRIPWIRE_QD FVGT_TRIPWIRE_QD 0.1 FVGT_TRIPWIRE_MQ FVGT_TRIPWIRE_MQ 0.1 FVGT_TRIPWIRE_DX FVGT_TRIPWIRE_DX 0.1 FVGT_TRIPWIRE_QH FVGT_TRIPWIRE_QH 0.1 FVGT_TRIPWIRE_WH FVGT_TRIPWIRE_WH 0.1 FVGT_TRIPWIRE_RQ FVGT_TRIPWIRE_RQ Subject: [SAtalk] This spam scores too low From: Jürgen R. Plasser [EMAIL PROTECTED] Date: Wed, 21 Jan 2004 11:56:34 +0100 To: [EMAIL PROTECTED] Hi all, in the last view days I experienced some (for me) strange kind of spam. The first part of the email is a random text (that's what I see in my email client when opening the email): snip embedding rose abalone freedman havana bayport regretful menlo gate blomquist force parasitic infelicity crayon insidious brasilia pinsky noel priestley fried praiseworthy gimmick even /snip Makes no sense to me at all ;-) And besides that, there is a html part with an ad section (scrambled letter words) and below that an irritating set of words. Is there any way to get rid (say: score 5) of those mails with SA? Some rules? I have SA 2.61 and the latest Bigevel rules installed. Best regards, Jürgen ps. Here is the email source Return-Path: [EMAIL PROTECTED] Received: from mailserver ([unix socket]) (authenticated user=cyrus bits=0) by mailserver (Cyrus v2.1.16) with LMTP; Wed, 21 Jan 2004 11:04:46 +0100 X-Sieve: CMU Sieve 2.2 Return-Path: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] Received: by mailserver.example.com (Postfix, from userid 65534) id 1F70F60441F; Wed, 21 Jan 2004 11:04:46 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by mailserver.example.com (Postfix) with ESMTP id 0A0806042D6; Wed, 21 Jan 2004 11:04:44 +0100 (CET) Received: from mailserver.example.com (localhost [127.0.0.1]) by localhost (AvMailGate-2.0.1) id 23887-263A9B8D; Wed, 21 Jan 2004 11:04:44 +0100 Received: from pD954857A.dip.t-dialin.net (pD954857A.dip.t-dialin.net [217.84.133.122]) by mailserver.example.com (Postfix) with SMTP id AED3A6042D6; Wed, 21 Jan 2004 11:04:11 +0100 (CET) Received: from [104.221.238.124] by 66.41.127.38 with HTTP; Wed, 21 Jan 2004 03:14:44 -0700 From: Ruth Walden [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: kirchner acquaint sanctify acrobatic Mime-Version: 1.0 X-Mailer: animadversion Date: Wed, 21 Jan 2004 06:14:44 -0400 Reply-To: Ruth Walden [EMAIL PROTECTED] Content-Type: multipart/alternative; boundary=5846461431537959 Message-Id: [EMAIL PROTECTED] X-Spam-Checker-Version:
RE: [SAtalk] better whitelisting - using feedback?
Gary Funck wrote: [snip] Separate question (may be a faq): is there a database (SQL, etc) implementation of from/received white lists? This would make updating a whitelist easier, and more efficient than hacking the user_prefs file, for example. Yes, all the of the whitelist/blacklist configuration entries can be read from a database on a per-user basis. Combined with some custom PHP it gives you a nice way to let your users manage more of this sort of thing themselves without worrying about them messing up editing a text file. -- Steve Luzynski Aquila, Inc. --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] Popcorn Backhair have been combined into 1 Set
For some reason this doesn't work for me. I get all kinds of problems when I run spamassassin -D --lint. I don't think it's a problem with the rule set, because it happens on the tripwire rule set also. Any ideas or pointers? I know this is very vague, so if anyone needs more information from me I'd be happy to provide what is needed. Thanks, Jason -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jennifer Wheeler Sent: Wednesday, January 21, 2004 9:40 AM To: [EMAIL PROTECTED] Subject: [SAtalk] Popcorn Backhair have been combined into 1 Set Hello spam peeps Well I was going to hold off posting this until I had the time to edit the page explaining the Rule Sets, but I got a spam this morning, tagged only by this updated Backhair Set. I was irked enough (thinking these spams might be getting through on other machines) that I will go ahead and at least announce the change. [we all know that cd, I shant mention them] Adam Lopresto and I have recently begun working together on Chickenpox, and while working on that set, it occurred to him how to fix the limitations in Backhair, using similar ideas we're using in pox. This change in essence combines Backhair Popcorn. If you use this newest version of Backhair, you may delete the Popcorn Set. It covers the whole!silly obfu taggamut. I will update the page when I get some free time in the hopes of making this change more clear. I left Popcorn on there for now, but like I said, if you use Backhair version 1.1 (just posted it) you no longer (sniff sniff...) need Popcorn... ..That makes me very sad :'( Popcorn was my first ruleset. http://www.emtinc.net/spamhammers.htm Jenn/ifer -- 44 on new Backhair set ;) ...oooh the urge to say it! B..(cough cough) (cough cough cough) nah, best not to. --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] [OT] - The current state spam.
I agree, However, I don't see isp's not charging for access to blocked ports. As is now, my current isp has hardware firewalls built into their modems (along with dhcp etc.) and you can change the config (via webbrowser) if you know what you are doing. I'm saying these kinds of devices IMHO are preferred to having site wide blockage of traffic. My isp requires that you buy their modem, you can't use a 3rd party's modem. All I am saying, is before we all find ourselves with blocked ports and having to pay some guy to sit a console and re-enable them, that there are implementations that are already in effect, and allow the user to define whether or not they have blocked ports. A large ISP will charge an outrageous price to unblock ports and monitor traffic. It is easiest now, for them to just let it through, even though, in the long run, would be cheaper for them to stop the zombies. I have had may discussions with my isp on this matter, and the biggest reason they say they will not block ports is not they don't care about their customers being hacked, but the fact that they may face reprisals for not stopping the illegal sharing of files (we all know the ones) of their customers computers. So, their defense to not stopping it is we allow all traffic unobstructed, unbiased and unfiltered. Thanks, James -Original Message- From: Chris Santerre [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 21, 2004 11:27 AM To: '[EMAIL PROTECTED]'; [EMAIL PROTECTED] Subject: RE: [SAtalk] [OT] - The current state spam. Importance: High Yeah, we have had this same conversation on another list a week ago. We are saying by DEFAULT and ISP should block the ports, BUT it should be removed if asked, and FREE of charge. I'm sure the percentage of users who would request it would be like 5%. THen it would be easy to monitor traffic (not data) of those 5%. ISPs used to complain about the costs of hardware vs. traffic. I'd say this would help them in the long run. DON't raise my broadband bill, decrease the spam traffic on your net! --Chris -Original Message- From: James [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 21, 2004 10:58 AM To: [EMAIL PROTECTED] Subject: RE: [SAtalk] [OT] - The current state spam. Not to flame anyone, but I sure do hope my isp never blocks ports. I don't pay for obstructed internet access. I do run a small mail server from my home dsl connection. I allow family members to use that to send to/from. The local cable provider here (Brighthouse) just about blocks all inbound ports. This is fine for the normal internet user, but for those of us who know what we are doing this hurts us. If my isp were to block ports, that would hinder on what I am doing. I don't have a professional dsl line (3x as much as residential) and in order for me to get a professional line, I would need to buy a professional phone service from the phone co (again, 3x the price). A whole lot of bloat I don't need nor want. My modem has a very good firewall built in and uses nat. This is the normal, default setup. The isp doesn't provide any solutions in overriding it, but is allowed. I use an internal router with nat instead of the modem's built in. I think this is a much better way of blocking ports than isp's blocking ports. If isp's set up this feature properly, then allow us advanced users to unlock so to speak, this is more desirable IMHO. This technology obviously exists and I think is a much better option. Thanks, James -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pierre Thomson Sent: Wednesday, January 21, 2004 10:13 AM To: Chris Santerre Cc: Spamassassin-Talk (E-mail) Subject: RE: [SAtalk] [OT] - The current state spam. It's not strictly a spam measurement, but www.senderbase.org has excellent real-time lists of outbound mail volume by ISP and IP address. Pierre -Original Message- From: Chris Santerre [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 21, 2004 10:08 AM To: 'Fred'; AltGrendel; Spamassassin-Talk (E-mail) Subject: RE: [SAtalk] [OT] - The current state spam. ... I'm trying to find some stats on spam origins. Particularly by ISP. I see very little spam coming from cox.net cable modems vs. a buttload from Comcast. Would be nice to know the biggest ones and start a movement one at a time to get this problem fixed. If I've learned anything from this list, its a group has a far better chance of getting things done then 1 person. Consider me with you Fred. --Chris --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing
Re: [WL] [SAtalk] Yikes.. rules_du_jour
On Mon, 2004-01-19 at 22:11, Jay Levitt wrote: One problem: If a spamassassin --lint fails (because if you, oh, had outdated directives in your sa-mimedefang.cf file), then once you correct that, on the next run, rules_du_jour won't update anything, because it thinks everything is up to date. Jay, Version 1.06 will now re-apply any changes that are pending (due to, for example, the scenario above). Also, check out the example munge scripts I put up: http://www.exit0.us/index.php/RulesDuJourMungeScripts Finally, as of today (version 1.06b) RulesDuJour includes ANTIDRUG and EVILNUMBER configured by default. POPCORN has been removed from the default config. Thanks to whoever added configs for ANTIDRUG and EVILNUMBER to the wiki. -- Chris Thielen Easily generate SpamAssassin rules to catch obfuscated spam phrases (0BFU$C/\TED SPA/\/\ P|-|RA$ES): http://www.sandgnat.com/cmos/ --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] Another one for BigEvil
aaap :) Just send them to me offlist. However FP reports you might want to copy here. As I remove them from the NEXT update. But people might want to remove them right away. They still trickle in now and then. --Chris (bored today for some reason) -Original Message- From: AltGrendel [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 21, 2004 10:20 AM To: SA-Talk Subject: Re: [SAtalk] Another one for BigEvil On Wed, 2004-01-21 at 09:33, Rubin Bennett wrote: Sneaky bastard... got through with a 4.7 Chris: Would you prefer that we email you this stuff offlist? I have a few too, but I don't want to contribute to the line noise on this list. -- AltGrendel [EMAIL PROTECTED] --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] [OT] - The current state spam.
I agree and disagree :) How many times have you heard this: I don't understand, I have antivirus software. When was the last time you updated it? Update? :-) I know tons of people with broadband connections that might be on only a few times a week. Some don't even notice their cpu is slower. I also know some pretty intelligent people that despite what they try, still end up with trojans and viruses from their kid's downloads. I say that your average middle class family will just never fully understand how to handle a computer on the net. They are busy scratching out a living. It needs to be made safer by the people who understand it. I can only effect my immediate family/friends. And despite my best efforts, they still get whacked now and then. Airbags make me safer. But there wasn't anyway in hell I was going to install them myself :) --Chris -Original Message- From: Keith Dowell [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 21, 2004 11:43 AM To: [EMAIL PROTECTED] Subject: Re: [SAtalk] [OT] - The current state spam. I made this point on a mimedefang list. Some people didn't really like it. Computers are too complicated for people to be responsible some said. So I tried equating it to maintaining your car in that, if your car smokes and causes pollution - it is NOT the manufacturers responsibility to come fix your car. It's your responsibility to take it to the nearest mechanic. If it smokes too much the police might just have to remove you from the road for other peoples safety. What I got in return to that was - Yeah sure, but doesn't relate. Auto manufacturers don't put out buggy cars like microsoft puts out buggy software. Hmm... good point - but doesn't microsoft put out these things called patches? Is it not the users responsibility to maintain their software (vehicle) but obtaining these patches (tune up). I don't see how this doesn't equate. It's the same friggin thing. If you are going to put yourself on the internet then you should be held accountable for what happens to your computer. It isn't microsoft/linux 's responsibility to educate users. It's their own responsibility to educate themselves or suffer the consequences. You have to think of this in terms of the dsl/cable connections. Everyone is now always on which in essence makes them like a little open node on the internet. The government is NOT responsible, NOR the ISP, NOR the software manufacturer for maintaining safety of these little nodes. I'm sorry, but I will not see this any other way. The government doesn't know their head from their ass as far as the internet, the ISP should only be responsible for shutting the nodes down originating from their own network, and the software manufacturers should make patches available when they fix bugs. The USER is/SHOULD BE held responsible to secure, maintain, upgrade, etc etc their little node. Too complicated? Then they don't need to be on the net all the time (or period for that matter as far as I'm concerned). Or they need to hire a mechanic PC-TECH. All this really becomes is a whole debate of how responsible should a user be? I agree - the user should have responsibility. No one is/can or should be responsible to go out and hold every little users hand, and assist them with every little nuance of owning a computer. Maybe that sounds a bit harsh, but I still say it's like maintaining your car. All of this knowledge and info is freely available (some even in little paper books or cd's called manuals). If you're stupid and don't read the owners manual for your car, never change the oil, wear your tires bald, never change the windshield wipers, and people force you to quit driving the vehicle, it's your OWN fault. If you don't RTFM, do a little research, (my god - it is NOT THAT FRIGGIN HARD) get the basics of owning a computer, and get your little node shut down because your a friggin idiot spewing crap out on the net, because your computers infected, because it got hacked, because you had no protection, etc etc, yadda, yadda - then it's your OWN fault. Think logically here folks. - Original Message - From: Pedro Sam [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, January 20, 2004 11:44 PM Subject: Re: [SAtalk] [OT] - The current state spam. I take an opposite view point. ISP's should disable a user's account, if that account is found to be launching any malicious attacks, regardless of whether that account was intentionally malicious or was simply hacked. It's time people own up to the responsibility of a presence on the internet. -- In those days he was wiser than he is now -- he used to frequently take my advice. -- Winston Churchill --- The SF.Net email is sponsored by EclipseCon 2004 Premiere
RE: [SAtalk] Popcorn Backhair have been combined into 1 Set
For some reason this doesn't work for me. I get all kinds of problems when I run spamassassin -D --lint. I don't think it's a problem with the rule set, because it happens on the tripwire rule set also. Any ideas or pointers? I know this is very vague, so if anyone needs more information from me I'd be happy to provide what is needed. Without seeing the errors I can only guess. If you're getting errors on the rules, maybe you didn't get the full file, or maybe a line wrapped? Backhair has an EOF. Thanks, Jason -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jennifer Wheeler Sent: Wednesday, January 21, 2004 9:40 AM To: [EMAIL PROTECTED] Subject: [SAtalk] Popcorn Backhair have been combined into 1 Set Hello spam peeps Well I was going to hold off posting this until I had the time to edit the page explaining the Rule Sets, but I got a spam this morning, tagged only by this updated Backhair Set. I was irked enough (thinking these spams might be getting through on other machines) that I will go ahead and at least announce the change. [we all know that cd, I shant mention them] Adam Lopresto and I have recently begun working together on Chickenpox, and while working on that set, it occurred to him how to fix the limitations in Backhair, using similar ideas we're using in pox. This change in essence combines Backhair Popcorn. If you use this newest version of Backhair, you may delete the Popcorn Set. It covers the whole!silly obfu taggamut. I will update the page when I get some free time in the hopes of making this change more clear. I left Popcorn on there for now, but like I said, if you use Backhair version 1.1 (just posted it) you no longer (sniff sniff...) need Popcorn... ..That makes me very sad :'( Popcorn was my first ruleset. http://www.emtinc.net/spamhammers.htm Jenn/ifer -- 44 on new Backhair set ;) ...oooh the urge to say it! B..(cough cough) (cough cough cough) nah, best not to. --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] [OT] - The current state spam.
-Original Message- From: [EMAIL PROTECTED] [mailto:spamassassin-talk- [EMAIL PROTECTED] On Behalf Of Chris Santerre Sent: Wednesday, January 21, 2004 11:27 AM To: '[EMAIL PROTECTED]'; [EMAIL PROTECTED] Subject: RE: [SAtalk] [OT] - The current state spam. Yeah, we have had this same conversation on another list a week ago. We are saying by DEFAULT and ISP should block the ports, BUT it should be removed if asked, and FREE of charge. I'm sure the percentage of users who would request it would be like 5%. THen it would be easy to monitor traffic (not data) of those 5%. ISPs used to complain about the costs of hardware vs. traffic. I'd say this would help them in the long run. DON't raise my broadband bill, decrease the spam traffic on your net! I would certainly vote for this - if there was a vote. Spam certainly costs money to the recipients and the infrastructure that supports the recipients. We have not even discussed the benefit of minimizing the damage caused by viruses. Unfortunately, that is not a cost that an ISP believes it should share. I really don't think lawsuits would help. Could you imagine the argument? Your honor, we are suing the ISP because the Internet is not a friendly place and they are not keeping us safe. Their response: Your honor, we just build the roads. Don't get me wrong because I would love to see this also. But has anyone actually performed a study to compare the costs of installing, configuring, and maintaining firewalls/port blocking versus the cost savings of bolstering Email services? I can't guess but I don't believe it is trivial nor in the best financial interest of the ISP. I would believe that the cost would far outweigh any savings. An overwhelming majority of their customers don't even understand this discussion and their competition is not doing it so they have no competitive advantage either. The fact is the ISP most certainly WILL raise their price if they implement firewalls. What customer base wants that? Hell, I have talked to a lot of people about implementing a LinkSYS firewall in front of their home computer. The response is always the same - 2 questions and a response. 1) How much is it? 2) Who will install it for me? 3) You know, I don't have anything important on that machine anyway. Do you think that type of customer base gives a rip to force the hand of any ISP? --Larry --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] Popcorn Backhair have been combined into 1 Set
Here is the error. When I copy and paste into emacs it's showing that the lines didn't wrap. pop3:/etc/spamassassin# spamassassin --lint Failed to parse line in SpamAssassin configuration, skipping: descrfull J_BACKHAIR_33 /[\s]\w{3}\/?(?!(?:a(?:bbr|cronym|ddress|pplet|rea)?|b(?:ase(?:font)?|do|i g|lockquote|ody|r|utton)?|c(?:aption|enter|ite|o(scdescribe J_BACKHAIR_34 3 letters - Unsigfull J_BACK Failed to parse line in SpamAssassin configuration, skipping: fuls Failed to parse line in SpamAssassin configuration, skipping: descrfull J_BACKHscoreJ_BACKHAIR_42 1.0 Failed to parse line in SpamAssassin configuration, skipping: desfull J_BACKHs Failed to parse line in SpamAssassin configuration, skipping: defulls Thanks, Jason -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jennifer Wheeler Sent: Wednesday, January 21, 2004 11:10 AM To: 'Jason Crowe'; [EMAIL PROTECTED] Subject: RE: [SAtalk] Popcorn Backhair have been combined into 1 Set For some reason this doesn't work for me. I get all kinds of problems when I run spamassassin -D --lint. I don't think it's a problem with the rule set, because it happens on the tripwire rule set also. Any ideas or pointers? I know this is very vague, so if anyone needs more information from me I'd be happy to provide what is needed. Without seeing the errors I can only guess. If you're getting errors on the rules, maybe you didn't get the full file, or maybe a line wrapped? Backhair has an EOF. Thanks, Jason -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jennifer Wheeler Sent: Wednesday, January 21, 2004 9:40 AM To: [EMAIL PROTECTED] Subject: [SAtalk] Popcorn Backhair have been combined into 1 Set Hello spam peeps Well I was going to hold off posting this until I had the time to edit the page explaining the Rule Sets, but I got a spam this morning, tagged only by this updated Backhair Set. I was irked enough (thinking these spams might be getting through on other machines) that I will go ahead and at least announce the change. [we all know that cd, I shant mention them] Adam Lopresto and I have recently begun working together on Chickenpox, and while working on that set, it occurred to him how to fix the limitations in Backhair, using similar ideas we're using in pox. This change in essence combines Backhair Popcorn. If you use this newest version of Backhair, you may delete the Popcorn Set. It covers the whole!silly obfu taggamut. I will update the page when I get some free time in the hopes of making this change more clear. I left Popcorn on there for now, but like I said, if you use Backhair version 1.1 (just posted it) you no longer (sniff sniff...) need Popcorn... ..That makes me very sad :'( Popcorn was my first ruleset. http://www.emtinc.net/spamhammers.htm Jenn/ifer -- 44 on new Backhair set ;) ...oooh the urge to say it! B..(cough cough) (cough cough cough) nah, best not to. --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
Re: [WL] [SAtalk] Yikes.. rules_du_jour
- Original Message - From: Chris Thielen [EMAIL PROTECTED] To: Jay Levitt [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Wednesday, January 21, 2004 3:01 AM Subject: Re: [WL] [SAtalk] Yikes.. rules_du_jour On Mon, 2004-01-19 at 22:11, Jay Levitt wrote: One problem: If a spamassassin --lint fails (because if you, oh, had outdated directives in your sa-mimedefang.cf file), then once you correct that, on the next run, rules_du_jour won't update anything, because it thinks everything is up to date. Jay, Version 1.06 will now re-apply any changes that are pending (due to, for example, the scenario above). Also, check out the example munge scripts I put up: http://www.exit0.us/index.php/RulesDuJourMungeScripts Finally, as of today (version 1.06b) RulesDuJour includes ANTIDRUG and EVILNUMBER configured by default. POPCORN has been removed from the default config. Thanks to whoever added configs for ANTIDRUG and EVILNUMBER to the wiki. -- Chris Thielen Easily generate SpamAssassin rules to catch obfuscated spam phrases (0BFU$C/\TED SPA/\/\ P|-|RA$ES): http://www.sandgnat.com/cmos/ --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk Great work Chris! But how about this?? Have Rules_Du_Jour update itself! Of course it would be nice if it could keep it's modified settings (/etc/mail/spamassasin, and [EMAIL PROTECTED], etc...).. but perhaps that would complicate things.. perhaps a .conf file that the rulesdujour reads, so that we can make global changes that new versions won't overwrite? No worries though, it's a great tool exactly as it is! --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
[SAtalk] Spamassassin doesn't appear to be running...?
Please excuse me if this is obvious, but I have tried to RTFM and I can't figure out why I'm still seeing no SA info in my headers (no indication that SA is doing anything). My ISP installed SA 2.60 on a RedHat 7.0 box. Using Webmin, I can see the module installed and I see Spamassassin in the bootup list (and it IS showing as Started). Under running processes I see: /usr/bin/spamd -d -c -a -m5 -H My SA module has the following info: SA config file: /etc/mail/spamassassin/local.cf Full path to SA: /usr/bin/spamassassin Procmail config file: /etc/procmailrc SA daemon process: spamd amavisd Procmail has these two entries: Feed to program: /usr/bin/spamc Append to file: spam Matches regular expression: ^X-Spam-Status: Yes I don't understand what I'm missing, or why I'm not seeing any SA info in my headers. Can anyone help me figure out what else I could be missing?? Thanx, Wm webmaster @ second glance . net --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
Re: [SAtalk] [OT] - The current state spam.
Sorta what I was getting to. Auto mechanics fix cars. PC-Techs (pretty good lot of them - some even unemployed) out there fix computers. I just think people should accept that they need to pay a pc-tech to come in once every few months to look their system over. Just like they need to take their car in every few months for an oil change. :/ I don't understand, I have antivirus software. When was the last time you updated it? Update? :-) If i had a dollar for the number of times I heard something like that... And sorta goes back to my point of RTFM. There's little reasons most software companies distribute these little paper back objects called manuals (some on cd with nice video instructions). They alert the user to some nuances that obviously newer people fail to comprehend. Such as the fact new viruses come out everyday and the software doesn't auto-magically know about them :) I'd also bet if you start making things auto-update - we'll start having people complaining about the software taking over their computer :) I understand many users become frustrated easily, and for some reason believe they must be some genius programmer to be able to keep software current, or install a firewall. Maybe after a few more years, when the next younger generation becomes a majority, we won't have to hear about the inability to comprehend update and patch because they are programming terms. But then again - the whole downside to this (better educated users) for every administrator out there, is we now have millions instead of thousands of experts out there to tell us what we're doing wrong on the job. :) Just can't win. - Original Message - From: Chris Santerre [EMAIL PROTECTED] To: 'Keith Dowell' [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Wednesday, January 21, 2004 11:13 AM Subject: RE: [SAtalk] [OT] - The current state spam. I agree and disagree :) How many times have you heard this: I don't understand, I have antivirus software. When was the last time you updated it? Update? :-) I know tons of people with broadband connections that might be on only a few times a week. Some don't even notice their cpu is slower. I also know some pretty intelligent people that despite what they try, still end up with trojans and viruses from their kid's downloads. I say that your average middle class family will just never fully understand how to handle a computer on the net. They are busy scratching out a living. It needs to be made safer by the people who understand it. I can only effect my immediate family/friends. And despite my best efforts, they still get whacked now and then. Airbags make me safer. But there wasn't anyway in hell I was going to install them myself :) --Chris -Original Message- From: Keith Dowell [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 21, 2004 11:43 AM To: [EMAIL PROTECTED] Subject: Re: [SAtalk] [OT] - The current state spam. I made this point on a mimedefang list. Some people didn't really like it. Computers are too complicated for people to be responsible some said. So I tried equating it to maintaining your car in that, if your car smokes and causes pollution - it is NOT the manufacturers responsibility to come fix your car. It's your responsibility to take it to the nearest mechanic. If it smokes too much the police might just have to remove you from the road for other peoples safety. What I got in return to that was - Yeah sure, but doesn't relate. Auto manufacturers don't put out buggy cars like microsoft puts out buggy software. Hmm... good point - but doesn't microsoft put out these things called patches? Is it not the users responsibility to maintain their software (vehicle) but obtaining these patches (tune up). I don't see how this doesn't equate. It's the same friggin thing. If you are going to put yourself on the internet then you should be held accountable for what happens to your computer. It isn't microsoft/linux 's responsibility to educate users. It's their own responsibility to educate themselves or suffer the consequences. You have to think of this in terms of the dsl/cable connections. Everyone is now always on which in essence makes them like a little open node on the internet. The government is NOT responsible, NOR the ISP, NOR the software manufacturer for maintaining safety of these little nodes. I'm sorry, but I will not see this any other way. The government doesn't know their head from their ass as far as the internet, the ISP should only be responsible for shutting the nodes down originating from their own network, and the software manufacturers should make patches available when they fix bugs. The USER is/SHOULD BE held responsible to secure, maintain, upgrade, etc etc their little node. Too complicated? Then they don't need to be on the net all the time (or period for that matter as far as I'm
Re: [SAtalk] better whitelisting - using feedback?
On Wed, 21 Jan 2004, Gary Funck wrote: One of the speakers at Spamcon 2004, talked about the effectiveness of automatically generated white lists. As I recall, his scheme depended upon two sources of info: the mail addresses that typically appeared in your To: From: and Cc: lines in your corpus of ham, during training and automatically collected from similar info. in mail that you send out. This of course assumes that you don't correspond directly with spammers. g I'm not sure I'd do this. One day (for a bunch of reasons) I whitelisted my own address, and promptly got a bunch of spam from myself. I was wondering how this might be integrated with SA. In particular, how does one intercept addresses on the outbound mail route? Would this be done in some sort of milter (like mimedefang, if you're using sendmail as your MTA)? It seemed to me that if one can build a more effective white list, that the number of false positives can be reduced considerably, and thus, the spam cut-off could be lowered, making sure more actual spam makes it over the dam. Separate question (may be a faq): is there a database (SQL, etc) implementation of from/received white lists? This would make updating a whitelist easier, and more efficient than hacking the user_prefs file, for example. --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk -- Jack Gostl [EMAIL PROTECTED] --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
[SAtalk] Export spam from Outlook in order to run sa-learn
Title: Export spam from Outlook in order to run sa-learn Anyone got any idea how to export spam messages from Outlook 2000 that spamassassin is missing in order to run sa-learn? Thanks, Rob.
[SAtalk] Re: Spam Assassin as a Filter then Forward Mail to MS Exchange
This is the same setup that I use with a Mandrake mail server and it works pretty well. We use Exchange on a SBS setup with the POP3 connector, but I'm in the process of changing that to use SMTP delivery. Documentation for SA could really be improved; I see the same questions being asked and answered all the time, because there is a lack of clear, understandable documentation. I can tell you that you will run into some problems with Exchange -- one of them is the way Exchange/Outlook handle (strip) the message headers. I set up a couple of public folders for users to move messages into. If any get past SA, they can put them in the public spam folder and if there are any false positives they can put those in the ham folder. Make sure that Outlook users *move*, not forward messages. Or they can open the message and choose Actions | Resend, which will retain header info. From there, the challenge is to get them out of Exchange in a format that retains all the header information so you can use them to train SA. After trying many different methods, I found that I can use Mozilla's Thunderbird mail client (mozilla.org) to grab the messages thru IMAP. If you set it up to download and save a local copy then they're in Linux mbox format in Thunderbird's mail directory. Just move those files to the Linux box and run sa-learn with the --mbox flag. Others talk of using IMAP enabled scripts on the Linux box, but I find this method gives me more positve control and the ability to review the messages before they are sent back to SA. After all, you can't trust users to always do the right thing -- I've found some hams in the public spam folder and vice versa. If you have any other questions I'm sure you'll find the people in this forum very helpful. Good luck! - FB --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
Re: [SAtalk] This spam scores too low
Thanks for your very helpful answers. Jürgen --On 21.01.2004 11:56 +0100 Jürgen R. Plasser wrote: Hi all, in the last view days I experienced some (for me) strange kind of spam. The first part of the email is a random text (that's what I see in my email client when opening the email): ... --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] Popcorn Backhair have been combined into 1 Set
-Original Message- From: [EMAIL PROTECTED] [mailto:spamassassin- [EMAIL PROTECTED] On Behalf Of Jason Crowe Sent: Wednesday, January 21, 2004 12:21 PM To: [EMAIL PROTECTED] Subject: RE: [SAtalk] Popcorn Backhair have been combined into 1 Set Here is the error. When I copy and paste into emacs it's showing that the lines didn't wrap. pop3:/etc/spamassassin# spamassassin --lint Failed to parse line in SpamAssassin configuration, skipping: descrfull J_BACKHAIR_33 /[\s]\w{3}\/?(?!(?:a(?:bbr|cronym|ddress|pplet|rea)?|b(?:ase(?:font)?| do |i g|lockquote|ody|r|utton)?|c(?:aption|enter|ite|o(scdescribe J_BACKHAIR_34 3 letters - Unsigfull J_BACK Failed to parse line in SpamAssassin configuration, skipping: fuls Failed to parse line in SpamAssassin configuration, skipping: descrfull J_BACKHscoreJ_BACKHAIR_42 1.0 Failed to parse line in SpamAssassin configuration, skipping: desfull J_BACKHs Failed to parse line in SpamAssassin configuration, skipping: defull s I reuploaded the file to the site. Looks like the problem is with my file. Try downloading again and see if you still get errors. Thanks, Jason -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jennifer Wheeler Sent: Wednesday, January 21, 2004 11:10 AM To: 'Jason Crowe'; [EMAIL PROTECTED] Subject: RE: [SAtalk] Popcorn Backhair have been combined into 1 Set For some reason this doesn't work for me. I get all kinds of problems when I run spamassassin -D --lint. I don't think it's a problem with the rule set, because it happens on the tripwire rule set also. Any ideas or pointers? I know this is very vague, so if anyone needs more information from me I'd be happy to provide what is needed. Without seeing the errors I can only guess. If you're getting errors on the rules, maybe you didn't get the full file, or maybe a line wrapped? Backhair has an EOF. Thanks, Jason -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jennifer Wheeler Sent: Wednesday, January 21, 2004 9:40 AM To: [EMAIL PROTECTED] Subject: [SAtalk] Popcorn Backhair have been combined into 1 Set Hello spam peeps Well I was going to hold off posting this until I had the time to edit the page explaining the Rule Sets, but I got a spam this morning, tagged only by this updated Backhair Set. I was irked enough (thinking these spams might be getting through on other machines) that I will go ahead and at least announce the change. [we all know that cd, I shant mention them] Adam Lopresto and I have recently begun working together on Chickenpox, and while working on that set, it occurred to him how to fix the limitations in Backhair, using similar ideas we're using in pox. This change in essence combines Backhair Popcorn. If you use this newest version of Backhair, you may delete the Popcorn Set. It covers the whole!silly obfu taggamut. I will update the page when I get some free time in the hopes of making this change more clear. I left Popcorn on there for now, but like I said, if you use Backhair version 1.1 (just posted it) you no longer (sniff sniff...) need Popcorn... ..That makes me very sad :'( Popcorn was my first ruleset. http://www.emtinc.net/spamhammers.htm Jenn/ifer -- 44 on new Backhair set ;) ...oooh the urge to say it! B..(cough cough) (cough cough cough) nah, best not to. --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on
Re: [SAtalk] [OT] - The current state spam.
On Wed, 2004-01-21 at 11:43, Keith Dowell wrote: I made this point on a mimedefang list. Some people didn't really like it. And I made almost the exact same point here recently... Computers are too complicated for people to be responsible some said. IMHO, if it's too complicated, you shouldn't have one. So I tried equating it to maintaining your car in that, if your car smokes and causes pollution - it is NOT the manufacturers responsibility to come fix your car. It's your responsibility to take it to the nearest mechanic. If it smokes too much the police might just have to remove you from the road for other peoples safety. I used the car accident anology: if you have defective equipment that causes an accident, you're liable. End of discussion... What I got in return to that was - Yeah sure, but doesn't relate. Auto manufacturers don't put out buggy cars like microsoft puts out buggy software. No, but cars _do_ need maintenance. Just like Computers. I submit that Antivirus Software and patching is quite comparable to general automotive tune-ups. Hmm... good point - but doesn't microsoft put out these things called patches? Is it not the users responsibility to maintain their software (vehicle) but obtaining these patches (tune up). Yup. The sticking point I was presented was this (and I forget who submitted it, but it got me thinking and for that I say damn you!!! ;^): If you change the analogy from You didn't maintain your car and ran into someone/ thing with it to Someone _stole_ your car and smashed into something with it then the comparison of responsibility becomes harder to make. (and I didn't reply at the time cause the thread was WAY OT, but now it's back and I can't resist opening my trap again) However, I think of it like this: If you leave you car sitting on the roadside, in the city, engine running, key in the ignition, and with defective brakes, and some opportunistic scumbag jumps in and promptly clears out an office building, do you not bear at least *some* responsibility? I would argue that you do. If you knew it was unsafe, should you not have turned it off at least, and perhaps garaged the thing so it didn't cause any damage? And to take the noxious fumes analogy further (which I like a LOT): If you don't maintain your car, and it develops a bad habit of belching noxious smoke everywhere it goes, is it your fault? Even if someone else is driving the car (with or without your knowledge), the smoke it's putting out is a direct result of your negligent/ irresponsible patterns of use. So you can't blame the thief for the smoke at all. You can certainly take him to task for stealing your pollution-mobile, but perhaps the thief wouldn't have stolen your car, except that you broke the keys off in the locks, and the windows are stuck down (because you didn't take care of that either), so all he had to do was get in and drive. rant that I agree with deleted But the gist of my argument was not so much who's at fault for the car accident/ air pollution, but who should be held responsible for the damages caused by said issue. In the automotive analogy, it would be like receiving a large fine if your car doesn't pass the emissions test (i.e. to pay for the environmental damage your car caused while out of compliance), on top of having to repair it so it passes. Currently, if your rig doesn't pass (in the states where they have emission testing), you simply fail the test, and have to fix the car and test again. I believe that human nature being what it is, it won't take a lot of people getting slapped with a hit to their pocketbook before the masses start taking better care of their equipment. We live in a world dominated by money; so the way to get things done (unfortunately) is to hit them where it hurts: in their bank accounts. After all, isn't that what makes the roads safe? No one wants a ticket from Officer Friendly for their defective equipment. Rubin (who in younger, dumber times, received more defective equipment citations that I care to admit) Bennett (shamelessly stealing Chris thought of the moment Santerre's idea...) -- Rubin Bennett [EMAIL PROTECTED] RB Technologies signature.asc Description: This is a digitally signed message part
RE: [SAtalk] Popcorn Backhair have been combined into 1 Set
this change more clear. I left Popcorn on there for now, but like I said, if you use Backhair version 1.1 (just posted it) you no longer (sniff sniff...) need Popcorn... So if I grab Jennifer's backhair I don't need any popcorn? There must be some hidden meaning there. As hairy as my Backhair is getting, no telling what is in there any more! I can tell you the popcorn is in there... (thinking I should get a monkey) Jennifer I've removed popcorn from the default list of thinggies to snag in RulesDeJour. -- Chris Thielen Easily generate SpamAssassin rules to catch obfuscated spam phrases (0BFU$C/\TED SPA/\/\ P|-|RA$ES): http://www.sandgnat.com/cmos/ --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] Popcorn Backhair have been combined into 1 Set
Thanks, that is better, but I am still showing a parse error on j_backhair_37. Thanks for your patience. :) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jennifer Wheeler Sent: Wednesday, January 21, 2004 11:37 AM To: 'Jason Crowe'; [EMAIL PROTECTED] Subject: RE: [SAtalk] Popcorn Backhair have been combined into 1 Set I reuploaded the file to the site. Looks like the problem is with my file. Try downloading again and see if you still get errors. --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] Popcorn Backhair have been combined into 1 Set
Okay, I think I found out what went wrong. I think emacs is doing something to the file when I paste the rule set into it. Sorry and thanks, Jason -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason Crowe Sent: Wednesday, January 21, 2004 11:47 AM To: [EMAIL PROTECTED] Subject: RE: [SAtalk] Popcorn Backhair have been combined into 1 Set Thanks, that is better, but I am still showing a parse error on j_backhair_37. Thanks for your patience. :) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jennifer Wheeler Sent: Wednesday, January 21, 2004 11:37 AM To: 'Jason Crowe'; [EMAIL PROTECTED] Subject: RE: [SAtalk] Popcorn Backhair have been combined into 1 Set I reuploaded the file to the site. Looks like the problem is with my file. Try downloading again and see if you still get errors. --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] Spamassassin on Suse 9.0?
OK, downloaded the source rpm and (i think) sucessfully built it into the pm files, however I'm getting the following when installing: perl(Pod::Usage) is needed by perl-Mail-SpamAssassin-2.62-1 perl(HTML::Parser) is needed by perl-Mail-SpamAssassin-2.62-1 I've done a little digging and I think i need perl-PDL which I'm now downloading using Yast.. wondered if anyone's come across this problem before.. tempted just to use CPAN :-) rgds, Paul -Original Message- From: Paul Hutchings Sent: 21 January 2004 15:06 To: '[EMAIL PROTECTED]' Subject: [SAtalk] Spamassassin on Suse 9.0? Looking at changing from Redhat 9.0 to new hardware and thought given the redhat/fedora support/lifespam issues I'd look at Suse.. seems well regarded, well supported and has newbie-friendly admin tools even in console mode.. Any thoughts on the simplest way of installing spamassassin _and_ keeping it current? On Redhat I used CPAN, no problems with it, guess I'm not 100% sure on the benefits of doing it using CPAN vs RPM. Any other gotchas with Suse and Spamassassin that I should know of? Quick search of the archives didn't turn much up but it may be a case of knowing what to look for.. regards, Paul -- Paul Hutchings Network Administrator, MIRA Ltd. Tel: 44 (0)24 7635 5378, Fax: 44 (0)24 7635 8378 mailto:[EMAIL PROTECTED] --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
Re: [SAtalk] No To line in header
Well, your rule is pretty wildly off.. ToCc is going to look for a header named ToCc, not To headers and/or CC headers. header __TO_EXISTS exists:to header __CC_EXISTS exists:cc meta NO_TO_OR_NO_CC (!__TO_EXISTS || !__CC_EXISTS) Or perhaps you want meta NO_TO_AND_NO_CC (!__TO_EXISTS !__CC_EXISTS) It's not clear which logic you want. The first will trigger if either header is missing, the second will trigger only if both are missing. At 11:18 AM 1/21/2004, st semps wrote: Can someone tell me how to look for no To or CC field in the header. I get several emails sent to me like this and would like to score them. Best I could come up with is ToCc !~ /To|cc/i Can someone tell me how Im suppose to do this. Regards Steve Get advanced SPAM filtering on Webmail or POP Mail ... Get Lycos Mail! http://login.mail.lycos.com/r/referral?aid=27005 --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
Re: [SAtalk] No To line in header
Thanks for the help. You see I thought that ToCc was valid. I thought I had read that somewhere. Obviously Im wrong. Thank you. -- - Original Message - DATE: Wed, 21 Jan 2004 12:58:36 From: Matt Kettler [EMAIL PROTECTED] To: [EMAIL PROTECTED], [EMAIL PROTECTED] Cc: Well, your rule is pretty wildly off.. ToCc is going to look for a header named ToCc, not To headers and/or CC headers. header __TO_EXISTS exists:to header __CC_EXISTS exists:cc meta NO_TO_OR_NO_CC (!__TO_EXISTS || !__CC_EXISTS) Or perhaps you want meta NO_TO_AND_NO_CC (!__TO_EXISTS !__CC_EXISTS) It's not clear which logic you want. The first will trigger if either header is missing, the second will trigger only if both are missing. At 11:18 AM 1/21/2004, st semps wrote: Can someone tell me how to look for no To or CC field in the header. I get several emails sent to me like this and would like to score them. Best I could come up with is ToCc !~ /To|cc/i Can someone tell me how Im suppose to do this. Regards Steve Get advanced SPAM filtering on Webmail or POP Mail ... Get Lycos Mail! http://login.mail.lycos.com/r/referral?aid=27005 --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk Get advanced SPAM filtering on Webmail or POP Mail ... Get Lycos Mail! http://login.mail.lycos.com/r/referral?aid=27005 --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
Re: [SAtalk] No To line in header
At 01:02 PM 1/21/2004, st semps wrote: You see I thought that ToCc was valid. I thought I had read that somewhere. Obviously Im wrong. Actually, it apparently is valid.. my bad.. However, the string returned won't contain the To: or Cc: parts, just the email addresses. --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
[SAtalk] Re: This spam scores too low
On Wed, 21 Jan 2004 12:57:55 +0100, Ralf Vitasek [EMAIL PROTECTED] writes: Hi Jürgen! you need some rules for SA which can detect obfuscated spellings of those keywords like vagira, cilais a.s.o. heres a sample rule i normally use for such words body MY_OBF1 /((?!*censored*)(?:(?:[EMAIL PROTECTED]|@])|(?:v\W*[i|1]\W*[a|@]\W*g\W*r\W*[a|@])))/i describe MY_OBF1 body: contains obfuscated keyword *censored* score MY_OBF1 1.0 this rule would catch many many spellings (but surely not all) of *censored* which i'm not allowed to post on this list. :S drawback is that those rules are hard to write, i'm thinking about coding a template that can generate such rules out of keywords. or is there such a thing already? http://sandgnat.com/cmos/ Scott --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] Export spam from Outlook in order to run sa-learn
Title: Message I use an IMAP account. Move the message to an IMAP folder, then you have access to the source of the real message. Alternatively, I have used a product called "SpamSource" in the past that will copy the source of the message to the clipboard. Then you can paste it into notepad and create a message file to feed into SALEARN. SpamSource is freeware and you can probably find it by searching on the internet... If not, I guess I could see if I can figure out where I got it. Bret -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nicholson, RobSent: Wednesday, January 21, 2004 9:20 AMTo: #Spamassasin (E-mail)Subject: [SAtalk] Export spam from Outlook in order to run sa-learn Anyone got any idea how to export spam messages from Outlook 2000 that spamassassin is missing in order to run sa-learn? Thanks, Rob.
[SAtalk] New tax Phish?
I'm just got 2 of these. I'm not sure if the product is legit, but it does look like it is. It was sent from yourdeals47.com. Which screams spam, and is listed in a few RBLs. I'm thinking we will start seeing a lot more spam with Taxes in it now. If this product is legit and not a scam, then why oh why on earth would they hire a spammer. Also the products website is no where to be found in the email source. Only thru a redirect. I'm thinking the product website should be larted just for hiring the spammers! mesg attached. Chris Santerre System Admin and SA Custom Rules Emporium keeper http://www.merchantsoverseas.com/wwwroot/gorilla/sa_rules.htm 'It is not the strongest of the species that survives, not the most intelligent, but the one most responsive to change.' Charles Darwin - Message-ID: [EMAIL PROTECTED] From: GHD TaxAct Info [EMAIL PROTECTED] To: Lisa Serrano [EMAIL PROTECTED] Subject: *SPAM* Prepare your Taxes Online for Free Date: Wed, 21 Jan 2004 12:18:31 -0500 X-Mailer: Internet Mail Service (5.5.2653.19) http://bf.mocda2.com/bannerfarm/60230/woman1.gif http://tr.yourdeals43.com/go/?rid=4002aoent=1uid=4324-2466559-39srgadv=2 Fast, Easy, Affordable! Plan your tax strategy, prepare your return, file fast?all for just $8.95! http://tr.yourdeals43.com/go/?rid=4003aoent=1uid=4324-2466559-39srgadv=2 TaxACT Online Standard is your free tax software solution brought to you by 2nd Story Software, the trusted value leader in tax software. Complete your tax return over the web faster and easier than ever! TaxACT includes commonly used forms and schedules, and reflects all of the latest tax laws. And, best of all, it's FREE! TaxACT prepares calculates your federal tax return quickly and allows you to print your return for free?all you have to do is mail it to the IRS. Or, to get your refund faster, e-file your return with TaxACT for only $7.95*. Plus, you can complete your state returns with TaxACT State Editions. Get Started Today! Click to register start your return http://tr.yourdeals43.com/go/?rid=4004aoent=1uid=4324-2466559-39srgadv=2 Start Now! http://bf.mocda2.com/bannerfarm/60230/spacer.gif http://bf.mocda2.com/bannerfarm/60230/woman3.jpg http://bf.mocda2.com/bannerfarm/60230/spacer.gif http://bf.mocda2.com/bannerfarm/60230/woman4.jpg http://bf.mocda2.com/bannerfarm/60230/spacer.gif http://tr.yourdeals43.com/go/?rid=4005aoent=1uid=4324-2466559-39srgadv=2 Trusted by Millions ? Over 8 million TaxACT returns filed. ? Developed by expert tax accountants and CPAs. http://tr.yourdeals43.com/go/?rid=4006aoent=1uid=4324-2466559-39srgadv=2 Simple to Use ? Convenient online format ? Easy to understand interview questions ? User-friendly interface ? If you can browse the web, you can do your own taxes with TaxACT. http://bf.mocda2.com/bannerfarm/60230/spacer.gif http://bf.mocda2.com/bannerfarm/60230/spacer.gif http://tr.yourdeals43.com/opened/?uid=4324-2466559-39 http://tr.yourdeals43.com/[EMAIL PROTECTED]uid=4324 -2466559-39src=11 --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
[SAtalk] Re: This spam scores too low
On 21 Jan 2004 12:13:40 -0600, Scott A Crosby [EMAIL PROTECTED] writes: On Wed, 21 Jan 2004 12:57:55 +0100, Ralf Vitasek [EMAIL PROTECTED] writes: Hi Jürgen! you need some rules for SA which can detect obfuscated spellings of those keywords like vagira, cilais a.s.o. heres a sample rule i normally use for such words body MY_OBF1 /((?!*censored*)(?:(?:[EMAIL PROTECTED]|@])|(?:v\W*[i|1]\W*[a|@]\W*g\W*r\W*[a|@])))/i describe MY_OBF1 body: contains obfuscated keyword *censored* score MY_OBF1 1.0 this rule would catch many many spellings (but surely not all) of *censored* which i'm not allowed to post on this list. :S drawback is that those rules are hard to write, i'm thinking about coding a template that can generate such rules out of keywords. or is there such a thing already? http://sandgnat.com/cmos/ You might want to reconsider your mailsystem, as my reply to you was considered UBE and it was bounced by tqsoft.de. Its very annoying to send messages where anyone replying to them will get a bounce. Scott --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
[SAtalk] RulesDuJour; minor change
Hi Chris, Small change for RulesDuJour: when sa is not in path lint will not succeed (line 313). Maybe you could add a variable that contains the path to sa in the settings? Erik --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] Not able to run sa-learn
I'd suggest turning on debug output with the -D parameter, and see where it gets stuck. Here's what I get: debug: Syncing Bayes journal and expiring old tokens... debug: lock: 21404 created /etc/MailScanner/bayes/bayes.lock.mystique.winnefox.org.21404 debug: lock: 21404 trying to get lock on /etc/MailScanner/bayes/bayes with 0 retries The trying to get lock on thing continues to repeat itself. Doesn't seem to matter whether MailScanner is running or not. Is something else trying to run that? - Jody --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] better whitelisting - using feedback?
I'm not sure I'd do this. One day (for a bunch of reasons) I whitelisted my own address, and promptly got a bunch of spam from myself. Good point, but all local addresses can (and must) be verified based upon the incoming gateway's Received: header. --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
[SAtalk] SpamAssassin 2.63 rpms srpm
SpamAssassin 2.63 SRPM: http://rpms.alerque.com/SRPMS/spamassassin-2.63-1.src.rpm SpamAssassin 2.63 RPMS compiled for PLD i686: http://rpms.alerque.com/RPMS/ --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] Not able to run sa-learn
Correction: the rm should rm bayes.lock, not bayes_*.lock. My typo. At 01:41 PM 1/21/2004, Jody Cleveland wrote: Here's what I get: debug: Syncing Bayes journal and expiring old tokens... debug: lock: 21404 created /etc/MailScanner/bayes/bayes.lock.mystique.winnefox.org.21404 debug: lock: 21404 trying to get lock on /etc/MailScanner/bayes/bayes with 0 retries The trying to get lock on thing continues to repeat itself. Doesn't seem to matter whether MailScanner is running or not. Is something else trying to run that? Could be a leftover lockfile from a session that crashed. You can forcibly clear the lockfile by: 1) Stop mailscanner, and make sure nothing else like a cron job is going to kick off bayes accesses when you do this 2) rm /etc/MailScanner/bayes/bayes_*.lock 3) restart and off you go --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] Not able to run sa-learn
At 01:41 PM 1/21/2004, Jody Cleveland wrote: Here's what I get: debug: Syncing Bayes journal and expiring old tokens... debug: lock: 21404 created /etc/MailScanner/bayes/bayes.lock.mystique.winnefox.org.21404 debug: lock: 21404 trying to get lock on /etc/MailScanner/bayes/bayes with 0 retries The trying to get lock on thing continues to repeat itself. Doesn't seem to matter whether MailScanner is running or not. Is something else trying to run that? Could be a leftover lockfile from a session that crashed. You can forcibly clear the lockfile by: 1) Stop mailscanner, and make sure nothing else like a cron job is going to kick off bayes accesses when you do this 2) rm /etc/MailScanner/bayes/bayes_*.lock 3) restart and off you go --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
[SAtalk] autolearn=fail
I have had Spamassassin running for long enough to have BAYES kick in. I realized the other day when I checked out all my rulesets with spamassassin -D --lint, I was getting a BAYES_0 test result. I never saw such a thing from my email. I figured out that I needed to specifically run spamc as root, and presto, I now get a Bayes test result on each email. However, I see in the headers that I am now just getting either an autolearn=no or autolearn=fail stamp on the end of the list. What else have I overlooked? Thanks Ben --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
Re: [SAtalk] RulesDuJour; minor change
On Wed, 2004-01-21 at 18:23, Erik Slooff wrote: Hi Chris, Small change for RulesDuJour: when sa is not in path lint will not succeed (line 313). Maybe you could add a variable that contains the path to sa in the settings? Erik Will do. Should have it up tomorrow, along with some other changes. -- Chris Thielen Easily generate SpamAssassin rules to catch obfuscated spam phrases (0BFU$C/\TED SPA/\/\ P|-|RA$ES): http://www.sandgnat.com/cmos/ --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
Re: [SAtalk] [OT] - The current state spam.
On Wed, Jan 21, 2004 at 12:13:26PM -0500, Chris Santerre [EMAIL PROTECTED] wrote: I know tons of people with broadband connections that might be on only a few times a week. Some don't even notice their cpu is slower. I also know some pretty intelligent people that despite what they try, still end up with trojans and viruses from their kid's downloads. I say that your average middle class family will just never fully understand how to handle a computer on the net. They are busy scratching out a living. I've had to deal with this myself. Specifically, a friend of mine has kids. This friend knows little about computers; his kids know less (and think they know more). Despite being quite handy with tools and similar, mechanical technology, my friend is completely at the mercy of his kids with respect to his computer. They do all kinds of things with/to it, and eventually the accumulated porn/virus/spyware starts to make the whole thing break. That's when he brings it to me and asks for help, and each time I absolutely boggle at the amount of damage his kids manage to do. The fact is, educating him won't work; he doesn't have the basic knowledge he needs to keep up with his kids (who obviously don't have jobs -- and thus a lot more spare time), and he doesn't have time to learn. Nor is he inclined to spend all his time chasing after problems with his computer. He just wants the thing to work. Certain operating systems make it very hard to lock down a system. Others make it a bit easier. Blaming Average Joe because he bought a computer using the dominant operating system at the time won't do any good, and he doesn't even deserve the blame because he's not making any claim to expertise in computing; he just got what the salesman sold him, and (most likely) wasn't offered a lot of choices. We can't expect everyone to be a computer expert. And if we want to convince people to bring their computer in for maintenance occasionally we need to fight the Redmond marketing engine that says they don't need to know anything about anything. The solution? I don't know. I don't like the idea of imposing broad restrictions on consumer internet access, because I like the idea of buying an open pipe, and I don't want to see a power shift from peer-to-peer internet towards client-server internet, even if most consumers are already in the client-server model. But nothing will be accomplished by berating the average end-users for not knowing about computers. The most appropriate response would be to demand Microsoft fix their software. -- Matthew Hunter ([EMAIL PROTECTED]) Public Key: http://matthew.infodancer.org/public_key.txt Homepage: http://matthew.infodancer.org/index.jsp Politics: http://www.triggerfinger.org/index.jsp --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
[SAtalk] Not able to run sa-learn
Hello, I'm running spamassassin 2.62 with MailScanner on redhat 9. What I'm trying to run is this: sa-learn -p /etc/MailScanner/spam.assassin.prefs.conf --spam --mbox /var/spool/mail/bayes But, it just sits there. Sa-learn --rebuild and --force-expire work fine. When I first upgraded from 2.61 to 2.62, it worked great. But, it only worked that one time. Is there something wrong with the command I'm running? -- Jody Cleveland ([EMAIL PROTECTED]) --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
[SAtalk] Why won't SA see my user_prefs?
I'm running SpamAssassin using spamd, and invoking on my own system through an entry in procmailrc. SpamAssassin runs fine and does indeed properly filter out a lot of spam. Yesterday, I added a number of rules to $HOME/.spamassassin/user_prefs. I ran /home/alayne/sausr/bin/spamassassin -D /tmp/testspam and it used the rules I added on the spam message. I read SA-rules-howto.txt -- it said I had to create /etc/mail/spamassassin/local.cf and put in the allow_user_rules option. So I created -rw-r--r--1 root root19 Jan 20 22:39 /etc/mail/spamassassin/local.cf which contains the one line: allow_user_rules 1 I killed and restarted spamd. The spam I was trying to catch doesn't seem to be going through the rules I added. What else do I have to do? Thanks for any help ... -- Alayne McGregor [EMAIL PROTECTED] People do get hypnotized by the hard choices, And stop looking for alternatives. The will to be stupid is a powerful force ... but there are always alternatives. -- Lois McMaster Bujold, _Brothers in Arms_ --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
Re: [SAtalk] autolearn=fail
On Wed, 21 Jan 2004 13:48:30 -0500 Ben Hanson [EMAIL PROTECTED] wrote: I have had Spamassassin running for long enough to have BAYES kick in. I realized the other day when I checked out all my rulesets with spamassassin -D --lint, I was getting a BAYES_0 test result. I never saw such a thing from my email. I figured out that I needed to specifically run spamc as root, and presto, I now get a Bayes test result on each email. However, I see in the headers that I am now just getting either an autolearn=no or autolearn=fail stamp on the end of the list. What else have I overlooked? Thanks Ben I am just getting into the auto_learn feature myself. However, you may want to rethink running SA as root. If you are using spamd, you need to start the daemon as root and do whatever your local mailer requires to drop to the privileges of the user receiving the mail. In the case of procmail, that is DROPPRIVS=yes in procmailrc. The auto_learn will work when running as a non-root user (spamd in my case). You must set the directory and file ownership properly for your etc/mail/spamassassin directory. This is the place for custom rules and where I told SA to look for my site wide Bayes db. The auto_learn only works for me when spamd as authority to do the update. There are couple of related config options to define the points at which mail is learned. See the man for Mail::SpamAssassin::Conf under auto_learn_threshold_nonspam and auto_learn_threshold_spam. Autolearn = no means that the threshold for nonspam or spam was not reached, hence no update. Not sure what =fail is, unless it is a permission problem. Alex --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] Not able to run sa-learn
Thanks! That took care of it. -Original Message- From: Matt Kettler [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 21, 2004 12:50 PM To: Jody Cleveland; '[EMAIL PROTECTED]' Subject: RE: [SAtalk] Not able to run sa-learn Correction: the rm should rm bayes.lock, not bayes_*.lock. My typo. At 01:41 PM 1/21/2004, Jody Cleveland wrote: Here's what I get: debug: Syncing Bayes journal and expiring old tokens... debug: lock: 21404 created /etc/MailScanner/bayes/bayes.lock.mystique.winnefox.org.21404 debug: lock: 21404 trying to get lock on /etc/MailScanner/bayes/bayes with 0 retries The trying to get lock on thing continues to repeat itself. Doesn't seem to matter whether MailScanner is running or not. Is something else trying to run that? Could be a leftover lockfile from a session that crashed. You can forcibly clear the lockfile by: 1) Stop mailscanner, and make sure nothing else like a cron job is going to kick off bayes accesses when you do this 2) rm /etc/MailScanner/bayes/bayes_*.lock 3) restart and off you go --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
[SAtalk] [Ruleset Update] EvilNumbers ver. 1.12 new language packs
Thanks to Sylvain, Doug K. Chris P. for their ideas on improving the rules! Changes: Added some more entries (many more to come within the next few days, just need time to process them) Changed (\s|-|\.) in phone numbers to \W+, file should require less memory to run, is easier to read and should be able to catch more OBFU'ed phone numbers. Created add-on language packs. (I have not tested these, so feedback would be great) Available for: de, es, fr and it Ruleset: http://www.merchantsoverseas.com/wwwroot/gorilla/evilnumbers.cf http://www.yackley.org/sa-rules/evilnumbers.cf Language packs: http://www.yackley.org/sa-rules/98_text_de_evilnumbers.cf http://www.yackley.org/sa-rules/98_text_es_evilnumbers.cf http://www.yackley.org/sa-rules/98_text_fr_evilnumbers.cf http://www.yackley.org/sa-rules/98_text_it_evilnumbers.cf --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
Re: [SAtalk] RulesDuJour; minor change
Chris Thielen wrote: On Wed, 2004-01-21 at 18:23, Erik Slooff wrote: Hi Chris, Small change for RulesDuJour: when sa is not in path lint will not succeed (line 313). Maybe you could add a variable that contains the path to sa in the settings? Erik Will do. Should have it up tomorrow, along with some other changes. Note, I added a rulesdujour rule set to the exit0 wiki this morning for William Stearn's black list since I find it quite usefull. --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk