from:"Tom Meunier"

RE: [SAtalk] new chicnpox --lint failed

2004-01-26 Thread Tom Meunier

Upgrade to 1.14. 

 -Original Message-
 From: [EMAIL PROTECTED] 
 [mailto:[EMAIL PROTECTED] On 
 Behalf Of Arpi
 Sent: Saturday, January 24, 2004 7:29 AM
 To: [EMAIL PROTECTED]
 Subject: [SAtalk] new chicnpox --lint failed
 
 Hi,
 
 After upgrading chichekpox to Version 1.11, spamassassin 
 --lint fails 


---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] thank you guys

2004-01-23 Thread Tom Meunier

I'll never complain about my old PII-400 taking 8.5 seconds to process a
message through spamd again.

-tom 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Thomas Kinghorn
Sent: Friday, January 23, 2004 4:32 AM
To: Spamassassin-Talk (E-mail)
Subject: [SAtalk] thank you guys

To all the contributors of SPAMASSASSIN, exiscan  sa-exim...

Thank you all

here are some stats for the last 4 weeks This is for 4 domains.
 
Total number of emails processed by the spam filter : 200942
Number of spams : 91592 ( 45.58%)
Number of clean messages:109350 ( 54.42%)
Average message analysis time   : 69.27 seconds
Average spam analysis time  : 84.67 seconds
Average clean message analysis time : 56.37 seconds
Average message score   :  4.37
Average spam score  : 15.17
Average clean message score : -4.68
Total spam volume   :   282 Mbytes
Total clean volume  :  1119 Mbytes


keep up the good work

PS...the new spamstats.pl works like a charm with exim...thanks to the
developer of that too.

you guys rule.

CYA

Tom




---
The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on
Open Tools Development and Integration See the breadth of Eclipse
activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk




---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Country codes

2004-01-09 Thread Tom Meunier

Since they rarely declare the TRUE country they're sending from, I'd
probably use the blackholes.us rbls.  And probably host them locally to
reduce DNS lookup time.

http://www.blackholes.us/docs/usage.html 

It only has zones for argentina, brazil, china, hong kong, japan, korea,
malaysia, mexico, nigeria, russia, singapore, taiwan, thailand and
turkey.

-tom

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Eric
Sent: Friday, January 09, 2004 9:27 AM
To: [EMAIL PROTECTED]
Subject: [SAtalk] Country codes

What are you doing for country codes?  If I want to mark all mail from
junkmail.com.tw or junkmail.com.au  what would be the best way to trap
all
the country codes?  should I OR it   ie
from ~= {\.com\.au|\.com\.tw| etc |etc} or is there a better way Thanks



---
This SF.net email is sponsored by: Perforce Software.
Perforce is the Fast Software Configuration Management System offering
advanced branching capabilities and atomic changes on 50+ platforms.
Free Eval! http://www.perforce.com/perforce/loadprog.html
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Continuing saga of runaway spamd

2004-01-07 Thread Tom Meunier

Interesting to me mostly because spamc/spamd by default won't even look
at a 1.2mb email.  I'm interested in how/where that happened. 

-tom 

 -Original Message-
 
 After we upgraded to SA 2.61 as was suggested by this list we 
 had a mail-machine crash again when spamd expanded beyond all 
 available memory.  As far as we can tell it was looking at a 
 1.2Mb Micro$oft Word e-mail, ham and sent to a very senior 
 person.  Spamd is set to limit children (to 10 I think) but 
 we still had this runaway.  The system manager is pushing for 
 withdrawing spamassassin as we cannot have the mail going 
 catatonic.  I am not responsible for this system, but was the 
 advocate for adding spamassassin, so this matters to me :-)
 


---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id78alloc_id371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Finding a rule to catch a particular spam

2004-01-07 Thread Tom Meunier

Pyzor and BigEvil nailed both of them. The second one hit a whole ton of
RBLs also.

 -Original Message-
 From: [EMAIL PROTECTED] 
 [mailto:[EMAIL PROTECTED] On 
 Behalf Of Geoff Soper
 Sent: Wednesday, January 07, 2004 4:18 PM
 To: Chris Santerre
 Cc: [EMAIL PROTECTED]
 Subject: * Probable SPAM * [SA-05.81] RE: [SAtalk] Finding a 
 rule to catch a particular spam
 
 Here they are, I hope they've extracted OK. So does anybody 
 have a way of catching them?
 
 Thanks,
 Geoff


---
This SF.net email is sponsored by: Perforce Software.
Perforce is the Fast Software Configuration Management System offering
advanced branching capabilities and atomic changes on 50+ platforms.
Free Eval! http://www.perforce.com/perforce/loadprog.html
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] BigEvil.cf

2004-01-05 Thread Tom Meunier

Start spamd with -D debug options and then tail -f /var/log/maillog
|grep -i bigevil 

 -Original Message-
 From: [EMAIL PROTECTED] 
 [mailto:[EMAIL PROTECTED] On 
 Behalf Of SAtalk Mail User
 Sent: Monday, January 05, 2004 11:04 AM
 To: [EMAIL PROTECTED]
 Subject: [SAtalk] BigEvil.cf

 Hello all,

 I am new to this list and have a question in regards to 
 bigevil.cf and other .cf files.  From the reading I noticed 
 that all you need to do is to put the bigevil.cf in the 
 /etc/mail/spamassassin directory and then restart spamd.  
 Once that is all done, how do you know if the files are 
 getting parsed?  Is there some kind of reporting that it does 
 in the maillog or in the headers of the email that gets parsed?

---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id78alloc_id371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Image-only spam

2003-12-21 Thread Tom Meunier

Before you play with the settings, consider updating to the current
version of SpamAssassin.  You're probably using 2.44; the current
version is 2.61.  At this point, that much spam getting through would be
expected behavior.

-tom

 -Original Message-
 From: [EMAIL PROTECTED] 
 [mailto:[EMAIL PROTECTED] On 
 Behalf Of Barry Callahan
 Sent: Sunday, December 21, 2003 4:05 PM
 To: [EMAIL PROTECTED]
 Subject: [SAtalk] Image-only spam
 
 I installed Spamassassin from a RedHat RPM as a test a day or 
 two ago, and it's properly flagging about 1/3 of the incoming 
 SPAM as such.  I have not played around with any of the settings yet.
 
 Half of what's getting through has a score of 3.6 - 4.0.  
 This is not the group that overly concerns me, as I'm sure I 
 can adjust things to get these properly detected.
 
 The other half of what's getting through, I'm not so sure 
 about.  It has a score of -1.1 - +1.1.  Yes, I'm getting SPAM 
 with a negative SPAM score.
 
 In all cases, the messages in the last group have the 
 following in common:
 
 1) They're Multipart Mime-formatted messages.
 2) A text/plain section exists, but contains only blank lines.
 3) The text/html section contains two or more HTML comments 
 containing random alphanumeric strings.
 4) The text/html section contains one or more image tags 
 which reference images on some random webserver.
 5) At least one of the images is a link.
 6) The text/html section contains absolutely no displayable text.
 
 So, an example of what the text/html section might contain is:
 
 htmlbody
 center!--l25cxq1atrz--a href=REMOVED!--srQ3lVIGl6vp--img
 src=REMOVED border=0/a/center
 /html/body
 
 Is anyone else seeing SPAM like this?
 Would anyone be able to make suggestions on how to go about 
 writing a ruleset to tag these?
 
 Thanks.
 
 Barry
 
 
 
 
 ---
 This SF.net email is sponsored by: IBM Linux Tutorials.
 Become an expert in LINUX or just sharpen your skills.  Sign 
 up for IBM's Free Linux Tutorials.  Learn everything from the 
 bash shell to sys admin.
 Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
 ___
 Spamassassin-talk mailing list
 [EMAIL PROTECTED]
 https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
 
 


---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id78alloc_id371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] importing spam from exchange users for sa-learn?

2003-12-18 Thread Tom Meunier

 -Original Message-
 From: [EMAIL PROTECTED] 
 [mailto:[EMAIL PROTECTED] On 
 Behalf Of AltGrendel
 Sent: Thursday, December 18, 2003 7:54 AM
 To: SA-Talk
 Subject: RE: [SAtalk] importing spam from exchange users for sa-learn?

 
 Wasn't there a big issue with public folders stripping off 
 the original email headers and replacing them with something else? 



It doesn't beat 'em up too badly.  Here's one I just pulled out of an
Exchange 2000 Public Folder.


---

Microsoft Mail Internet Headers Version 2.0
Received: from NAV.courts.state.tx.us ([10.mun.g.ed]) by
email.courts.state.tx.us with Microsoft SMTPSVC(5.0.2195.6713);
 Fri, 5 Dec 2003 01:42:22 -0600
Received: from relay-sa.courts.state.tx.us ([10.mun.ge.d2])
 by NAV.courts.state.tx.us (SAVSMTP 3.0.0.39) with SMTP id
M2003120501422119000
 for [EMAIL PROTECTED]; Fri, 05 Dec 2003
01:42:21 -0600
Received: by relay-sa.courts.state.tx.us (Postfix, from userid 500)
id 546974A4FE; Fri,  5 Dec 2003 01:42:19 -0600 (CST)
Received: from 1.mail-out.ovh.net (1.mail-out.ovh.net [213.186.33.82])
by relay-sa.courts.state.tx.us (Postfix) with ESMTP id
59C7E4A4FF
for [EMAIL PROTECTED]; Fri,  5 Dec 2003
01:42:09 -0600 (CST)
Received: (qmail 3470 invoked by uid 503); 5 Dec 2003 04:31:36 -
Received: from b2.ovh.net (HELO 60gp.ovh.net) (213.186.33.52)
  by 1.mail-out.ovh.net with DES-CBC3-SHA encrypted SMTP; 5 Dec 2003
04:31:36 -
Received: by 60gp.ovh.net (Postfix, from userid 16757)
id 71705262D2; Fri,  5 Dec 2003 05:31:57 +0100 (CET)
To: [EMAIL PROTECTED]
From: [EMAIL PROTECTED]
Subject: * Probable SPAM * [SA-06.37] CRUISES TO PLEASURE - Closing
Party.Modrophenia - Saturday 13th december 2003
Message-Id: [EMAIL PROTECTED]
Date: Fri,  5 Dec 2003 05:31:57 +0100 (CET)
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on
RELAY-SA
X-Spam-Report: 
*  0.2 NO_REAL_NAME From: does not include a real name
*  1.7 NO_COST BODY: No such thing as a free lunch (3)
*  2.7 SENT_IN_COMPLIANCE BODY: Claims compliance with spam
regulations
* -1.5 BAYES_01 BODY: Bayesian spam probability is 1 to 10%
*  [score: 0.0228]
*  1.5 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in
bl.spamcop.net
*  [Blocked - see
http://www.spamcop.net/bl.shtml?213.186.33.52]
*  0.1 CLICK_BELOW Asks you to click below
*  1.8 AWL AWL: Auto-whitelist adjustment
X-Spam-Status: Yes, hits=6.4 required=5.0
tests=AWL,BAYES_01,CLICK_BELOW,
NO_COST,NO_REAL_NAME,RCVD_IN_BL_SPAMCOP_NET,SENT_IN_COMPLIANCE 
autolearn=no version=2.60
X-Spam-Level: **
Return-Path: [EMAIL PROTECTED]
X-OriginalArrivalTime: 05 Dec 2003 07:42:22.0093 (UTC)
FILETIME=[515E33D0:01C3BB03]

 


---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id78alloc_id371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] importing spam from exchange users for sa-learn?

2003-12-18 Thread Tom Meunier

 -Original Message-
 From: Tony Hoyle [mailto:[EMAIL PROTECTED] 
 Sent: Thursday, December 18, 2003 8:41 AM
 To: Tom Meunier; AltGrendel; SA-Talk
 Subject: RE: [SAtalk] importing spam from exchange users for sa-learn?

  
 Interesting... what did you set on exchange to make it do that?
 
 Here's what it does when I try it:
 
 X-MimeOLE: Produced By Microsoft Exchange V6.0.6375.0


Compare the headers.  Mine was dragged  dropped into a public folder
from a mailbox, using Outlook.  Yours looks like it was forwarded to a
mail-enabled public folder.

-tom


---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id78alloc_id371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] importing spam from exchange users for sa-learn?

2003-12-18 Thread Tom Meunier

 

 -Original Message-
 From: [EMAIL PROTECTED] 
 [mailto:[EMAIL PROTECTED] On 
 Behalf Of AltGrendel
 
 We're running Exchange 2k that was upgraded from 5.5, which 
 was upgraded from ...(you get the idea). Anyway, I'm still 
 seeing the old header style and I'm wondering if it's not an 
 issue with upgrade vs clean install. 
 

Mine was also an upgrade from Exchange 5.5.  Well, it was done as a
swing server upgrade - I introduced the 2000 box into the 5.5 site,
moved all the mailboxes  public folders to the 2000 server, then
decommissioned the 5.5 box.

-tom


---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id78alloc_id371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Bayes Corpus Project

2003-12-11 Thread Tom Meunier

What would differentiate the proposed public corpus from the public
corpus at http://www.spamassassin.org/publiccorpus/? 

-tom

 -Original Message-
 From: [EMAIL PROTECTED] 
 [mailto:[EMAIL PROTECTED] On 
 Behalf Of Adam Denenberg
 Sent: Thursday, December 11, 2003 8:10 AM
 To: [EMAIL PROTECTED]
 Subject: [SAtalk] Bayes Corpus Project
 

 
  What i want to start is a Bayes Corpus Project.  I would 
 like to be able to allow people to submit confirmed ham 
 and/or spam to a large bayes corpus repository (or maybe just 
 spam)  where people could then download (or somehow do an 
 sa-learn remotely) to an ongoing updated bayes corpus.



---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id78alloc_id371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Detecting strings of Gibberish

2003-12-11 Thread Tom Meunier

http://www.wot.no-ip.com/cgi-bin/detoken.pl

Most of the gibberish I see is encoded tracking information.  I plugged
in my domain name to the little script thingy, saved the .cf file, and
it catches 'em like crazy.

-tom

 -Original Message-
 From: [EMAIL PROTECTED] 
 [mailto:[EMAIL PROTECTED] On 
 Behalf Of Larry Starr
 Sent: Thursday, December 11, 2003 9:50 AM
 To: [EMAIL PROTECTED]
 Subject: [SAtalk] Detecting strings of Gibberish
 
 I have noticed that many SPAM emails, end with seversl lines 
 of gibberish, such as:
 
   lvwpdfobv qkviylqr qlmwacbc hpimhdty
   mdmrkb lvivhdc xovwul wpcxeqj
   lhaxomaje vrucjj ybxegs
 
 
 Has anyone developed a rule that can detect this sort of 
 thing?  Perhaps a check for n consecutive words, at the end 
 of the body, none of which are in a dictionary?
 


---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id78alloc_id371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Exchange 2000 + SpamAssassin + Postfix

2003-11-13 Thread Tom Meunier

 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of 
 Guentert Matthias

 
 I have successfully installed spamassassin on my linux server which 
 runs postfix as mta. Our Exchange 2000 server pops the emails from the

 linux server which stands in the dmz.

Stop doing that right now.  POP3 is for single mailboxes, not
server-to-server SMTP replacement.  Just have postfix forward the mail,
acting as simply a relay box.  Dump that POP3 connector kludge - there's
no place for that on a mail server.


 spamassassin recognizes spam very well and adds the X-SPAM tag. Now i 
 am able to set rules in my outlook to filter email headers for this 
 tag and then act in any kind i want. But i dont want to expect all the

 employees in our bureau to set such a filter themselves. Am i able to 
 set a kind of global filter in exchange

Not really.  Best is to give them a nice document telling them how to do
it.

 or have i overred something in the 
 spamassassin docu on how to perform this task?

Procmail?

 The best would
 be to send all incoming spam to one email adress for later analyzes.

Procmail?   


---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] SecuritySage spam filters and Postfix/SpamAssassin integration

2003-11-13 Thread Tom Meunier

 -Original Message-
 From: [EMAIL PROTECTED] 
 [mailto:[EMAIL PROTECTED] On 
 Behalf Of Kenneth Porter

  http://www.securitysage.com/guides/postfix_uce.html
 
 I just got some mail bounced by an ISP using this setup and 
 after reviewing the details, it looks like the system is set 
 up backwards: It does its own all-or-nothing header checks 
 that SA already takes care of, causing heavy-handed 
 rejections of false positives, instead of letting SA look the 
 message over and using the combined score of several 
 indicators to make the decision

It's my experience that many people think that being listed on an RBL or
not having rDNS properly set up or pipelining ESMTP is reason enough to
drop an SMTP conversation.  Yeah, that's their business decision, and
they think YOU  I have it backwards for wasting cpu cycles and disk
space when you should've 550ed during the conversation.  If their users
tolerate it, that's up to them.  :|

-tom




---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] How do I catch obfuscated characters?

2003-11-13 Thread Tom Meunier

You'll want to look at http://www.exit0.us/index.php/MaskedWordList

Take a gander at the link to Chris' Mediocre ObfuScript, which is soon
(I hear) to be upgraded to Chris' Somewhat Adequate ObfuScript. 

-tom

 -Original Message-
 From: [EMAIL PROTECTED] 
 [mailto:[EMAIL PROTECTED] On 
 Behalf Of Michael Howell
 Sent: Thursday, November 13, 2003 3:33 PM
 To: [EMAIL PROTECTED]
 Subject: [SAtalk] How do I catch obfuscated characters?
 
 Hi all.  
 
 I'm new to the list, and I'm trying to figure out a way of 
 detecting words with obfuscated characters (i.e. @pp!3, 
 app13 = apple).
 
 I set up a test something like this:
 
 /(?:a|4|@)pp(?:l|1|!)(?:e|3)/i
 
 This will catch @pp!3 and app13, but it also catches 
 apple.  Can anyone help me work the regex so it skips the 
 word if it's spelled normally?


---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] spamassasin without the mess

2003-11-11 Thread Tom Meunier

You've just described how spamassassin works.

So I'm pretty certain the you don't want to sit at a command line,
saving your mails to text files, and checking them one-by-one.  What is
it that you would LIKE to do, really?  Chances are someone's already
doing it.  Do you have a non-*n?x enterprise mail server that you want
to check incoming mail for?  Do you simply have a single mailbox that
you would like to use spamassassin on?  

-tom 

 -Original Message-
 From: [EMAIL PROTECTED] 
 [mailto:[EMAIL PROTECTED] On 
 Behalf Of Tyler Montbriand
 Sent: Tuesday, November 11, 2003 1:09 PM
 To: [EMAIL PROTECTED]
 Subject: [SAtalk] spamassasin without the mess
 
 Not having ever run a UNIX mail server, I find the existing 
 documentation and configuration info for spamassasin quite 
 mystifying.  I'd prefer not to go with the UNIX method of 
 handling mail and mailboxes, and I certainly don't want it 
 screwing with my ISP's smtp server.  I'd like to just cut out 
 all the mess - I want to just install and use spamassasin as 
 a direct text filter.  
 Like, 
 
 cat spam_message.txt | filtermail  filtered_message.txt
 
 Is this possible, or am I sol?
 


---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Filtering on returned mails not written with my mail client

2003-11-08 Thread Tom Meunier

No.  How would this be a bug?  By definition it would have to be a
custom rule, since you've specified that it be user-specific and custom
header specific.  Such a rule would work for nobody in the universe but
Wolfgang Rohdewald.

-tom


 -Original Message-
 From: [EMAIL PROTECTED] 
 [mailto:[EMAIL PROTECTED] On 
 Behalf Of Wolfgang Rohdewald
 Sent: Saturday, November 08, 2003 8:14 AM
 To: [EMAIL PROTECTED]
 Cc: [EMAIL PROTECTED]
 Subject: [SAtalk] Filtering on returned mails not written 
 with my mail client
 
 Hi,
 
 I'm new on this list, hoping this is not a FAQ (at least I 
 found no such rule and no bug report)
 
 Is there a rule saying
 
 oh - this mail claiming to be from me has been returned as 
 undeliverable.
 But is has not been written with the mail client(s) I use - 
 so it must be spam.
 (or - it does not contain a custom X-Header I always add)
 
 If not, I will open a bug report.
 
 I don't think I can do this with mail filters since the 
 original mail may have been
 base64 encoded.
 
 I am using spamassassin 2.60 on debian unstable.
 
 --
 Wolfgang


---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Is bl.spamcop.net gone?

2003-11-08 Thread Tom Meunier

 -Original Message-
 
  IIRC, bl.spamcop.net isn't supposed to resolve.  Try running an RBL 
  query against it instead of trying to resolve it.
  
  
 Surely it has to resolve to *something* - the NS records have 
 gone as well.
 
 Tony
 
No, it doesn't have to.  When you query against bl.spamcop.net, you take
the connecting server's IP address, reverse it, and query for that
record.  If it answers 127.0.0.2 it's listed, if it errors out, it's
not.

i.e. 1.2.3.4 connects, your server queries DNS for
4.3.2.1.bl.spamcop.net.  127.0.0.2 

It's never necessary to simply query for bl.spamcop.net itself.

nslookup -q=ns bl.spamcop.net gives:

Non-authoritative answer:
bl.spamcop.net  nameserver = blns4.spamcop.net
bl.spamcop.net  nameserver = blns11.spamcop.net
bl.spamcop.net  nameserver = blns6.spamcop.net
bl.spamcop.net  nameserver = blns8.spamcop.net
bl.spamcop.net  nameserver = blns5.spamcop.net
bl.spamcop.net  nameserver = blns9.spamcop.net
bl.spamcop.net  nameserver = blns10.spamcop.net

blns4.spamcop.net   internet address = 194.109.6.147
blns11.spamcop.net  internet address = 209.92.188.201
blns6.spamcop.net   internet address = 209.198.142.146
blns8.spamcop.net   internet address = 66.6.205.130
blns5.spamcop.net   internet address = 198.145.240.35
blns9.spamcop.net   internet address = 208.39.222.166
blns10.spamcop.net  internet address = 206.67.234.226


---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] scoring system and values...

2003-11-07 Thread Tom Meunier

The CASHCASHCASH rule tests for the string '$$$' not for the phrase
CASH! CASH! CASH!
The ADDRESSES_ON_CD rule caught almost as much ham when tested against a
half-million message corpus as it did spam.
The BLANK_LINES_90_100 caught MORE ham than it did spam.

http://search.cpan.org/src/JMASON/Mail-SpamAssassin-2.60/rules/STATISTIC
S-set1.txt

The reality is that you THINK these should be higher, but they're not as
indicative of spam as you THINK they are.  This has been empirically
tested with a statistically significant sample.  Click the link above
and you'll see the results of the testing on that corpus.


I think that since you work in an environment that does not tolerate any
mention of the word v?a?ra you should score these rules higher in your
local.cf file.  That's the beauty of being able to simply put 
score ADDRESSES_ON_CD 97.0 in your own config files.

-tom

 -Original Message-
 From: [EMAIL PROTECTED] 
 [mailto:[EMAIL PROTECTED] On 
 Behalf Of maarten van den Berg
 Sent: Friday, November 07, 2003 3:25 PM
 To: [EMAIL PROTECTED]
 Subject: Re: [SAtalk] scoring system and values...
 
 But put yourself in my place. Upon looking at those rules I 
 see al LOT of inconsistencies. For instance, I found these 
 rules that have score of zero(!) (and these are merely the 
 top of a large iceberg)
 
 score CASHCASHCASH 0
 score ADDRESSES_ON_CD 0
 score BLANK_LINES_90_100 0
 score EJACULATION 0
 score HERBAL_V+AG+A 0
 
 One could argue that yelling CASH CASH CASH is a valid sales 
 pitch in a normal mail. But hey, are we being realistic here 
 ?  How could anything but spam have this property ?  For 
 addresses_on_cd one could argue that it IS possible to have 
 such a statement in a regular email (albeit that's already stretching
 it) but then I would retort that although possible it would 
 stand to reason to give it at LEAST a score of 0.5 or so, but 
 not _zero_!  And the third, well, it could be a misconfigured 
 client, but still, is an email that is 90% thin air worth 
 of being treated as a valid email?  And the fourth...  of 
 course you will find ejaculation in many many forums but, 
 again, give it at 
 least some low figure but NOT equal zero...
 And...  well I won't even go into the fifth rule... come on ;-)


---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Razor2 Custom scores?

2003-11-06 Thread Tom Meunier

Since I'm stupid, you'll want to test this thoroughly.  

In 20_body_checks.cf you'll find:

bodyRAZOR2_CF_RANGE_11_50   eval:check_razor2_range('11','50')
bodyRAZOR2_CF_RANGE_51_100  eval:check_razor2_range('51','100')
tflags  RAZOR2_CF_RANGE_11_50   net
tflags  RAZOR2_CF_RANGE_51_100  net
describe RAZOR2_CF_RANGE_11_50  Razor2 gives confidence between 11 and
50
describe RAZOR2_CF_RANGE_51_100 Razor2 gives confidence between 51 and
100 

And in 50_scores.cf you'll find:
score RAZOR2_CF_RANGE_11_50 0 0.559 0 0.876
score RAZOR2_CF_RANGE_51_100 0 1.552 0 1.101

Narrow those body rules down with ('11','50') and ('51','89') and change
the names.  Add a rule for ('90','100') and add a score appropriately.

Like I said, I'm stupid, so test it first.  :)

-tom

 -Original Message-
 From: [EMAIL PROTECTED] 
 [mailto:[EMAIL PROTECTED] On 
 Behalf Of Robert Leonard III
 Sent: Thursday, November 06, 2003 10:07 AM
 To: Spamassassin-Talk (E-mail)
 Subject: [SAtalk] Razor2 Custom scores?
 
 My system has only two scoring options for the Razor2 
 matches.. 0-50, and 51-100.. I'd like to score those with a 
 confidence of 90+ higher than those with at 51..
 
 What is the syntax to add to my local.cf files to allow this 
 to happen.. or can it happen?
 
 Thanks!


---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] RE: [RD] spam sentences

2003-11-06 Thread Tom Meunier

VSNL is, I believe, the largest ISP in India or at least in the top 2.
I'd tread lightly on blocking them if you do business with India at all.

-tom

 -Original Message-
 From: [EMAIL PROTECTED] 
 [mailto:[EMAIL PROTECTED] On 
 Behalf Of Chris Santerre
 Sent: Thursday, November 06, 2003 10:36 AM
 To: 'Colin A. Bartlett'; [EMAIL PROTECTED]
 Subject: [SAtalk] RE: [RD] spam sentences
 
 I noticed something last night regarding this certain spam, 
 the unsub IP is the same for all! I noticed my evilrules was 
 hitting on 203.197.204.157. Did a quick search:
 
 This has ALL the makings of a spamhost. The main page is just 
 a image for, Cris inc. - mail worldwide. which would be odd 
 since the site is in India!
 Whois info at end of this message.
 
 I would say pretty much everyone can block that IP at the 
 firewall if they wanted to. I'm thinking on blocking the 
 whole /16 block, as we don't do business with India. 
 
 I did not contact the ISP. They are likely spammer friendly. 
 


---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Best Blacklists

2003-11-05 Thread Tom Meunier

Matt, thanks for this.  It's a great resource.  However, I'm wondering
why the following were scored as zero and thus don't have numbers to
support their efficacy or lack thereof:

  0.000   0.   0.0.500   0.110.00  RCVD_IN_SORBS_BLOCK
  0.000   0.   0.0.500   0.110.00  RCVD_IN_MAPS_RSS
  0.000   0.   0.0.500   0.110.00  RCVD_IN_MAPS_RBL
  0.000   0.   0.0.500   0.110.00  RCVD_IN_MAPS_DUL
  0.000   0.   0.0.500   0.110.00  RCVD_IN_MAPS_NML
  0.000   0.   0.0.500   0.110.00
RCVD_IN_BL_SPAMCOP_NET 

-tom

 -Original Message-
 From: [EMAIL PROTECTED] 
 [mailto:[EMAIL PROTECTED] On 
 Behalf Of Matt Kettler
 Sent: Tuesday, November 04, 2003 3:19 PM
 To: Steve Heggood; [EMAIL PROTECTED]
 Subject: Re: [SAtalk] Best Blacklists
 

 
 just use: grep RCVD_IN_ STATISTICS-set1.txt
 
 
 As a quick example:
 OVERALL%   SPAM% HAM% S/ORANK   SCORE  NAME
   39.058  56.1503   0.20420.996   0.981.10  RCVD_IN_DSBL
 
 This means that DSBL match 39% of all email in the test, 
 56.15% of the spam, and 0.2042% of the nonspam.
 
 By comparison NJABL didn't do nearly as well, it got about 
 the same amount of spam, but over 10x more nonspam.
 
   41.161  57.6715   3.63220.941   0.840.10  RCVD_IN_NJABL
 
 OPM has impressively low nonspam hit rate, but it's spam hit 
 rate isn't quite as high as some others (less than half the 
 spam hit rate of DSBL, but 1/50th the nonspam hit rate):
 15.868  22.8473   0.00401.000   0.954.30  RCVD_IN_OPM
 
 


---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Are these blacklists widely used, anywhere?

2003-11-05 Thread Tom Meunier

No, but you can enable it if you like.  Their web site tells you how.  
Just save this text as /etc/mail/spamassassin/something.cf

http://www.ahbl.org/using/spamassassin.txt

 -Original Message-
 From: [EMAIL PROTECTED] 
 [mailto:[EMAIL PROTECTED] On 
 Behalf Of Nigel Featherston
 Sent: Wednesday, November 05, 2003 7:58 PM
 To: [EMAIL PROTECTED]
 Subject: [SAtalk] Are these blacklists widely used, anywhere?
 
 I would like to know if SpamAssassin uses the following blacklists:
 
 rhsbl.ahbl.org
 dnsbl.ahbl.org
 
 And I would also like to know under what conditions they are 
 enabled (i.e. by default, etc.)
 
 (Not a SpamAssassin user at the moment.)
 
 Thanks,
 Nigel


---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] a new rule

2003-11-05 Thread Tom Meunier

If it's already 100% sure that it's spam, how is it helpful to train it
that it's spam?  It's not like it's going to be 110% sure that it's
spam.  It's already trained!

Not trying to be a wise-ass, I've just seen this question come up fairly
often, and can't wrap my head around it.

-tom

 -Original Message-
 From: [EMAIL PROTECTED] 
 [mailto:[EMAIL PROTECTED] On 
 Behalf Of Chris Barnes
 Sent: Wednesday, November 05, 2003 2:09 PM
 To: [EMAIL PROTECTED]
 Subject: [SAtalk] a new rule
 
 How hard would it be to create a new rule for BAYES scoring 
 that IS used by autolearn?
 
 Specifically, when I see this:
 * BAYES_99 BODY: Bayesian spam probability is 99 to 100%
 *  [score: 1.]
 
 in the header, I'm fairly comfortable with having it autolearnt and
 letting my .procmailrc script send it straight to /dev/null.  
  However,
 since BAYES scores are not used in deciding whether or not 
 autolearn is used, this rarely happens.
 
 So a new rule of BAYES_100 (for scores that are 100%), that 
 is used would be helpful.  How?
 


---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Patterns and load, progress???

2003-11-05 Thread Tom Meunier

Example 1.  Use spamc/spamd, it defaults to only scanning messages under
250k and you can change that limit with spamc's -s switch.

Example 2.  What version of Spamassassin are you running?  There's a
whole ton of tests based upon the ratio of image to text.

-tom




From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Brian Kerhin
Sent: Tuesday, November 04, 2003 3:43 AM
To: [EMAIL PROTECTED]
Subject: [SAtalk] Patterns and load, progress???


I've been working hard to build a network that stops spam from
entering mail boxes, but I'm getting tired of what appears to be
solutions to problems that don't need solving.
 
EXAMPLE:
Message comes in that is 13 Megs (big attachment) - message
goes quickly through spamassassin, but sits in postfix's header and body
check filters for 30 minutes?
Question: Why even bother scanning something that big, no
spammer has that much bandwidth to waste on one attempt, a setting would
be nice to ignore spam on large messages.
 
EXAMPLE 2 - the worst
We've gotten VERY good at blocking text messages, I get almost
NON in my mail box, what I do get is the goofy subject line followed by
the single gif or jpg image of nasty stuff people want you to buy, if
that's not enough the drug companies come in there.
Question: Why not filter more when message size is LOW and image
content is there.
 
Can this be built into spamassassin or something else?  How are
you all dealing with this?
 
Thanks,
Brian




---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Problems with bayes forgetting in 2.60

2003-11-03 Thread Tom Meunier

John, if you run the email through 
Spamassassin -tD mail.txt |more then you should be able to see which
tokens it's finding, and the weight it's giving.  Perhaps that
particular email contains tokens which have been found in several
learnable hams as well. If you save the output at the initial test, and
then test again when this happens, you may see that those tokens get
weighted differently.
-tom

 -Original Message-
 From: [EMAIL PROTECTED] 
 [mailto:[EMAIL PROTECTED] On 
 Behalf Of Stewart, John
 Sent: Monday, November 03, 2003 1:13 PM
 To: '[EMAIL PROTECTED]'
 Subject: [SAtalk] Problems with bayes forgetting in 2.60
 
 
 
 However, what I've noticed is that bayes seems to be 
 forgetting. I had a couple of mails I trained it on last 
 week, and immediately after learning them, it was hitting 
 BAYES_99. Today one is hitting BAYES_50, and the other is not 
 hitting any bayes rules, which I take to mean the check_bayes 
 algorithm is returning somethintg between 0.4999 and 0.5001, 
 as this is the only area not scored by some amount in the 
 23_bayes.cf file.
 


---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] spamd using up all system memory and swap space

2003-11-03 Thread Tom Meunier

-m 15 will limit it to 15 spamd instances.  Give that a shot.

I'm kinda surprised by how quickly this happens, though.

 -Original Message-
 From: [EMAIL PROTECTED] 
 [mailto:[EMAIL PROTECTED] On 
 Behalf Of Dennis Duval
 Sent: Monday, November 03, 2003 5:05 PM
 To: [EMAIL PROTECTED]
 Subject: [SAtalk] spamd using up all system memory and swap space

 I have created a script that monitors the number of spamd 
 processes running, and stops spamd, modifies 
 qmail-scanner-queue.pl to not use spamassassin, and sleeps 
 for 30 seconds if it detects that more than 15 instances are 
 running. 

---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] IP Blocks to kill at the firewall?

2003-10-25 Thread Tom Meunier

Okay, this is the sixth copy of this email that I've gotten.  Is it me,
is it sourceforge, or is it maybelline?

(Yeah, I know it's sourceforge, but I wanted to kvetch)

-tom 

 -Original Message-
 From: [EMAIL PROTECTED] 
 [mailto:[EMAIL PROTECTED] On 
 Behalf Of Chris Trudeau
 Sent: Thursday, October 23, 2003 4:18 PM
 To: John L; [EMAIL PROTECTED]
 Subject: Re: [SAtalk] IP Blocks to kill at the firewall?
 
 Found this linked from the Emporium :)
 
 http://www.stearns.org/sa-blacklist/sa-blacklist.current
 
 
 You can probably use this...
 
 CT
 


---
This SF.net email is sponsored by: The SF.net Donation Program.
Do you like what SourceForge.net is doing for the Open
Source Community?  Make a contribution, and help us add new
features and functionality. Click here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] IP Blocks to kill at the firewall?

2003-10-25 Thread Tom Meunier

Sweet.  27 hours for that to show up.  (And looking at headers it's the
ISP anyway, heh) 

 -Original Message-
 From: [EMAIL PROTECTED] 
 [mailto:[EMAIL PROTECTED] On 
 Behalf Of Tom Meunier
 Sent: Friday, October 24, 2003 8:47 AM
 To: [EMAIL PROTECTED]
 Subject: RE: [SAtalk] IP Blocks to kill at the firewall?
 
 Okay, this is the sixth copy of this email that I've gotten.  
 Is it me, is it sourceforge, or is it maybelline?
 
 (Yeah, I know it's sourceforge, but I wanted to kvetch)
 
 -tom 
 
  -Original Message-
  From: [EMAIL PROTECTED]
  [mailto:[EMAIL PROTECTED] On Behalf Of 
  Chris Trudeau


---
This SF.net email is sponsored by: The SF.net Donation Program.
Do you like what SourceForge.net is doing for the Open
Source Community?  Make a contribution, and help us add new
features and functionality. Click here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Bayes always 99%

2003-10-22 Thread Tom Meunier

Even on good mail?  Or only on Spam?  Because when I see spam, I'm 99%
sure it's spam, and a well-trained Bayes engine would be 99% sure also.

If it's on good mail that you're seeing 99%, every time, then your
database is screwed up and you should start over. 

 -Original Message-
 From: [EMAIL PROTECTED] 
 [mailto:[EMAIL PROTECTED] On 
 Behalf Of Scott Rothgaber
 Sent: Wednesday, October 22, 2003 7:37 AM
 To: [EMAIL PROTECTED]
 Subject: [SAtalk] Bayes always 99%
 
 My Bayes database finally got its 200 spams and hams and 
 kicked in. I've noticed, however, that it *always* says that 
 the probability is 99%. Is this normal?
 
 Thanks!
 Scott
 
 
 
 ---
 This SF.net email is sponsored by OSDN developer relations 
 Here's your chance to show off your extensive product 
 knowledge We want to know what you know. Tell us and you have 
 a chance to win $100
 http://www.zoomerang.com/survey.zgi?HRPT1X3RYQNC5V4MLNSV3E54
 ___
 Spamassassin-talk mailing list
 [EMAIL PROTECTED]
 https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
 
 


---
This SF.net email is sponsored by OSDN developer relations
Here's your chance to show off your extensive product knowledge
We want to know what you know. Tell us and you have a chance to win $100
http://www.zoomerang.com/survey.zgi?HRPT1X3RYQNC5V4MLNSV3E54
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] list of test gone

2003-10-21 Thread Tom Meunier

Sorry, I should've left a note.  I had brought it to the printers to get
a banner made, and thought I'd take it out for a nice ice cream sundae
too.  It's back now, though.

I put it at http://www.spamassassin.org/tests.html 

 -Original Message-
 From: [EMAIL PROTECTED] 
 [mailto:[EMAIL PROTECTED] On 
 Behalf Of Cliff Browning
 Sent: Tuesday, October 21, 2003 9:39 AM
 To: [EMAIL PROTECTED]
 Subject: [SAtalk] list of test gone
 
 I went to the spamassassin.org site today and the list of 
 tests is not there. Could you please put it back.
 
 Thanks
 
 Cliff
 
 
 
 ---
 This SF.net email is sponsored by OSDN developer relations 
 Here's your chance to show off your extensive product 
 knowledge We want to know what you know. Tell us and you have 
 a chance to win $100
 http://www.zoomerang.com/survey.zgi?HRPT1X3RYQNC5V4MLNSV3E54
 ___
 Spamassassin-talk mailing list
 [EMAIL PROTECTED]
 https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
 
 


---
This SF.net email is sponsored by OSDN developer relations
Here's your chance to show off your extensive product knowledge
We want to know what you know. Tell us and you have a chance to win $100
http://www.zoomerang.com/survey.zgi?HRPT1X3RYQNC5V4MLNSV3E54
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Auto learning and manual blacklists

2003-10-19 Thread Tom Meunier

  I have a pretty 
 comprehensive (and paranoid) list of blacklisted from 
 addresses that I *know* will only send spam.
 
 Is there any way I configure SA such that these will be used 
 to train the bayes?

Make a custom header rule for the domain, and score it with a crazy
amount of points.  The format I've stolen from somewhere on the rules
wiki - I'm too stupid to write a rule all by myself.  Keep in mind that
it won't autolearn unless you have a sufficient number of points in your
body AND your header.  I don't recall what these thresholds are, and I'm
too lazy to go look.  :)

header ZZZ_SPAMMER_COM ALL =~ /spammername\.com/i
describe ZZZ_SPAMMER_COM   Score spammername.com ridiculously high.
score ZZZ_SPAMMER_COM  98.6

-tom


---
This SF.net email sponsored by: Enterprise Linux Forum Conference  Expo
The Event For Linux Datacenter Solutions  Strategies in The Enterprise
Linux in the Boardroom; in the Front Office;  in the Server Room
http://www.enterpriselinuxforum.com
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] LOTS of mail being tagged wrong

2003-10-17 Thread Tom Meunier

 Train Bayes with sa-learn --ham using a sizable representative sample of the shipping 
company's known good email.

 -Original Message-
 From: [EMAIL PROTECTED] 
 [mailto:[EMAIL PROTECTED] On 
 Behalf Of Håkon Nilsen (Exinet AS)
 Sent: Friday, October 17, 2003 6:21 AM
 To: [EMAIL PROTECTED]; 
 [EMAIL PROTECTED]
 Subject: [SAtalk] LOTS of mail being tagged wrong

 Hi,

 This is a cross-message for MIMEdefang and SpamAssassin mailing lists.

 System: RH 7.3, Sendmail 8.12.10, SA 2.60, MIMEdefang 2.37

 I just added new domain relaying through my mailserver. The 
 users are ship brokers, and receive a _lot_ of mail from 
 around the world. The problem is that lots and lots of the 
 mails are tagged as spam.

 90% of the mails tagged as SPAM isn't spam. And that's not 
 very good. Here's the results of a mail:

  5.4 BAYES_99   BODY: Bayesian spam probability 
 is 99 to 100%

---
This SF.net email is sponsored by: SF.net Giveback Program.
SourceForge.net hosts over 70,000 Open Source Projects.
See the people who have HELPED US provide better services:
Click here: http://sourceforge.net/supporters.php
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Bayes location setting?

2003-10-17 Thread Tom Meunier

That's right.  It seems weird, doesn't it?  But basically, that setting
tells SA that the filenames are /usr/local/share/bayes_*

To achieve what you think it should be, you'd want to do bayes_path
/usr/local/share/bayes/bayes  - funny as that sounds. 

 -Original Message-
 From: [EMAIL PROTECTED] 
 [mailto:[EMAIL PROTECTED] On 
 Behalf Of Dave Bartmess
 Sent: Friday, October 17, 2003 12:19 PM
 To: SpamAssassin Email List
 Subject: [SAtalk] Bayes location setting?
 
 In my local.cf, I've got
 # Enable the Bayes system
 use_bayes   1
 bayes_path  /usr/local/share/bayes
 bayes_file_mode 0666
 
 But it seems to put the bayes_journal, etc in 
 /usr/local/share instead.
 


---
This SF.net email sponsored by: Enterprise Linux Forum Conference  Expo
The Event For Linux Datacenter Solutions  Strategies in The Enterprise
Linux in the Boardroom; in the Front Office;  in the Server Room
http://www.enterpriselinuxforum.com
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Spamassassin updates

2003-10-16 Thread Tom Meunier

 -Original Message-
 
 I'm Linux SysAdmin at the company I work for, I always 
 install everything from source.
 A colleague, a Windows SysAdmin, installs everything on his 
 Linux boxes from RPMs.
 
 What does that tell you? :)
 

Tells me we need a larger sample size.  I'm a Windows SysAdmin  I
install everything from source.

An ex-colleague who does third-tier Enterprise Redhat support for the
largest PC company in the world installs everything from RPMS.




---
This SF.net email is sponsored by: SF.net Giveback Program.
SourceForge.net hosts over 70,000 Open Source Projects.
See the people who have HELPED US provide better services:
Click here: http://sourceforge.net/supporters.php
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Automatic Unsubscribe

2003-10-14 Thread Tom Meunier

It's arguable whether that will unsubscribe them, or confirm to the
spammer that they've scored a direct hit, and make your users a more
valuable spam target.  Think about it: Is someone who just hijacked a
Taiwanese elementary school's mail server to send out necrophilia
pornography with forged headers, likely to honor their promise to
unsubscribe your users?

-tom

 -Original Message-
 From: [EMAIL PROTECTED] 
 [mailto:[EMAIL PROTECTED] On 
 Behalf Of Leon Oosterwijk
 Sent: Tuesday, October 14, 2003 8:28 AM
 To: [EMAIL PROTECTED]
 Subject: [SAtalk] Automatic Unsubscribe
 
 All, 
 
 I would like some feedback from you all on the following 
 idea. What if spamassassin followed unsubscribe links for all 
 emails that came through it's filter for emails that are 
 obviously spam. This way people would automatically get 
 unsubbed from some of these lists. 
 
 Leon


---
This SF.net email is sponsored by: SF.net Giveback Program.
SourceForge.net hosts over 70,000 Open Source Projects.
See the people who have HELPED US provide better services:
Click here: http://sourceforge.net/supporters.php
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Bayes not working.. On System Wide SA

2003-10-13 Thread Tom Meunier

Well, it depends.  If you run sa-learn and you're concerned that it's
not running, use the --showdots switch and it'll give you a progress
indicator.  Just go ahead and sa-learn  --ham a couple hundred hams real
quick, it'll start up from there.  No further config necessary.

-tom

 -Original Message-
 From: Robert Leonard III [mailto:[EMAIL PROTECTED] 
 Sent: Monday, October 13, 2003 1:00 PM
 To: Tom Meunier; [EMAIL PROTECTED]
 Subject: Re: [SAtalk] Bayes not working.. On System Wide SA
 
 Thanks for the tip.. I guess it was an addressing/permission 
 issue.. I see now, when I --lint -D that there are  200 in 
 my HAM db and the SPAM has now gone over 200 so I am assuming 
 it works.. do I need to do a..
 
 sa-learn --spam to actually implement the database?
 then a sa-learn --ham once that has passed the 200 level too?
 
 I've tried sa-learn --spam, but it goes for a LONG TIME.. is 
 that normal?
 I've never actually let it finish, thinking it was 'stuck'.. 
 but it may just take a long time..
 


---
This SF.net email is sponsored by: SF.net Giveback Program.
SourceForge.net hosts over 70,000 Open Source Projects.
See the people who have HELPED US provide better services:
Click here: http://sourceforge.net/supporters.php
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Not reading local.cf?

2003-10-13 Thread Tom Meunier

-H should list a directory other than the default home directory of the
user that's calling spamc.  Else, don't use it at all.
-m5 should be -m 5 I believe.

Other than that, Idunno.  Feel free to ignore me.

-tom



 -Original Message-
 From: [EMAIL PROTECTED] 
 [mailto:[EMAIL PROTECTED] On 
 Behalf Of Dave Bartmess
 Sent: Monday, October 13, 2003 9:02 PM
 To: SpamAssassin Email List
 Cc: Matt Kettler
 Subject: Re: [SAtalk] Not reading local.cf?
 
 OK, that doesn't work... I changed from:
   SPAMDOPTIONS=-d -c -a -m5 -H 
 to:
   SPAMDOPTIONS=-d -c -a -m5 -H -u root
 
 and now spamd won't start.


---
This SF.net email is sponsored by: SF.net Giveback Program.
SourceForge.net hosts over 70,000 Open Source Projects.
See the people who have HELPED US provide better services:
Click here: http://sourceforge.net/supporters.php
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] How to ignore attachments of a certain size?

2003-10-12 Thread Tom Meunier

 How do you call SpamAssassin?  Please be specific with your answer.  :)
If you use spamc/spamd it defaults to only scanning up to 250kb,
configurable with the -s switch.  No config file necessary, you set it
as a switch on the line that you call spamc with.
http://www.spamassassin.org/doc/spamc.html

 -Original Message-
 From: [EMAIL PROTECTED] 
 [mailto:[EMAIL PROTECTED] On 
 Behalf Of C. D. Tobola
 Sent: Sunday, October 12, 2003 7:55 PM
 To: [EMAIL PROTECTED]
 Subject: [SAtalk] How to ignore attachments of a certain size?
 
 One of my users periodically sends large office documents. 
 Unfortunately, scanning these files causes a time-out in Postfix.
 
 How do I go about setting Spamassassin so it passes along 
 large attachments without scanning them? (Please be specific 
 with your answer -- parameter to set and location of the 
 config file -- I'm new at this.)
 
 Thanks!   -Cloy 


---
This SF.net email is sponsored by: SF.net Giveback Program.
SourceForge.net hosts over 70,000 Open Source Projects.
See the people who have HELPED US provide better services:
Click here: http://sourceforge.net/supporters.php
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Bayes not working.. On System Wide SA

2003-10-12 Thread Tom Meunier

Okay, are you running spamassassin as root?  If not, you'll probably
want to specify bayes_path in your local.cf - so that when you do a
spamassassin -D it reflects the ACTUAL location of the Bayes databases.
Then run it again, and see if you actually have zero spams in the
database.  It will tell you in the output whether the user that's
calling SpamAssassin has sufficient rights to the /foo/bar/.spamassassin
directory and its files - if not, just go in and chmod and chown as
necessary.  (*n?x words confuse me; I'm a win32 admin)

I'm guessing that the debug info you're seeing logged on as root is not
accurate for troubleshooting purposes.

-tom 

 -Original Message-
 From: Robert Leonard III [mailto:[EMAIL PROTECTED] 
 Sent: Saturday, October 11, 2003 10:13 PM
 To: [EMAIL PROTECTED]
 Subject: [SAtalk] Bayes not working.. On System Wide SA
 
 Hi all.. Quick question.. I hope..
 I'm running SA 2.60 on RH9 and am trying to get Bayes to 
 autolearn..  I pass ALL my mail from this system to my 
 exchange server and host no local mailboxes.. While not 
 ideal, it is what I was asked to do for the company..
 I understand that Bayes can still work, though I have not 
 seen it do so.. I believe I have it enabled correctly in the 
 /etc/mail/spamassassin/local.cf file, and the 
 /usr/bin/spamassassin --lint -D data below looks to me as if 
 it is trying to work..
 


---
This SF.net email is sponsored by: SF.net Giveback Program.
SourceForge.net hosts over 70,000 Open Source Projects.
See the people who have HELPED US provide better services:
Click here: http://sourceforge.net/supporters.php
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] Popcorn Weeds Backhair

2003-10-12 Thread Tom Meunier

So I'm loving the rules http://spamhammers.nxtek.net/ that Jennifer
Wheeler wrote , but I'm up against a few (philosophical?) questions, and
would like to invite discussion.

I've noticed that about 95% of the time when these rules are hit,
they're listed as BAYES_99.  In this case, should I even bother?  I
guess they ensure that the 5% that are not BAYES_99 have more of a
chance of getting fed back into Bayes because of it, and that's A Good
Thing.

I've also considered dumping spammers at the MTA level before they are
even passed to SpamAssassin, using a homebrew RBL or something.  The
good part of this is that it would save traffic on my Postfix/SA gateway
box, then my AV box, then my mailserver (drive space here, too) itself.
The bad part is that these spams would then never get learned by Bayes.
I do blacklist defunct users at the Postfix level, and that actually cut
my spam traffic by over 50% by itself, but again this stuff never gets
learned in Bayes. 

Has anyone else juggled these questions?

-tom




---
This SF.net email is sponsored by: SF.net Giveback Program.
SourceForge.net hosts over 70,000 Open Source Projects.
See the people who have HELPED US provide better services:
Click here: http://sourceforge.net/supporters.php
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Too many rules?

2003-10-12 Thread Tom Meunier

Call it with spamd and limit the number of spamd processes with the -m
switch. 

For comparison sake, I have a light-volume postfix/spamd gateway server
that handles about 1000 messages per hour during business hours.  It's a
PII-400 with 512mb RAM.

I can't give you spamstats time statistics output with evilrules.cf, as
I simply blacklist_from *foo.tld offending domains to my blacklist.cf
file.

-tom


 -Original Message-
 From: Robert Leonard III [mailto:[EMAIL PROTECTED] 
 Sent: Saturday, October 11, 2003 10:09 PM
 To: [EMAIL PROTECTED]
 Subject: [SAtalk] Too many rules?
 
[   ]
 However When I implemented the gigantic evilrules.cf, 
 they worked great for about an hour.. Then the whole server 
 went into such a slow mode that I had to do a hard reboot 
 just to get it back.. It wasn't dead, but just so bogged down 
 that it couldn't function.  
[   ] 


---
This SF.net email is sponsored by: SF.net Giveback Program.
SourceForge.net hosts over 70,000 Open Source Projects.
See the people who have HELPED US provide better services:
Click here: http://sourceforge.net/supporters.php
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] SA memory utilization (Was: Evil rules HUGE update!

2003-10-12 Thread Tom Meunier

 -Original Message-
 From: Roger Merchberger [mailto:[EMAIL PROTECTED] 

[   ]
 
 2) Is there any way of setting up logging to know which rules 
 are being hit  which ones aren't without grabbing all of the 
 message headers? I'd like to be able to profile which rules 
 are being hit the hardest  which aren't

[   ]

I run spamd with the -D switch, and it logs full debug output to my
maillog file.  Then I look for the line in the maillog that lists all
the tests I hit, and identify and grep a unique string that appears on
that line:

(Lookit all the weeds!  Thanks Jennifer!)

# tail -f /var/log/maillog | grep required=5

Oct 12 20:21:37 spamassassin spamd[7196]: debug: is spam? score=-4.8
required=5 tests=BAYES_00,CLICK_BELOW
Oct 12 20:22:59 spamassassin spamd[7201]: debug: is spam? score=28.542
required=5
tests=BAYES_99,FROM_ENDS_IN_NUMS,HTML_FONTCOLOR_UNKNOWN,HTML_FONT_INVISI
BLE,HTML_MESSAGE,HTTP_ENTITIES_HOST,J_WEEDS_A,J_WEEDS_B,J_WEEDS_E,J_WEED
S_H,J_WEEDS_I,J_WEEDS_J,J_WEEDS_N,J_WEEDS_O,J_WEEDS_P,J_WEEDS_R,J_WEEDS_
S,J_WEEDS_W,J_WEEDS_Z,MSGID_FROM_MTA_SHORT,RCVD_IN_DSBL,RCVD_IN_NJABL,RC
VD_IN_NJABL_PROXY,RCVD_IN_RFCI,RCVD_IN_SORBS,RCVD_IN_SORBS_MISC,RCVD_IN_
SORBS_SMTP
Oct 12 20:23:06 spamassassin spamd[7215]: debug: is spam? score=115.041
required=5
tests=BAYES_99,CLICK_BELOW,EXCUSE_6,FORGED_MUA_MOZILLA,HTML_70_80,HTML_F
ONT_INVISIBLE,HTML_IMAGE_ONLY_04,HTML_LINK_CLICK_HERE,HTML_MESSAGE,MIME_
HEADER_CTYPE_ONLY,MIME_HTML_NO_CHARSET,MIME_HTML_ONLY,NORMAL_HTTP_TO_IP,
RCVD_IN_SBL,RCVD_IN_SORBS,T_AM_SPAMMY_SENDER,USER_IN_BLACKLIST,W_ROT13_B
_R

-tom


---
This SF.net email is sponsored by: SF.net Giveback Program.
SourceForge.net hosts over 70,000 Open Source Projects.
See the people who have HELPED US provide better services:
Click here: http://sourceforge.net/supporters.php
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Why SpamAssassin STOP FILTERING SPAM !!! HELP !!!

2003-10-08 Thread Tom Meunier

top-posting
Okay, so SpamAssassin is working fine.  The mail is properly marked up
when it leaves SpamAssassin at the original place SpamAssassin is
called.  Then the next process is what's marking it as 0.0.  It almost
looks as if it's running spamassassin twice, once on the original mail
and once on the already-scanned mail.  Perhaps during whatever adds that
funny X-UIDL header.  Follow the path that the email's taking between
Internet and final destination, and you'll see the place where the
process breaks down.

It's difficult to see because you're not including full headers.

-tom

 -Original Message-
 From: O-Zone [mailto:[EMAIL PROTECTED]
 Sent: Wednesday, October 08, 2003 9:39 AM
 To: David B Funk
 Cc: [EMAIL PROTECTED]
 Subject: Re: [SAtalk] Why SpamAssassin STOP FILTERING SPAM !!! HELP 
 !!!
 
 debug: running meta tests; score so far=1.27
 debug: is spam? score=1.27 required=5 tests=DATE_MISSING,NO_REAL_NAME
 
 but, at the present, i continue to get the same header in all spam 
 emails:
 
 
 Message-Id: [EMAIL PROTECTED]
 Date: Wed,  8 Oct 2003 12:58:53 +0200 (CEST)
 X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on 
   domini.tdsiena.it
 X-Spam-Level: 
 X-Spam-Status: No, hits=0.0 required=5.0 tests=none autolearn=ham 
 version=2.60
 X-UIDL: `%p!!nog!gXo!!M[J!!
 Status: R
 X-Status: N
 X-KMail-EncryptionState:  
 X-KMail-SignatureState:  
 ...


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] RBL check

2003-10-08 Thread Tom Meunier

Hi Doug,
The answer to your question varies depending on what version of
SpamAssassin you're using, and what RBL's you're seeing scores on.  This
is crucial information to answering your question.

Since this is a well-documented issue with versions before 2.60, I'm
going to assume that, and that you still have deprecated RBLs enabled.
You'll want to disable any RBLs that have been DDOS'd off the planet.
Visit http://news.spamassassin.org and see the articles entitled
orbs.dorkslayers.com no longer available 
And
Osirusoft Blocklists Dead

 -Original Message-
 From: Doug Crompton [mailto:[EMAIL PROTECTED] 
 Sent: Tuesday, October 07, 2003 8:47 AM
 To: SpamAssassin-Talk list
 Subject: [SAtalk] RBL check
 
 
 Are others having the degree of disatisfaction with the RBL 
 check that I am. It seems that seeminly legitimate sites are 
 being tagged as relay's.


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Why SpamAssassin STOP FILTERING SPAM !!! HELP !!!

2003-10-08 Thread Tom Meunier

top posting again  (I must be annoying SOMEBODY) 
Hi Oz, 
Which machine(s) have spamassassin?  I know domini does, but does siena
also have spamassassin? That would cause this behavior.

-tom


- headers -
On Wednesday 08 October 2003 13:25, you wrote:
 It's difficult to see because you're not including full headers.

here the full header of a spam e-mail:

Return-Path: [EMAIL PROTECTED]
X-Original-To: [EMAIL PROTECTED]
Delivered-To: [EMAIL PROTECTED]
Received: from 127.0.0.1 (localhost [127.0.0.1])
by siena.tdsiena.it (Postfix) with SMTP id EE6185801F
for [EMAIL PROTECTED]; Wed,  8 Oct 2003 13:06:16 +0200 (CEST)
Received: by siena.tdsiena.it (Postfix, from userid 1090)
id D06565801E; Wed,  8 Oct 2003 13:06:16 +0200 (CEST)
Received: from domini.tdsiena.it (domini.tdsiena.it [81.113.95.251])
by siena.tdsiena.it (Postfix) with ESMTP id D3A955801E
for [EMAIL PROTECTED]; Wed,  8 Oct 2003 13:06:12 +0200 (CEST)
Received: from 127.0.0.1 (localhost [127.0.0.1])
by domini.si.tdnet.it (Postfix) with SMTP id 09D743FCFD
for [EMAIL PROTECTED]; Wed,  8 Oct 2003 13:04:45 +0200 (CEST)
Received: by domini.tdsiena.it (Postfix, from userid 12612)
id E3FD02; Wed,  8 Oct 2003 13:04:44 +0200 (CEST)
Received: from mail.comenter (unknown [81.195.93.155])
by domini.tdsiena.it (Postfix) with ESMTP id BCC773FCFD
for [EMAIL PROTECTED]; Wed,  8 Oct 2003 13:04:41 +0200 (CEST)
Message-ID: [EMAIL PROTECTED]
From: Cindy Nicholas [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Vicodin, pain medication available95irjc2
Date: Wed, 08 Oct 2003 11:03:26 +
MIME-Version: 1.0
User-Agent: Mozilla/5.001 (windows; U; NT4.0; en-us) Gecko/25250101
Content-Type: text/html
Content-Transfer-Encoding: base64
X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on 
domini.tdsiena.it
X-Spam-Level: 
X-Spam-Status: No, hits=0.0 required=5.0 tests=none autolearn=ham
version=2.60
X-UIDL: $I6!!\L5!\-H!!/7E!
Status: R
X-Status: N
X-KMail-EncryptionState:  
X-KMail-SignatureState:  

Now ? Can you see something wrong ? Oz


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Why SpamAssassin STOP FILTERING SPAM !!! HELP !!!

2003-10-08 Thread Tom Meunier


 -Original Message-
 From: O-Zone [mailto:[EMAIL PROTECTED] 

 On Wednesday 08 October 2003 13:40, Tom Meunier wrote:
  top posting again  (I must be annoying SOMEBODY) Hi Oz, Which 
  machine(s) have spamassassin?  I know domini does, but does 
 siena also 
  have spamassassin? That would cause this behavior.
 
 Yes, also Siena have Spamassassin ! It's wrong ? Why ? :O
 
 Thanks a lot ! Oz
 
 --

It's wrong because Siena is not scanning an email from the Internet;
it's scanning an email from your internal server [domini].  These are
two different emails altogether.


---
This SF.net email is sponsored by: SF.net Giveback Program.
SourceForge.net hosts over 70,000 Open Source Projects.
See the people who have HELPED US provide better services:
Click here: http://sourceforge.net/supporters.php
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] 2.60 Problems

2003-10-07 Thread Tom Meunier

6 asterisks indicates it's not quite 7.0.  Probably 6.9something.  You
could add up the scores to verify if you really like, but that's what's
happening.

X-Spam-Level: **
X-Spam-Status: No, hits=7.0 required=7.0
tests=BAYES_10,DATE_IN_PAST_03_06,

HTML_FONTCOLOR_BLUE,HTML_FONTCOLOR_RED,HTML_FONT_BIG,HTML_MESSAGE,
MIME_HTML_ONLY,MIME_HTML_ONLY_MULTI,MISSING_MIMEOLE,
MISSING_OUTLOOK_NAME,RCVD_IN_DYNABLOCK autolearn=no version=2.60


 -Original Message-
 From: Jeffrey Wheat [mailto:[EMAIL PROTECTED] 
 Sent: Tuesday, October 07, 2003 8:01 AM
 To: [EMAIL PROTECTED]
 Subject: [SAtalk] 2.60 Problems
 
 I am seeing problems with 2.60 on a FreeBSD
 server, using exim as my mta. Emails are
 being tagged as having the required hits
 but are not being tagged as spam. 


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] OT: anti-spam email-only host

2003-10-07 Thread Tom Meunier

Sounds like Postini.  Or Messagelabs.  postini dot com or messagelabs
dot com. 

Messagelabs is using a modified SpamAssassin, iirc.

 -Original Message-
 From: Jonathan Vanasco [mailto:[EMAIL PROTECTED] 
 Sent: Tuesday, October 07, 2003 5:23 PM
 To: [EMAIL PROTECTED]
 Subject: [SAtalk] OT: anti-spam email-only host

 I remember seeing a while back an anti-spam email-only host.

 It had a crazy name, and worked like this:

 you have your mx point to their machine, and webmail/imap 
 handles multiple aliases so you can track/monitor/disable

 it was something like $25 a month, including domain -- anyone 
 remember this?

---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] spamd and -a option in 2.60?

2003-10-06 Thread Tom Meunier

It's the first option on the list if you type spamd  --help 

 -Original Message-
 From: Rob Mangiafico [mailto:[EMAIL PROTECTED] 
 Sent: Monday, October 06, 2003 1:10 PM
 To: [EMAIL PROTECTED]
 Subject: [SAtalk] spamd and -a option in 2.60?
 
 In the 2.60 docs, the -a auto whitelist parameter is no 
 longer listed as an option. Is it still supported? If not, 
 what do we set for using auto whitelists with spamd?
 


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] 50% Spam Reduction Rate

2003-10-06 Thread Tom Meunier

What version of SpamAssassin?  You can implement Razor, DCC, RBLs, and
train your Bayes up to 200 each of spam/ham to augment the tools at SA's
disposal.

-tom 

 -Original Message-
 From: David M. Carney [mailto:[EMAIL PROTECTED] 
 Sent: Monday, October 06, 2003 1:09 PM
 To: [EMAIL PROTECTED]
 Subject: [SAtalk] 50% Spam Reduction Rate

 I've only had spamassassin installed and operating for about 2 days.

 I don't normally get a lot of spam, but it only seems to be 
 stopping about half of all the spams that hit my mailbox.

 My ~/.procmailrc file is pretty much the sample that comes 
 with the docs.

 I am doing sa-learn on all the spams that get through. 

 Is there anything else that I can do?

---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] SA's recently slowed down for me!

2003-10-06 Thread Tom Meunier

You need to either upgrade to 2.60 or remove your Osirusoft and orbs
tests tests as specified in the article at http://news.spamassassin.org.
Those blocklists are dead and are waiting until your timeout.

-tom

 -Original Message-
 From: Jim Ford [mailto:[EMAIL PROTECTED] 
 Sent: Monday, October 06, 2003 1:19 PM
 To: [EMAIL PROTECTED]
 Subject: [SAtalk] SA's recently slowed down for me!

 Hi.

 I've been using SA 2.55 for some months now and it's been 
 working so well that I unsubscribed from the list. However, 
 in the past couple of days the processing by SA has slowed 
 down such that it halts and the server times out. It always 
 happens when 'untieing bayes', not as I initially exepected 
 when accessing network DBs. Here's a typical example:

 spamd[2217]: debug: is spam? score=27.9 required=5 
 tests=BAYES_90,DCC_CHECK,FORGED_MUA_OUTLOOK,HARDCORE_PORN,HOT_
 NASTY,HTML_60_70,HTML_FONT_BIG,HTML_TAG_BALANCE_TABLE,LIVE_POR
N,MIME_HTML_ONLY,OBFUSCATING_COMMENT,RCVD_IN_DSBL,RCVD_IN_OSIRUSOFT_COM,
TRACKER_ID,UPPERCASE_50_75
 spamd[2217]: logmsg: identified spam (27.9/5.0) for jim:1000 
 in 33.1 seconds, 1743 bytes.
 spamd[2217]: identified spam (27.9/5.0) for jim:1000 in 33.1 
 seconds, 1743 bytes.
 spamd[2217]: debug: bayes: 2217 untie-ing

 I've got a pretty slow machine, but it's been OK 'till now.

 Any ideas, please?

 (I see 2.60 is out. I'll probably migrate to it when I get 
 round to it.)

---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] spamassassin -tD creates higher score than MailScanner SpamAssassin

2003-10-06 Thread Tom Meunier

So you're saying that when you cut and paste the body of a spam into an
email, removing the spammer's headers, SpamAssassin doesn't rate your
headers as spammy as the spammer's headers?  And you include only the
spammy body, and it trips off all the spammy body checks?  That's to be
expected, isn't it?

 -Original Message-
 From: Chris T. [mailto:[EMAIL PROTECTED] 
 Sent: Monday, October 06, 2003 6:52 PM
 To: [EMAIL PROTECTED]
 Subject: [SAtalk] spamassassin -tD creates higher score than 
 MailScanner  SpamAssassin

 when I paste the
 contents of email-sample-spam.txt into an email and send it through
 MailScanner Version 4.23-11 it only scores a 2.064.

---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Highest Score

2003-10-03 Thread Tom Meunier

Look, there's a poll for this at 
http://news.spamassassin.org/modules.php?op=modloadname=NS-Pollsfile=index

Is it inappropriate to suggest that we see who's got the biggest thingy over there?

-tom


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Re: Pyzor in 2.60?

2003-10-03 Thread Tom Meunier

I've been able to re-discover pyzor servers (and it always winds up with the same 
server) and get pyzor working for a couple hours before the couldn't grok response 
'...TimeoutErrors' begins again.  I've disabled Pyzor and just written it off to my 
own ignorance.  Basically once it starts not grokking, it successfully queries roughly 
10% of the time.  And I've increased the timeout beyond belief, too.  Idunno.  
Disabled works for me, at this point.

 -Original Message-
 From: Robert Leonard III [mailto:[EMAIL PROTECTED]
 Sent: Friday, October 03, 2003 9:51 AM
 To: [EMAIL PROTECTED]
 Subject: Re: [SAtalk] Re: Pyzor in 2.60?
 
 
 The solution was given to me yesterday... and it, as many 
 solutions are, was
 easy.. if not obvious..
 
 On Pyzors website they state that their servers IP address 
 have changed and
 you need to run 'pyzor discover'...
 
 I did.. it re-discovered.. and it now works...
 
 :)
 
 
   Here is what I see when I run spamassassin --lint -D
  
   debug: Pyzor is available: /usr/bin/pyzor
   debug: entering helper-app run mode
   debug: Pyzor: got response: 66.47.67.162:24441  TimeoutError:
   debug: leaving helper-app run mode
   debug: Pyzor: couldn't grok response 66.47.67.162:24441
   TimeoutError: 


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Re: Automating usage of sa-learn

2003-09-30 Thread Tom Meunier



 -Original Message-
 From: Malte S. Stretz [mailto:[EMAIL PROTECTED]

 and 3 ways to
  attach a complete message (as sent by the POP3 server) to a new
  message. 

 
 Could you tell me the way to do it with Outlook 2000? I 
 searched for that 
 option on a customers box today, without avail. It almost 
 drove me crazy...


Tools  Options  Email Options  When Forwarding  Attach Original Message.

or from the message editing interface itself:

Insert  Item and browse through your folders to find the mail you want to attach.

-tom


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] SA WISH LIST Country Identification 2 Digit Codes

2003-09-29 Thread Tom Meunier

You could probably make some of that happen yourself by implementing some of the 
blacklists at http://www.blackholes.us

See http://www.blackholes.us/docs/usage.html#spamassassin for usage info.

-tom
-Original Message-
From: Andrew Thomas [mailto:[EMAIL PROTECTED]
Sent: Friday, September 26, 2003 11:06 AM
To: [EMAIL PROTECTED]
Subject: [SAtalk] SA WISH LIST Country Identification 2 Digit Codes

It would be great if SA created a Header entry called country of Origin and Identified 
this with a the 2 digit code... 
Examples 
CO:CA 
CO:US 
CO:AF 
Creating Continent code or the assigning IP org would be great to. 
So that each header would contain the country and continent code... 
Many small businesses with a few employees only do email business with a closely knit 
group of companies many of which might only be in the same country.
Having an Outlook Rule that looks for and takes advantage of this would be useful... 

---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Bayes question: Can I change the number of messages required before bayes kicks in?

2003-09-29 Thread Tom Meunier

Why not just go get 80 spams from the public corpus?  It'll be not optimal, but it'll 
be better than forcing it with 120. 

http://spamassassin.org/publiccorpus/

 -Original Message-
 From: Bill [mailto:[EMAIL PROTECTED]
 Sent: Friday, September 26, 2003 10:45 AM
 To: [EMAIL PROTECTED]
 Subject: [SAtalk] Bayes question: Can I change the number of messages
 required before bayes kicks in?

 I have a low volume mail server and do not get many spams. In 
 the past 2
 months I have only been able to collect 120 spams to feed the 
 bayes. (I have
 over 1000 hams in the datatbase.) I would like to enable bayes at this
 point. I thought I saw a command to set minimum number of 
 bayes entries
 required to start using bayes. I cannot find that command now 
 that I am
 ready to try to enable it. A little help here would be appreciated.

 I am running your latest version 6.0

 TIA,
 Bill 

---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Auto-whitelist (AWL) enable/disable?

2003-09-29 Thread Tom Meunier

AFAICT you'd do
auto_whitelist_factor 0

use_bayes 0 will disable bayes, not the (unfortunately named - it's as much an auto 
blacklist as an auto whitelist, innit?) auto whitelisting feature.

I hope if I'm mistaken somebody will jump in and correct me.  I remember this being 
asked a few months ago, and no definitive answer was given.

-tom

 -Original Message-
 From: Doug Ledbetter [mailto:[EMAIL PROTECTED]
 Sent: Friday, September 26, 2003 2:12 PM
 To: [EMAIL PROTECTED]
 Subject: [SAtalk] Auto-whitelist (AWL) enable/disable?
 
 
 Hello all,
 
  What enables or disables the auto-whitelisting 
 feature?  Would it 
 be use_bayes?
 
  If I don't want auto-whitelisting, will use_bayes 
 0 turn it off?
  


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] required_hits 10 email scores a 7 and is blocked

2003-09-23 Thread Tom Meunier

SpamAssassin doesn't block mail.  All it does is mark it up for content.
That mail seems to have been marked up for spam content correctly.
Therefore, your problem is not with SpamAssassin but rather with the
product that you've configured to quarantine mail. 

 -Original Message-
 From: CHRISTOP TATRO [mailto:[EMAIL PROTECTED] 
 Sent: Tuesday, September 23, 2003 6:59 AM
 To: [EMAIL PROTECTED]
 Subject: [SAtalk] required_hits 10 email scores a 7 and is blocked

 I have required_hits set to 10 in my
 /etc/mail/spamassassin/local.cf and the
 message is only scoring a 7 and is still being blocked and 
 sent to my spam-quarantine mailbox. What is up with that? 
 This is a copy of the email sent to my $spam_admin = 
 '[EMAIL PROTECTED]'

---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] problems with 2.60

2003-09-23 Thread Tom Meunier

Go check your filesystem rights on those file  directories.  That's happened to me 
before, and I was waiting for it to happen this time too, and mysteriously, it didn't.

My gateway boxen must be contagious.  :)

-tom

 -Original Message-
 From: Steve Heggood [mailto:[EMAIL PROTECTED]
 Sent: Tuesday, September 23, 2003 10:06 AM
 To: [EMAIL PROTECTED]
 Subject: [SAtalk] problems with 2.60
 
 
 Just Upgraded to 2.6
 
 I using spamd/spamc and have these 3 errors in my log:
 
 (I edited out my site info)
 
 
 cannot write to /var/spamassassin/bayes_journal, Bayes db 
 update ignored 
 debug: open of AWL file failed: lock: 24174 cannot create tmp 
 lockfile 
   
 /root/.spamassassin/auto-whitelist.lock.[MYNODE].[MYDOMAIN].com.24174 
   for /root/.spamassassin/auto-whitelist.lock: Permission denied  
 debug: mkdir /root/.spamassassin failed: mkdir /root/.spamassassin: 
   Permission denied at 
 /usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin.pm line 1272
 
 How can I resolve?
 -steve- 


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Better logging?

2003-09-23 Thread Tom Meunier

I think the main thrust of his answer was that Google Is Your Friend.

http://www.gryzor.com/tools/

-tom

 -Original Message-
 From: Jim Knuth [mailto:[EMAIL PROTECTED]
  First hit after googling for spamstats and perl:
  http://freshmeat.net/projects/spamstats/?topic_id=245
 
 thank you, but this site is not attainable
 


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Better logging?

2003-09-22 Thread Tom Meunier

Spamstats does that.

 http://www.gryzor.com/tools/

 -Original Message-
 From: Markus Gaugusch [mailto:[EMAIL PROTECTED] 
 Sent: Monday, September 22, 2003 5:31 AM
 To: [EMAIL PROTECTED]
 Subject: [SAtalk] Better logging?

 Hi,
 I'm using spamassassin on our relay server (with postfix), 
 and I would like to associate the mail recipients with the 
 messages from spamd, to do some stats (who gets the most spam, etc.).

---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] SpamAssassin filters seem too weak out of the box...

2003-09-22 Thread Tom Meunier

It's not abysmal.  You just don't understand it.  Most people get in
excess of 99% of spam with SpamAssassin.  Isn't it great to know that
SpamAssassin is so well geared against false positives that you're
TRYING to send a spammy email and can't do it?

http://www.spamassassin.org/tests.html

Break a few more tests and you'll get over the threshold.  Or run some
of your REAL spam through it.  Of course, you could write your own rule
to make PEN*S 5.0 points if you like.  But it's been tested thoroughly
and it turns out that no, that is not an appropriate score for that
test.  

 -Original Message-
 From: Mike Klein [mailto:[EMAIL PROTECTED] 
 Sent: Monday, September 22, 2003 1:36 AM
 To: [EMAIL PROTECTED]
 Subject: [SAtalk] SpamAssassin filters seem too weak out of the box...
 
 After some dyslexia in running the tests in USAGE (which 
 passed/failed as they should)...
 
 I decided to send some really annoying spam to myself.
 
 Basically email consisted of an all caps subject INCREASE 
 YOUR PEN*S SIZE NOW!!! and several lines in the body with 
 same text and a url to go to.
 BTW, I didn't make the above typo in my email...I spelled the 
 organ part correctly.
 
 The best I can seem to do on my own is rate a 3.1...with 5 to reject.
 
 This seems a skosh weak. I mean...let's get real. The subject 
 alone s/have made the email rate a 5...imho.
 
 I will look at configuring hit rate lower, but this s/not be 
 necessary I think.
 
 Why is the rating system so abysmal?



---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Philosophical SA questions

2003-09-22 Thread Tom Meunier

Hi Darren,  

 256 Ham, 1040 Probably Spam (5 points), 256 Almost Certainly 
 Spam (15 points), and 269 false negatives, 0 false 
 positives.  Bayes was trained with 16680 Spam, 4092 Ham, 
 125776 tokens.  I have auto-learning enabled, and feed all 
 the false negatives back into sa-learn the same day...

What version of SA are you using? 
I can't imagine any reason for this, other than your bayesian database
is tainted.  Did you hand-confirm those 21,000 emails?  Honestly, you'd
do much much better than that with just 200 of each.  There's something
very wrong with those numbers, that can't be accounted for in normal
operation.  Spot-check through the headers of the false negatives, and
see if the BAYES_xx is wrong.  It should hardly ever be wrong.  

 
 
 Philosophical question #1:  Am I expecting too much to be 
 disappointed with so many false negatives? 

Personally, I'd rip it out and rebuild with numbers like that.

 Philosophical question #1.5:  Are the network tests (RAZOR, 
 etc.) essentially required? 

No.  They're nice to have, but I disabled them with very slight initial
impact.  After I was satisfied that Bayes was trained.  If you disable
them, you'll be using another score set that compensates.

 
 
 Philosophical question #2:  I feel I could do much better 
 tweaking some of the rules (already made MIME_HTML_ONLY 3 
 points) that most of my spam hits that never are in my ham, 
 but should I start there or just lower my overall spam 
 threshold?  Has anyone already done a more aggressive prefs 
 file, especially anti-HTML mail so that I don't have to start 
 from scratch?

You may want to check out the rules sites:
http://www.merchantsoverseas.com/wwwroot/gorilla/sa_rules.htm
http://www.exit0.us/
Personally, I try not to touch the rules - I like to rely on Bayes if I
can.  However, I *really* like the ROT13, etc. rules.  And when I see a
domain repeatedly spamming me, I throw a blacklist_from *domain.com into
my .cf file just in case they learn how to sneak through.

 
 Philosophical question #2.5:  How are the default scores 
 chosen?  I thought I read they were determined mathematically 
 based on their frequency in the test spam corpus?  Is that 
 true?  If so, why is my corpus so different?

It's my understanding that they're put under load with a large corpus of
ham/spam, and their effectiveness is analyzed from the results of that
run.
 
 
 Philosophical question #3:  One of the things I liked about 
 SpamBouncer was feeding it your legitimate email addresses 
 and mailing list addresses and then it would consider items 
 sent TO those (missing or specifically there) in the overall 
 scoring.  I don't think SA offers anything like that... it's 
 not whitelisting (since that's From:), and it fails on BCCs 
 (hence the need for positive weighting of other factors)... 
 would be nice to have?  Anyone written a rule like that?  Any 
 suggestions?  I'm not sure how highly to score it.
 
There are various levels of adding this type of whitelisting to your
prefs file.

 
 
 Philosophical question #4:  Should I convert purely to 
 bayes-type filters?  I can't believe it's worth throwing out 
 some of the basic SA heuristics, but the Bayes scores coming 
 from SA have been pretty accurate.  To start with, has 
 anybody already written a prefs file favoring bayes heavier 
 than default?  Alternatively, can somebody explain to me the 
 differences in the DEFAULT SCORES (local, net, with bayes, 
 with bayes+net) column on the tests page?
 
I've considered it, but I like the ability to help it along with
alternative heuristics.  Spammers are becoming very interested in Bayes
poisoning lately.


 Philosophical question #5:  Should I try to get my bayes ham 
 vs. spam ratio closer as many suggest?  If so, why exactly?  
 It seems a waste to throw out spam since it can only further 
 prove the frequency of spam tokens and lack of hammy ones... 
 maybe I'm missing the math behind it?
 
I'm interested in a definitive answer to this question also.  Experience
tells me no, but lack of analysis says I could very well be wrong for
the 1 billionth time this month.  

 
 Philosophical question #6:  Why autolearn only on the 
 certainly spam?  Most of them already score high on Bayes, 
 why not train on the borderlines where bayes could push it 
 over the edge? I get a lot of 3.9s and 4.2s with no (or 
 little) affecting score from bayes.

To guard against mistakes, which would be a big problem.  And to give
you a chance to manually train the borderline stuff.  I'm rather certain
your Bayes is trashed, Darren.  


-tom


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Autodeleting spam based on score without deleting all spam

2003-09-21 Thread Tom Meunier

Why, Google of course!
http://savannah.nongnu.org/projects/spamass-milt/ 

Yes, it works with qmail.

-tom
 -Original Message-
 From: Tom Macek [mailto:[EMAIL PROTECTED] 
 Sent: Sunday, September 21, 2003 8:40 AM
 To: [EMAIL PROTECTED]
 Subject: Re: [SAtalk] Autodeleting spam based on score 
 without deleting all spam

 Can you tell me, where can I get the spamass-milter 
 program?? Is it a script? Does it work with qmail?

---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Autodeleting spam based on score without deleting all spam

2003-09-21 Thread Tom Meunier

Oh pooh.  Ignore me.  Of course Patrick is right; it doesn't support qmail. 

 -Original Message-
 From: Tom Meunier 
 Sent: Sunday, September 21, 2003 9:51 AM
 To: 'Tom Macek'; [EMAIL PROTECTED]
 Subject: RE: [SAtalk] Autodeleting spam based on score 
 without deleting all spam

 Why, Google of course!
 http://savannah.nongnu.org/projects/spamass-milt/ 

 Yes, it works with qmail.

 -tom
  -Original Message-
  From: Tom Macek [mailto:[EMAIL PROTECTED]
  Sent: Sunday, September 21, 2003 8:40 AM
  To: [EMAIL PROTECTED]
  Subject: Re: [SAtalk] Autodeleting spam based on score without 
  deleting all spam

  Can you tell me, where can I get the spamass-milter 
  program?? Is it a script? Does it work with qmail?

---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Question for the FAQ

2003-09-19 Thread Tom Meunier

Absolutely.

www.exit0.us/index.php/VirusBounceRules

among other things.

-tom

 -Original Message-
 From: Ivar Magne Auestad [mailto:[EMAIL PROTECTED]
 Sent: Thursday, September 18, 2003 1:01 PM
 To: [EMAIL PROTECTED]
 Cc: [EMAIL PROTECTED]
 Subject: [SAtalk] Question for the FAQ
 
 
 You are writing in the FAQ that you don't focus on viruses, 
 but I have a 
 suggestion. It would be very easy to add attachment type as a 
 qualifyer. 
 Very many viruses are attached as .pif-files or double extention 
 attachments (document.doc.exe) or refered to as inline mime 
 code. This 
 would remove quite some prosent of the viruses spread.
 
 Ivar Magne


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Scan Message Max Size

2003-09-19 Thread Tom Meunier

 -Original Message-
 From: Gary Funck [mailto:[EMAIL PROTECTED]
 Sent: Friday, September 19, 2003 10:38 AM
 To: Spamassassin List
 Subject: RE: [SAtalk] Scan Message Max Size

  Define safe - I stick with the default of 250kb and have 
 never had 
  an issue with it.  I can't see receiving a spam anywhere near that 
  size, that wouldn't also trigger an attachment blocking rule on my 
  gateway MTA.

 Define near. The latest Microsoft update spoof is about 155K.

That'd be like that New Shimmer!  It's a virus AND a banned executable attachment!  I 
have tools designed to deal with both of those, and SpamAssassin isn't one of them.

-tom

---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Spam and bounces

2003-09-19 Thread Tom Meunier

SpamAssassin doesn't bounce mail, period.  If you want it to bounce mail, please do 
so.  If you don't, don't.  Further documentation in your MTA's man pages.

-tom

 -Original Message-
 From: Regis Wilson [mailto:[EMAIL PROTECTED]
 Sent: Thursday, September 18, 2003 4:56 PM
 To: [EMAIL PROTECTED]
 Subject: [SAtalk] Spam and bounces

 I have an interesting one:  Is it possible to not bounce mail 
 that is marked
 as spam?  Unfortunately, I believe spamassassin is usually 
 called by procmail
 and thus would not be possible.  Maybe as a milter?  But I 
 have read bad things
 about the milters.  Thanks for any helpful replies.

---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] disable rbls, but keep pyzor, dcc, razor

2003-09-18 Thread Tom Meunier

skip_rbl_checks 1
#even though they're default if installed anyway...
use_razor2 1
use_pyzor 1
use_dcc 1

You've disabled the Osirusoft tests, I hope.  Those hit everything on the Internet.

-tom

 -Original Message-
 From: Covington, Chris [mailto:[EMAIL PROTECTED]
 Sent: Thursday, September 18, 2003 9:29 AM
 To: [EMAIL PROTECTED]
 Subject: [SAtalk] disable rbls, but keep pyzor, dcc, razor
 What is the best way to disable all SpamAssassin (2.55) RBL 
 checks, but
 keep Pyzor, DCC, and Razor2 enabled?  
 
 thanks
 Chris
 
 ps - as a side note, I wonder if 2.6 will help stop all these 
 FPs I get?
 My threshold is 6.0.
 
 
 ---
 This sf.net email is sponsored by:ThinkGeek
 Welcome to geek heaven.
 http://thinkgeek.com/sf
 ___
 Spamassassin-talk mailing list
 [EMAIL PROTECTED]
 https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
 


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Recognising dynamic rr.com IPs

2003-09-17 Thread Tom Meunier

http://blackholes.us/ 

 -Original Message-
 From: Peter Kiem [mailto:[EMAIL PROTECTED] 
 Sent: Wednesday, September 17, 2003 7:41 PM
 To: [EMAIL PROTECTED]
 Subject: [SAtalk] Recognising dynamic rr.com IPs

 I'm getting sick of all the spam that comes from rr.com and 
 have been blocking based on client addresses like 
 houston.rr.com, nyc.rr.com, satx.rr.com etc but they seem to 
 have LOTS of pools like this.

 Does anyone know a regexp to detect either
 1) the dynamic rr.com pools for blacklisting; or
 2) the legal rr.com mailservers for whitelisting?

---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] The Verisign folly

2003-09-16 Thread Tom Meunier

Date: Sat, 25 Jan 2003 10:19:37 +1100

-tom

 -Original Message-
 http://www.iab.org/Documents/icann-vgrs-response.html


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] The Verisign folly

2003-09-16 Thread Tom Meunier

I think the linked IAB missive is related to this:
http://www.merit.edu/mail.archives/nanog/2003-01/msg00023.html

WTF is Verisign doing anyway?  Deciding the Internet is their own private toy?  And 
everyone in the world is using it at their (verisign's) whim?

-tom

 -Original Message-
 From: Tom Meunier [mailto:[EMAIL PROTECTED]
 Sent: Tuesday, September 16, 2003 2:02 PM
 To: [EMAIL PROTECTED]
 Subject: RE: [SAtalk] The Verisign folly
 
 
 Date: Sat, 25 Jan 2003 10:19:37 +1100
 
 -tom
 
  -Original Message-
  http://www.iab.org/Documents/icann-vgrs-response.html
 
  


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] SA only ran 1 test??

2003-09-10 Thread Tom Meunier

How can you tell it only ran one test?  I'd say it ran all of the tests
but only hit on one of them. 

What rule do you feel your example spams broke, that SpamAssassin missed
tagging?  The only answer to spams like your example is Bayes, RBLs, and
distributed checksums such as Razor/Pyzor/DCC, if the headers themselves
don't break any rules.

-tom

 -Original Message-
 From: jpf [mailto:[EMAIL PROTECTED] 
 Sent: Tuesday, September 09, 2003 11:51 PM
 To: [EMAIL PROTECTED]
 Subject: [SAtalk] SA only ran 1 test??
 
 I rec'd the following mail...It had only run 1 test and rec'd 
 a score of only 0.1...any ideas why?
 
 thanks,
 
 jpf


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] No BAYES_* ?

2003-09-10 Thread Tom Meunier

If there's no BAYES_ test whatsoever, it isn't thinking it's ham.  It's not saying 
anything whatsoever.  Probably based upon the fact that it didn't have sufficient 
tokens or something.

Please note that Bayes doesn't use keywords.  It uses tokens, which may or may not 
resemble words. Also note that this email has very unusual spacing between words, and 
does funny things with the placement of punctuation.  It probably confused Bayes.  
You'll want to learn it.

For some reason I didn't see the spam header report on this email, so this is all pure 
conjecture.

-tom

 -Original Message-
 From: Carlo Wood [mailto:[EMAIL PROTECTED]
 Sent: Wednesday, September 10, 2003 8:56 AM
 To: [EMAIL PROTECTED]
 Subject: [SAtalk] No BAYES_* ?
 
 
 The attached mail got through spam-assassin without a problem...
 Why?  Where is the BAYES_* test?
 Does this mean that the bayes engine thinks this is less than 10%
 chance to be spam?  That would be ridiculous!
 How can I test on which keywords it is basing that this ham?
 
 -- 
 Carlo Wood [EMAIL PROTECTED]
 


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] Rules for hoaxes

2003-09-10 Thread Tom Meunier

I'm mulling over whether to make some SA rules for some of the more common urban 
legends and virus hoaxes.  Has anyone played with this, that is willing to share 
experiences?

-tom


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Not sure if my Bayesian filter is adding to the score ...

2003-09-09 Thread Tom Meunier

You are correct.  It needs 68 more spams.  

 -Original Message-
 From: James Herschel [mailto:[EMAIL PROTECTED]
 Sent: Tuesday, September 09, 2003 9:58 AM
 To: [EMAIL PROTECTED]
 Subject: [SAtalk] Not sure if my Bayesian filter is adding to 
 the score
 ...
 
 
[snip]
 Sep  9 10:25:55 ahnold spamd[11821]: debug: debug: Only 132 
 spam(s) in Bayes
 DB  200

[snip]
 Is it not taking the Bayes into consideration because I'm 
 below 200 emails
 in the DB right now, or am I missing something here?


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Not sure if my Bayesian filter is adding to the score ...

2003-09-09 Thread Tom Meunier

if you run spamassassin -D --lint it will show you a dbug line:

debug: bayes corpus size: nspam = [number], nham = [number]


 -Original Message-
 From: James Herschel [mailto:[EMAIL PROTECTED]
 

 Plus I'd just like to know how much further I 
 have to go before the Bayes kicks in 


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Not sure if my Bayesian filter is adding to the score ...

2003-09-09 Thread Tom Meunier

Yes, you're not running spamd as root, but you ran spamassassin -D --lint as root.  
Note the different paths to the bayes databases in your output.

 -Original Message-
 From: James Herschel [mailto:[EMAIL PROTECTED]
 Sent: Tuesday, September 09, 2003 3:07 PM
 To: Tom Meunier; [EMAIL PROTECTED]
 Subject: RE: [SAtalk] Not sure if my Bayesian filter is adding to the
 score ...
 
 
 I'm using spamd which shows 139 spam registered now - I'm 
 thinking I need a
 different command because running your suggested command 
 below strangely
 reports that only 56 spams are in the DB ...
 
 Tailing the maiilog
 Sep  9 15:56:43 ahnold spamd[18508]: debug: bayes: 18508 
 tie-ing to DB file
 R/O /var/qmail/.spamassassin/.spamassassin/bayes_seen
 Sep  9 15:56:43 ahnold spamd[18508]: debug: debug: Only 139 
 spam(s) in Bayes
 DB  200
 
 Running your command:
 debug: Initialising learner
 debug: using /root/.spamassassin for user state dir
 debug: bayes: 18535 tie-ing to DB file R/O 
 /root/.spamassassin/bayes_toks
 debug: bayes: 18535 tie-ing to DB file R/O 
 /root/.spamassassin/bayes_seen
 debug: debug: Only 56 spam(s) in Bayes DB  200
 debug: bayes: 18535 untie-ing
 debug: bayes: 18535 untie-ing db_toks
 debug: bayes: 18535 untie-ing db_seen
 
 James
 -Original Message-
 From: Tom Meunier [mailto:[EMAIL PROTECTED]
 Sent: Tuesday, September 09, 2003 3:52 PM
 To: James Herschel; [EMAIL PROTECTED]
 Subject: RE: [SAtalk] Not sure if my Bayesian filter is 
 adding to the score
 ...
 
 if you run spamassassin -D --lint it will show you a dbug line:
 
 debug: bayes corpus size: nspam = [number], nham = [number]
 
 
  -Original Message-
  From: James Herschel [mailto:[EMAIL PROTECTED]
 
 
  Plus I'd just like to know how much further I
  have to go before the Bayes kicks in
 
 


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] osirusoft still working?

2003-09-05 Thread Tom Meunier

1.  It *is* the case indeed.  Look at your email.  Since Osirusoft has
blacklisted the entire internet, every one would have that test flagged,
wouldn't it?  Yes.  It doesn't, does it?  No.  Setting it to 0 disables
the test.

2.  Even if it *did* run the test, if a test were to score zero points,
it wouldn't be listed.  Therefore, the poster's test is being run, and
it is scoring more than zero points.  His changes have not taken effect.

3.  User error is why.  The original poster isn't giving the full story.
He never answered whether he restarted spamd.  There's something the
user is doing that isn't being told here.  By now he's probably rebooted
his machine in frustration, and it's working fine now.  


 -Original Message-
 From: Ralf G. R. Bergs [mailto:[EMAIL PROTECTED] 
 Sent: Friday, September 05, 2003 2:47 AM
 Cc: [EMAIL PROTECTED]
 Subject: Re: [SAtalk] osirusoft still working?
 
 Simon Byrnand wrote:
 
  At 20:43 4/09/2003 +0200, Ralf G. R. Bergs wrote:
  
  Jim Porter wrote:
 
  score RCVD_IN_OSIRUSOFT_COM 0
  score X_OSIRU_DUL   0
  score X_OSIRU_DUL_FH0
  score X_OSIRU_OPEN_RELAY0
  score X_OSIRU_SPAMWARE_SITE 0
  score X_OSIRU_SPAM_SRC  0
  From what I understood, this would disable rbl checking of 
  osirusoft.com, but I am still seeing lines like this in 
 my log file.
 
 
  Wrong. This doesn't disable checking, but it gives the results the 
  weight 0, i.e. it doesn't add to or subtract from the score.
  
  Sorry, but it's you thats wrong. Setting the score of an 
 RBL check to 
  zero *does* disable the test itself, and has be confirmed by the 
  developers on previous occasions
 
 If that *were* the case, then kindly explain why the original 
 poster still observed the checks being executed.



---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] sa-learn says it learnt from 134 messages butcheck_bayes__db only reports 19 as nspam?

2003-09-05 Thread Tom Meunier

only half joking  Feed it 1400 more?

-tom

 -Original Message-
 From: Peter Kiem [mailto:[EMAIL PROTECTED]

 
 Yes I don't expect it to activate in SA until then but how can you get
 it to over 200 when I feed it 134 emails but the db says it 
 only learned
 19?


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Performance optimization for bigger setups

2003-09-05 Thread Tom Meunier

 
 currently I am looking for options on how to speed up 
 spamassassin 2.54.
 

Hi Jochen,

I've been considering the idea proferred at
http://www.advosys.ca/papers/printable/postfix-filtering.html
under A Word About Performance

quoted
The method shown here is an easy and reliable way to filter messages with Postfix. 
However, performance suffers because each e-mail message has the overhead of invoking 
a shell, starting the Perl interpreter, and creating a temporary file. 

The file creation overhead can be greatly reduced by mounting directory 
/var/spool/filter as a memory filesystem (tmpfs in Linux and Solaris). These 
filesystems are thousands of times faster than physical disk and are ideal for 
short-lived temp files. 
/quoted

-tom


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] why so low

2003-09-04 Thread Tom Meunier

 http://useast.spamassassin.org/tests.html

You've got negative scores all over that thing.  Add them up.

 -Original Message-
 From: landy [mailto:[EMAIL PROTECTED] 
 Sent: Thursday, September 04, 2003 5:31 AM
 To: SA
 Cc: [EMAIL PROTECTED]
 Subject: [SAtalk] why so low

 i have been getting many of these
 and even after doing sa-learn the score is super low, these 
 emails are really pissing me of

 To: [EMAIL PROTECTED]
 From: [EMAIL PROTECTED]
 MIME-Version:  1.0
 Content-Type:  text/plain; charset=ISO-8859-1
 Subject: Change password.
 Date: Wed, 03 Sep 2003 21:35:21 PDT
 X-Spam-Status:  No, hits=-7.6 required=5.0 
 tests=BAYES_10,FORGOTTEN_PASSWORD,GENUINE_EBAY_RCVD,NO_REAL_NAME,
 RCVD_IN_BONDEDSENDER,RCVD_IN_OSIRUSOFT_COM version=2.55
 X-Spam-Level:  
 X-Spam-Checker-Version:  SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp)

---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Change RBL lookup

2003-09-04 Thread Tom Meunier

There are already tests for SpamCop and NJABL:

RCVD_IN_BL_SPAMCOP_NET 
RCVD_IN_NJABL 
X_NJABL_OPEN_PROXY 
X_NJABL_DIALUP 
You can see what blacklists are tested by default, and their assigned scores, at 
http://www.spamassassin.org/tests.html

For examples of rules for alternative blacklists, see how blackholes.us describes the 
rule set for using their country blacklists.
http://www.blackholes.us/docs/blackholes.cf

 -Original Message-
 From: gregj [mailto:[EMAIL PROTECTED]

 
 Is there a way I can set SA to use a RBL other than 
 Osirusoft? I would like 
 to use SpamCop or NJABL. Any help is greatly apreciated. Thanks!


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Bayes filter and autolearning

2003-09-03 Thread Tom Meunier

Hi Dave,

You've got two different things happening here.

 -Original Message-
 From: Dave Kliczbor [mailto:[EMAIL PROTECTED]
 Sent: Wednesday, September 03, 2003 12:52 PM
 To: [EMAIL PROTECTED]
 Subject: [SAtalk] Bayes filter and autolearning

 | X-Spam-Status: No, hits=4.1 required=5.0
 | tests=BAYES_90,NO_REAL_NAME
 | autolearn=ham version=2.55

 auto_learn_threshold_nonspam is set to 1.9.
 Now I am wondering why on earth SpamAssassin learns that message as
 _ham_? As far as I can see, this should not happen.

On this one, it's because autolearn learns the message pre-Bayes test.  Without your 
Bayes_90, that message scored under 1.9 points, and so it was autolearned.  The other 
reason that applies here is explained below.

 On the other hand, I have more than one mail where 
 SpamAssassin behaves
 like that:

 | X-Spam-Status: Yes, hits=11.8 required=5.0
 |  tests=BAYES_70,FORGED_MUA_OUTLOOK,MSG_ID_ADDED_BY_MTA_3,
 |NIGERIAN_BODY,RATWARE_OE_MALFORMED,RISK_FREE
 |  version=2.55

 auto_learn_threshold_spam is set to 5.0.
 Why doesn't SpamAssassin learns this message as spam?

There's a safety zone around your spam hits in 2.55.  It's not there in 2.60.  If 
you run spamassassin -D --lint you'll see a line like:
debug: auto-learn? safety=4, ham=1.9, spam=5, body-hits=-0.4, head-hits=-1.3

This means that the only spams you'll auto-learn as spam are ones that are NOT within 
4 points of your spam level setting.  So in your case, you simply cannot learn spams 
9 and you simply cannot learn hams 1.  No matter what you set your 
auto_learn_thresholds to.

-tom

---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Bayes filter and autolearning

2003-09-03 Thread Tom Meunier

Hi Dave, hope I can help here beyond parroting what I've read  played with...

  On this one, it's because autolearn learns the message pre-Bayes
  test.  Without your Bayes_90, that message scored under 1.9 points,
  and so it was autolearned.  The other reason that applies here is
  explained below.
 
 Ah. Could this behavior be changed by changing something in 
 the config?
 Or by changing the source a bit (that also a perl novice like 
 me can do it)?

I are but a simple sysadmin, not a programmer.  Why would you want the Bayes score 
wrapped into the decision about whether to learn it?  If I get something *REALLY* 
spammy, high enough to be learned, but then it scores BAYES_00, it may be dropped 
below my autolearn threshold.  That is the stuff I want going through bayes, not the 
BAYES_99 stuff.


 That is my lowest rated mail learned as spam (same settings as in the
 original posting):
 
 | X-Spam-Status: Yes, hits=8.4 required=5.0
 | tests=BASE64_ENC_TEXT,HTML_30_40,HTML_IMAGE_ONLY_04,
 |   HTTP_USERNAME_USED,PRIORITY_NO_NAME,RCVD_IN_RFCI,
 |   RCVD_IN_SBL,USERPASS
 | autolearn=spam version=2.55
 
 That does not comply with your statement.
 

I didn't see the complete debug output as it was processed by SpamAssassin, so I can't 
really comment, except keep in mind that Bayes autolearning uses either scoreset 0 or 
1.  This may be scoreset 3 or 4, which may be different.  I don't know.

 I'm curious about the safety zone... why did the 
 programmer(s) decide
 to put it in? Even if they saw sense in it, most open source 
 programs do
 let you make senseless configurations. Or, to say it in other words:
 They not only let you shoot yourself in the foot, they give you an
 assortment of guns already loaded and pointed downwards[2] :-)

I imagine they define shooting yourself in the foot as exactly what you're 
attempting to do.  Unattended autolearning in the sweet spots for false positives and 
false negatives.  I'd never autolearn that close to my threshold.  I'd hand-feed.  But 
I guess it's good that they allow you to do it now.


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Bayes and whitelisting

2003-09-02 Thread Tom Meunier

You'll likely find that those words wouldn't be considered interesting
tokens - and if they do, they will also be considered interesting
tokens for all the ham you receive discussing these topics.  The
bayesian engine doesn't simply grab words; it grabs tokens, and it grabs
them in some really (to a human eye) bizarre contexts.

Also, out of curiosity: do you find that the spamassassin-talk emails
with attached spams score high enough to meet your auto-learn threshold?

-tom

 -Original Message-
 From: Carlo Wood [mailto:[EMAIL PROTECTED]
 Sent: Monday, September 01, 2003 7:25 PM
 To: Simon Byrnand
 Cc: [EMAIL PROTECTED]
 Subject: Re: [SAtalk] Bayes and whitelisting
 
[ ]
 
 Take for example this mailinglist, this very mail, it is full of words

 like whitelist, SpamAssassin, autolearnt, score, man pages
 etc.  If you included a SPAM as example (quite possible on this list, 
 and the reason why I whitelist it) then I still don't want it to be
 autolearnt: that would mean that the mentioned words get tagged as 
 spammy, and they are not.


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] bayes feedback

2003-09-02 Thread Tom Meunier

Because without a few hundred messages, it would be completely and utterly useless?  
It would be like meeting an airline pilot who was 5'7 tall and had a scar on his left 
cheek and wore his hat backwards.  Bayes would think that scars on left cheeks were as 
reliable an indicator of airline-pilotness as was an airline uniform.  All statistics 
are based upon having a statistically significant sample, and to tell the truth, a 
corpus of 200 hams / 200 spams is severely stretching it.

http://www.paulgraham.com/spam.html


 -Original Message-
 From: Ron Gilbert [mailto:[EMAIL PROTECTED]
 Sent: Tuesday, September 02, 2003 10:54 AM
 To: [EMAIL PROTECTED]
 Subject: RE: [SAtalk] bayes feedback
 
 
 
 I read here that bayes is only turned on after
 it learned from at least 200 spams AND 200 hams.
 That number could be more.  It only starts to be
 efficient after you got say 1000 of both.
 
 Can someone explain to me why SA won't start using bayes 
 until it's seen
 several hundred messages?   


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] bayes feedback

2003-09-02 Thread Tom Meunier



 -Original Message-
 From: Ron Gilbert [mailto:[EMAIL PROTECTED]
 
 Because without a few hundred messages, it would be 
 completely and utterly
 useless?
 
 Yes, i do understand that.  I guess my complaint is that I 
 would have rather
 it started working and been somewhat useless (like POPFile 
 did), or provide
 much better feedback on it's status.  From what I can tell, 
 it really isn't
 *200* ham/spams, it's 200 different enough ham/spams.  
 Again...good feedback
 would have solved a lot of my frustrations, and judging from 
 the posts here,
 others as well.
 
 Ron

I'll agree with you there.  When I first installed mine, I trained it on the public 
corpus, although I imagine that wasn't the smartest thing to do. Once it kicked in, it 
trained itself pretty darned quickly.  Managed to get through with only 2 FPs in the 
first couple of days, and by then it had trained itself up to several thousand 
hams/spams.

-tom


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Changing Bayes scoring

2003-08-29 Thread Tom Meunier

Somebody already answered the syntax for modifying your scores in your local.cf, so...

The auto-learn bayes evaluator doesn't take the Bayes scores into account when 
deciding whether to learn as spam or ham.  So you could have autolearn threshold set 
to 10, have your Bayes tests at 20 points, and get a 29-point spam come in, but not be 
sent through autolearn. 

 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
 Sent: Friday, August 29, 2003 11:43 AM
 To: [EMAIL PROTECTED]
 Subject: [SAtalk] Changing Bayes scoring
 
 
 Greetings,
 
 I'd like to increase the score for certain bayes
 confidence levels.  My understanding is that I
 need to put one (or more) of these lines from 
 /usr/locals/hare/spamassassin/23_bayes.cf:
 
 
 body BAYES_60   eval:check_bayes('0.60', '0.70')
 body BAYES_70   eval:check_bayes('0.70', '0.80')
 body BAYES_80   eval:check_bayes('0.80', '0.90')
 body BAYES_90   eval:check_bayes('0.90', '0.99')
 body BAYES_99   eval:check_bayes('0.99', '1.00')
 
 into /etc/mail/spamassassin/local.cf
 
 and in order to increase the scores from certain bayes confidence
 levels, make edits, such as:
 
 body BAYES_70   eval:check_bayes('0.70', '1.80')
 body BAYES_80   eval:check_bayes('0.80', '1.90')
 body BAYES_90   eval:check_bayes('0.90', '2.99')
 body BAYES_99   eval:check_bayes('0.99', '3.00')
 
 Or am I off the mark entirely?
 
 A good 80-90% of the spam that scores 4.3-4.9, while being all over
 the place wrt other scores (i.e. some have bad mime, some have bad 
 html, some have bad times), they have bayes confidences of 70-99.
 As well the few lists that I'm on seem to get 3.5 to 4.5-ish scores,
 mostly for the bad html that comes from their MUA, yet have pretty 
 consistent bayes confidences around 20-50%.  
 
 So, it seems to me that I should rely a bit more on bayes, as just
 lowering the threshold will get a fair bit of ham.
 
 Yet, in doing so, does this feed back into the bayes evaluator?
 
 Cheers!
 -sam
 
 
 ---
 This sf.net email is sponsored by:ThinkGeek
 Welcome to geek heaven.
 http://thinkgeek.com/sf
 ___
 Spamassassin-talk mailing list
 [EMAIL PROTECTED]
 https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
 


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Changing Bayes scoring

2003-08-29 Thread Tom Meunier

My guess is that if it has a high bayes score already, you don't need to re-learn it - 
the Bayesian engine already /knows/ about the interesting tokens contained therein.

However, I admit to sa-learning my lower-scoring spam that may have a BAYES_n where n 
is less than 90.  If it has a BAYES_99 I don't need to sa-learn it.

-tom
 -Original Message-
 From: Jon Gabrielson [mailto:[EMAIL PROTECTED]
 Sent: Friday, August 29, 2003 1:03 PM
 To: Tom Meunier; [EMAIL PROTECTED];
 [EMAIL PROTECTED]
 Subject: Re: [SAtalk] Changing Bayes scoring
 
 
 Is there a way to change this behavior?
 It seems to me that a high bayes score also shows that it is spam
 and it might be possible to grab a few new tokens from the spam
 which you otherwise wouldn't get.
 
 Jon.


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Spamassassin and Razor

2003-08-28 Thread Tom Meunier

http://www.spamassassin.org/tests.html

It adds points to the total score, as in any other SA test.  See the RAZOR2_CHECK and 
RAZOR2_CF_RANGE rules.

 -Original Message-
 From: Mike Burkhouse [mailto:[EMAIL PROTECTED]
 Sent: Thursday, August 28, 2003 9:24 AM
 To: [EMAIL PROTECTED]
 Subject: [SAtalk] Spamassassin and Razor

 Razor returns a message as being spam.  If Razor returns that 
 a message
 looks to be spam, does SA automatically trigger the 
 X-Spam-Status flag, or
 does it mark it in some other way that I need to filter on?  

---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Spamassassin and Mail Relay

2003-08-28 Thread Tom Meunier

1.  Don't delete your user's mail.  Just mark it and let them make rules client-side.  
If you've an intermediary gateway that can do some content filtering, you can use that 
to delete or quarantine especially high-scoring spam.

2.  See (3.)

3.
http://lawmonkey.org/anti-spam.html
http://www.geocities.com/scottlhenderson/spamfilter.html
http://www.advosys.ca/papers/printable/postfix-filtering.html

-tom

 -Original Message-
 From: John B. [mailto:[EMAIL PROTECTED]
 Sent: Thursday, August 28, 2003 11:23 AM
 To: [EMAIL PROTECTED]
 Subject: [SAtalk] Spamassassin and Mail Relay
 
 

 
 1)  There has to be different types of filtering. Is it
 best to mark the message as spam and let the end user
 filter it out?  Is it possible to create a secondary
 mailbox and have the spam sent to that mailbox (on a per
 user basis) (remember a LOT of domains)?
 
 2)  How does the relay work?  Methods may be SendMail and
 Milton, ProcMail (But I think that is for local delivery
 only)..  Any other ideas?
 
 3)  And the hardest...  Simple directions for me to do the
 install  I am new to Linux so I do not know all the
 INs when it comes to tricks of the trade.


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Spamassassin and Mail Relay

2003-08-28 Thread Tom Meunier

Oh yeah:  If I were running Imail (I don't, but I play a person who does on TV) I'd at 
least give a cursory glance to IMGATE.

http://imgate.meiway.com/

 -Original Message-
 From: John B. [mailto:[EMAIL PROTECTED]
 Sent: Thursday, August 28, 2003 11:23 AM
 To: [EMAIL PROTECTED]
 Subject: [SAtalk] Spamassassin and Mail Relay

 I am new to the list (and the linux community) and I am
 hoping that someone could give me a step in the right
 direction.

 I have a Windows 2k server running IMAIL of wich end users
 connect to download their email. 

---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] Pyzor misconfig?

2003-08-27 Thread Tom Meunier

I must be doing something stupid, or have something misconfigured.  My
server times out on Pyzor tests about 90% of the time, and on DCC tests
about 5-10% of the time.  I've set the timeouts to 10 seconds.  My
average message analysis time due to these tests taking so long is 13-15
seconds.  It wasn't much better when I was just using Razor and DCC -
maybe 9 to 11 seconds.  Razor is kinda slow, but bye slow I mean 0.5-3
seconds.  I have specified [dns_available yes] in my local.cf, fwiw.
Any clues as to where I've misconfigured my system?  SA 2.60 rc0 called
from Postfix 1.x as a gateway smtp relay, although the behavior has
existed in 2.54 and 2.55 also.
debug: Pyzor is available: /usr/bin/pyzor
debug: entering helper-app run mode
debug: Pyzor: got response: 66.92.49.157:24441  TimeoutError:
debug: leaving helper-app run mode
debug: Pyzor: couldn't grok response 66.92.49.157:24441
TimeoutError: 


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Scores for OSIRU Tests

2003-08-27 Thread Tom Meunier

Keep in mind when you modify 20_head_tests.cf it'll be overwritten with
each subsequent upgrade of SpamAssassin.  Your local.cf won't. 

 -Original Message-
 From: Larry Gilson [mailto:[EMAIL PROTECTED] 
 Sent: Wednesday, August 27, 2003 2:06 PM
 To: '[EMAIL PROTECTED]'; [EMAIL PROTECTED]
 Subject: RE: [SAtalk] Scores for OSIRU Tests 

 Hey Justin,

 There was another suggestion that the tests could be 
 commented out in 20_head_tests.cf.  Which is the best and/or 
 recommended method?

 --Larry

---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Custom Rules - spamd

2003-08-26 Thread Tom Meunier

Chris,

A google of [reg2rule] and [reg2rule.pl] brings up nada.  Throw me a bone?

fwiw, I blacklist 'em when they come in, and my average spam score is up in the 40s.

-tom

 -Original Message-
 From: Chris Santerre [mailto:[EMAIL PROTECTED]
 Sent: Tuesday, August 26, 2003 8:12 AM
 To: 'Larry Gilson'; 'Matt Kettler'; spamassassin_list
 Subject: RE: [SAtalk] Custom Rules - spamd
 
[ ]
 evil domains
 generated by reg2rule.pl, plus more custom ones I haven't put on the
[ ]


---
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Sobig virus blocking

2003-08-26 Thread Tom Meunier

http://www.exit0.us/index.php/VirusBounceRules

-Original Message-
From: Steve Combs [mailto:[EMAIL PROTECTED]
Sent: Monday, August 25, 2003 11:07 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: [SAtalk] Sobig virus blocking


Can someone help me write a rule to block the sobgi virus?  I just want to block all 
of the common subjects. 


---
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] exchange and IMAP Public Folder messages

2003-08-14 Thread Tom Meunier

 -Original Message-
 From: Covington, Chris [mailto:[EMAIL PROTECTED]
 Sent: Monday, August 11, 2003 2:33 PM
 To: Tom Meunier; [EMAIL PROTECTED]
 Subject: RE: [SAtalk] exchange and IMAP Public Folder messages

 -Original Message-
 From: Tom Meunier [mailto:[EMAIL PROTECTED] 

 I don't know how you're doing this, but my Ham and Spam 
 public folders
 work exactly as
 specified.  Are you certain your users aren't forwarding them there,
 but rather dragging
  dropping from Outlook?  Are your users connecting to the server via
 IMAP or MAPI?  (We
 don't use IMAP, so I can't duplicate that.

 -tom

 The users are using MAPI, but the way SpamAssassin gets the emails is
 via an IMAP script. The headers get truncated when the messages are
 pulled using IMAP from the Public Folders.

 How do you get messages from the Public Folders to SpamAssassin?

 Chris

D'oh!  Sure 'nuff you're right.  I've been merrily using MUTT via IMAP, and I'm seeing 
the same behavior.  I mean, now that I actually *look* that is.  crawls back under 
rock

-tom 

---
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

1 2 >

1 - 100 of 119 matches

Mail list logo