RE: [SAtalk] new chicnpox --lint failed
Upgrade to 1.14. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Arpi Sent: Saturday, January 24, 2004 7:29 AM To: [EMAIL PROTECTED] Subject: [SAtalk] new chicnpox --lint failed Hi, After upgrading chichekpox to Version 1.11, spamassassin --lint fails --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] thank you guys
I'll never complain about my old PII-400 taking 8.5 seconds to process a message through spamd again. -tom -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Thomas Kinghorn Sent: Friday, January 23, 2004 4:32 AM To: Spamassassin-Talk (E-mail) Subject: [SAtalk] thank you guys To all the contributors of SPAMASSASSIN, exiscan sa-exim... Thank you all here are some stats for the last 4 weeks This is for 4 domains. Total number of emails processed by the spam filter : 200942 Number of spams : 91592 ( 45.58%) Number of clean messages:109350 ( 54.42%) Average message analysis time : 69.27 seconds Average spam analysis time : 84.67 seconds Average clean message analysis time : 56.37 seconds Average message score : 4.37 Average spam score : 15.17 Average clean message score : -4.68 Total spam volume : 282 Mbytes Total clean volume : 1119 Mbytes keep up the good work PS...the new spamstats.pl works like a charm with exim...thanks to the developer of that too. you guys rule. CYA Tom --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] Country codes
Since they rarely declare the TRUE country they're sending from, I'd probably use the blackholes.us rbls. And probably host them locally to reduce DNS lookup time. http://www.blackholes.us/docs/usage.html It only has zones for argentina, brazil, china, hong kong, japan, korea, malaysia, mexico, nigeria, russia, singapore, taiwan, thailand and turkey. -tom -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Sent: Friday, January 09, 2004 9:27 AM To: [EMAIL PROTECTED] Subject: [SAtalk] Country codes What are you doing for country codes? If I want to mark all mail from junkmail.com.tw or junkmail.com.au what would be the best way to trap all the country codes? should I OR it ie from ~= {\.com\.au|\.com\.tw| etc |etc} or is there a better way Thanks --- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] Continuing saga of runaway spamd
Interesting to me mostly because spamc/spamd by default won't even look at a 1.2mb email. I'm interested in how/where that happened. -tom -Original Message- After we upgraded to SA 2.61 as was suggested by this list we had a mail-machine crash again when spamd expanded beyond all available memory. As far as we can tell it was looking at a 1.2Mb Micro$oft Word e-mail, ham and sent to a very senior person. Spamd is set to limit children (to 10 I think) but we still had this runaway. The system manager is pushing for withdrawing spamassassin as we cannot have the mail going catatonic. I am not responsible for this system, but was the advocate for adding spamassassin, so this matters to me :-) --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id78alloc_id371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] Finding a rule to catch a particular spam
Pyzor and BigEvil nailed both of them. The second one hit a whole ton of RBLs also. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Geoff Soper Sent: Wednesday, January 07, 2004 4:18 PM To: Chris Santerre Cc: [EMAIL PROTECTED] Subject: * Probable SPAM * [SA-05.81] RE: [SAtalk] Finding a rule to catch a particular spam Here they are, I hope they've extracted OK. So does anybody have a way of catching them? Thanks, Geoff --- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] BigEvil.cf
Start spamd with -D debug options and then tail -f /var/log/maillog |grep -i bigevil -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of SAtalk Mail User Sent: Monday, January 05, 2004 11:04 AM To: [EMAIL PROTECTED] Subject: [SAtalk] BigEvil.cf Hello all, I am new to this list and have a question in regards to bigevil.cf and other .cf files. From the reading I noticed that all you need to do is to put the bigevil.cf in the /etc/mail/spamassassin directory and then restart spamd. Once that is all done, how do you know if the files are getting parsed? Is there some kind of reporting that it does in the maillog or in the headers of the email that gets parsed? --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id78alloc_id371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] Image-only spam
Before you play with the settings, consider updating to the current version of SpamAssassin. You're probably using 2.44; the current version is 2.61. At this point, that much spam getting through would be expected behavior. -tom -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Barry Callahan Sent: Sunday, December 21, 2003 4:05 PM To: [EMAIL PROTECTED] Subject: [SAtalk] Image-only spam I installed Spamassassin from a RedHat RPM as a test a day or two ago, and it's properly flagging about 1/3 of the incoming SPAM as such. I have not played around with any of the settings yet. Half of what's getting through has a score of 3.6 - 4.0. This is not the group that overly concerns me, as I'm sure I can adjust things to get these properly detected. The other half of what's getting through, I'm not so sure about. It has a score of -1.1 - +1.1. Yes, I'm getting SPAM with a negative SPAM score. In all cases, the messages in the last group have the following in common: 1) They're Multipart Mime-formatted messages. 2) A text/plain section exists, but contains only blank lines. 3) The text/html section contains two or more HTML comments containing random alphanumeric strings. 4) The text/html section contains one or more image tags which reference images on some random webserver. 5) At least one of the images is a link. 6) The text/html section contains absolutely no displayable text. So, an example of what the text/html section might contain is: htmlbody center!--l25cxq1atrz--a href=REMOVED!--srQ3lVIGl6vp--img src=REMOVED border=0/a/center /html/body Is anyone else seeing SPAM like this? Would anyone be able to make suggestions on how to go about writing a ruleset to tag these? Thanks. Barry --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id78alloc_id371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] importing spam from exchange users for sa-learn?
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of AltGrendel Sent: Thursday, December 18, 2003 7:54 AM To: SA-Talk Subject: RE: [SAtalk] importing spam from exchange users for sa-learn? Wasn't there a big issue with public folders stripping off the original email headers and replacing them with something else? It doesn't beat 'em up too badly. Here's one I just pulled out of an Exchange 2000 Public Folder. --- Microsoft Mail Internet Headers Version 2.0 Received: from NAV.courts.state.tx.us ([10.mun.g.ed]) by email.courts.state.tx.us with Microsoft SMTPSVC(5.0.2195.6713); Fri, 5 Dec 2003 01:42:22 -0600 Received: from relay-sa.courts.state.tx.us ([10.mun.ge.d2]) by NAV.courts.state.tx.us (SAVSMTP 3.0.0.39) with SMTP id M2003120501422119000 for [EMAIL PROTECTED]; Fri, 05 Dec 2003 01:42:21 -0600 Received: by relay-sa.courts.state.tx.us (Postfix, from userid 500) id 546974A4FE; Fri, 5 Dec 2003 01:42:19 -0600 (CST) Received: from 1.mail-out.ovh.net (1.mail-out.ovh.net [213.186.33.82]) by relay-sa.courts.state.tx.us (Postfix) with ESMTP id 59C7E4A4FF for [EMAIL PROTECTED]; Fri, 5 Dec 2003 01:42:09 -0600 (CST) Received: (qmail 3470 invoked by uid 503); 5 Dec 2003 04:31:36 - Received: from b2.ovh.net (HELO 60gp.ovh.net) (213.186.33.52) by 1.mail-out.ovh.net with DES-CBC3-SHA encrypted SMTP; 5 Dec 2003 04:31:36 - Received: by 60gp.ovh.net (Postfix, from userid 16757) id 71705262D2; Fri, 5 Dec 2003 05:31:57 +0100 (CET) To: [EMAIL PROTECTED] From: [EMAIL PROTECTED] Subject: * Probable SPAM * [SA-06.37] CRUISES TO PLEASURE - Closing Party.Modrophenia - Saturday 13th december 2003 Message-Id: [EMAIL PROTECTED] Date: Fri, 5 Dec 2003 05:31:57 +0100 (CET) X-Spam-Flag: YES X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on RELAY-SA X-Spam-Report: * 0.2 NO_REAL_NAME From: does not include a real name * 1.7 NO_COST BODY: No such thing as a free lunch (3) * 2.7 SENT_IN_COMPLIANCE BODY: Claims compliance with spam regulations * -1.5 BAYES_01 BODY: Bayesian spam probability is 1 to 10% * [score: 0.0228] * 1.5 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net * [Blocked - see http://www.spamcop.net/bl.shtml?213.186.33.52] * 0.1 CLICK_BELOW Asks you to click below * 1.8 AWL AWL: Auto-whitelist adjustment X-Spam-Status: Yes, hits=6.4 required=5.0 tests=AWL,BAYES_01,CLICK_BELOW, NO_COST,NO_REAL_NAME,RCVD_IN_BL_SPAMCOP_NET,SENT_IN_COMPLIANCE autolearn=no version=2.60 X-Spam-Level: ** Return-Path: [EMAIL PROTECTED] X-OriginalArrivalTime: 05 Dec 2003 07:42:22.0093 (UTC) FILETIME=[515E33D0:01C3BB03] --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id78alloc_id371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] importing spam from exchange users for sa-learn?
-Original Message- From: Tony Hoyle [mailto:[EMAIL PROTECTED] Sent: Thursday, December 18, 2003 8:41 AM To: Tom Meunier; AltGrendel; SA-Talk Subject: RE: [SAtalk] importing spam from exchange users for sa-learn? Interesting... what did you set on exchange to make it do that? Here's what it does when I try it: X-MimeOLE: Produced By Microsoft Exchange V6.0.6375.0 Compare the headers. Mine was dragged dropped into a public folder from a mailbox, using Outlook. Yours looks like it was forwarded to a mail-enabled public folder. -tom --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id78alloc_id371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] importing spam from exchange users for sa-learn?
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of AltGrendel We're running Exchange 2k that was upgraded from 5.5, which was upgraded from ...(you get the idea). Anyway, I'm still seeing the old header style and I'm wondering if it's not an issue with upgrade vs clean install. Mine was also an upgrade from Exchange 5.5. Well, it was done as a swing server upgrade - I introduced the 2000 box into the 5.5 site, moved all the mailboxes public folders to the 2000 server, then decommissioned the 5.5 box. -tom --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id78alloc_id371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] Bayes Corpus Project
What would differentiate the proposed public corpus from the public corpus at http://www.spamassassin.org/publiccorpus/? -tom -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Adam Denenberg Sent: Thursday, December 11, 2003 8:10 AM To: [EMAIL PROTECTED] Subject: [SAtalk] Bayes Corpus Project What i want to start is a Bayes Corpus Project. I would like to be able to allow people to submit confirmed ham and/or spam to a large bayes corpus repository (or maybe just spam) where people could then download (or somehow do an sa-learn remotely) to an ongoing updated bayes corpus. --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id78alloc_id371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] Detecting strings of Gibberish
http://www.wot.no-ip.com/cgi-bin/detoken.pl Most of the gibberish I see is encoded tracking information. I plugged in my domain name to the little script thingy, saved the .cf file, and it catches 'em like crazy. -tom -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Larry Starr Sent: Thursday, December 11, 2003 9:50 AM To: [EMAIL PROTECTED] Subject: [SAtalk] Detecting strings of Gibberish I have noticed that many SPAM emails, end with seversl lines of gibberish, such as: lvwpdfobv qkviylqr qlmwacbc hpimhdty mdmrkb lvivhdc xovwul wpcxeqj lhaxomaje vrucjj ybxegs Has anyone developed a rule that can detect this sort of thing? Perhaps a check for n consecutive words, at the end of the body, none of which are in a dictionary? --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id78alloc_id371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] Exchange 2000 + SpamAssassin + Postfix
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Guentert Matthias I have successfully installed spamassassin on my linux server which runs postfix as mta. Our Exchange 2000 server pops the emails from the linux server which stands in the dmz. Stop doing that right now. POP3 is for single mailboxes, not server-to-server SMTP replacement. Just have postfix forward the mail, acting as simply a relay box. Dump that POP3 connector kludge - there's no place for that on a mail server. spamassassin recognizes spam very well and adds the X-SPAM tag. Now i am able to set rules in my outlook to filter email headers for this tag and then act in any kind i want. But i dont want to expect all the employees in our bureau to set such a filter themselves. Am i able to set a kind of global filter in exchange Not really. Best is to give them a nice document telling them how to do it. or have i overred something in the spamassassin docu on how to perform this task? Procmail? The best would be to send all incoming spam to one email adress for later analyzes. Procmail? --- This SF.Net email sponsored by: ApacheCon 2003, 16-19 November in Las Vegas. Learn firsthand the latest developments in Apache, PHP, Perl, XML, Java, MySQL, WebDAV, and more! http://www.apachecon.com/ ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] SecuritySage spam filters and Postfix/SpamAssassin integration
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kenneth Porter http://www.securitysage.com/guides/postfix_uce.html I just got some mail bounced by an ISP using this setup and after reviewing the details, it looks like the system is set up backwards: It does its own all-or-nothing header checks that SA already takes care of, causing heavy-handed rejections of false positives, instead of letting SA look the message over and using the combined score of several indicators to make the decision It's my experience that many people think that being listed on an RBL or not having rDNS properly set up or pipelining ESMTP is reason enough to drop an SMTP conversation. Yeah, that's their business decision, and they think YOU I have it backwards for wasting cpu cycles and disk space when you should've 550ed during the conversation. If their users tolerate it, that's up to them. :| -tom --- This SF.Net email sponsored by: ApacheCon 2003, 16-19 November in Las Vegas. Learn firsthand the latest developments in Apache, PHP, Perl, XML, Java, MySQL, WebDAV, and more! http://www.apachecon.com/ ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] How do I catch obfuscated characters?
You'll want to look at http://www.exit0.us/index.php/MaskedWordList Take a gander at the link to Chris' Mediocre ObfuScript, which is soon (I hear) to be upgraded to Chris' Somewhat Adequate ObfuScript. -tom -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael Howell Sent: Thursday, November 13, 2003 3:33 PM To: [EMAIL PROTECTED] Subject: [SAtalk] How do I catch obfuscated characters? Hi all. I'm new to the list, and I'm trying to figure out a way of detecting words with obfuscated characters (i.e. @pp!3, app13 = apple). I set up a test something like this: /(?:a|4|@)pp(?:l|1|!)(?:e|3)/i This will catch @pp!3 and app13, but it also catches apple. Can anyone help me work the regex so it skips the word if it's spelled normally? --- This SF.Net email sponsored by: ApacheCon 2003, 16-19 November in Las Vegas. Learn firsthand the latest developments in Apache, PHP, Perl, XML, Java, MySQL, WebDAV, and more! http://www.apachecon.com/ ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] spamassasin without the mess
You've just described how spamassassin works. So I'm pretty certain the you don't want to sit at a command line, saving your mails to text files, and checking them one-by-one. What is it that you would LIKE to do, really? Chances are someone's already doing it. Do you have a non-*n?x enterprise mail server that you want to check incoming mail for? Do you simply have a single mailbox that you would like to use spamassassin on? -tom -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tyler Montbriand Sent: Tuesday, November 11, 2003 1:09 PM To: [EMAIL PROTECTED] Subject: [SAtalk] spamassasin without the mess Not having ever run a UNIX mail server, I find the existing documentation and configuration info for spamassasin quite mystifying. I'd prefer not to go with the UNIX method of handling mail and mailboxes, and I certainly don't want it screwing with my ISP's smtp server. I'd like to just cut out all the mess - I want to just install and use spamassasin as a direct text filter. Like, cat spam_message.txt | filtermail filtered_message.txt Is this possible, or am I sol? --- This SF.Net email sponsored by: ApacheCon 2003, 16-19 November in Las Vegas. Learn firsthand the latest developments in Apache, PHP, Perl, XML, Java, MySQL, WebDAV, and more! http://www.apachecon.com/ ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] Filtering on returned mails not written with my mail client
No. How would this be a bug? By definition it would have to be a custom rule, since you've specified that it be user-specific and custom header specific. Such a rule would work for nobody in the universe but Wolfgang Rohdewald. -tom -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Wolfgang Rohdewald Sent: Saturday, November 08, 2003 8:14 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: [SAtalk] Filtering on returned mails not written with my mail client Hi, I'm new on this list, hoping this is not a FAQ (at least I found no such rule and no bug report) Is there a rule saying oh - this mail claiming to be from me has been returned as undeliverable. But is has not been written with the mail client(s) I use - so it must be spam. (or - it does not contain a custom X-Header I always add) If not, I will open a bug report. I don't think I can do this with mail filters since the original mail may have been base64 encoded. I am using spamassassin 2.60 on debian unstable. -- Wolfgang --- This SF.Net email sponsored by: ApacheCon 2003, 16-19 November in Las Vegas. Learn firsthand the latest developments in Apache, PHP, Perl, XML, Java, MySQL, WebDAV, and more! http://www.apachecon.com/ ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] Is bl.spamcop.net gone?
-Original Message- IIRC, bl.spamcop.net isn't supposed to resolve. Try running an RBL query against it instead of trying to resolve it. Surely it has to resolve to *something* - the NS records have gone as well. Tony No, it doesn't have to. When you query against bl.spamcop.net, you take the connecting server's IP address, reverse it, and query for that record. If it answers 127.0.0.2 it's listed, if it errors out, it's not. i.e. 1.2.3.4 connects, your server queries DNS for 4.3.2.1.bl.spamcop.net. 127.0.0.2 It's never necessary to simply query for bl.spamcop.net itself. nslookup -q=ns bl.spamcop.net gives: Non-authoritative answer: bl.spamcop.net nameserver = blns4.spamcop.net bl.spamcop.net nameserver = blns11.spamcop.net bl.spamcop.net nameserver = blns6.spamcop.net bl.spamcop.net nameserver = blns8.spamcop.net bl.spamcop.net nameserver = blns5.spamcop.net bl.spamcop.net nameserver = blns9.spamcop.net bl.spamcop.net nameserver = blns10.spamcop.net blns4.spamcop.net internet address = 194.109.6.147 blns11.spamcop.net internet address = 209.92.188.201 blns6.spamcop.net internet address = 209.198.142.146 blns8.spamcop.net internet address = 66.6.205.130 blns5.spamcop.net internet address = 198.145.240.35 blns9.spamcop.net internet address = 208.39.222.166 blns10.spamcop.net internet address = 206.67.234.226 --- This SF.Net email sponsored by: ApacheCon 2003, 16-19 November in Las Vegas. Learn firsthand the latest developments in Apache, PHP, Perl, XML, Java, MySQL, WebDAV, and more! http://www.apachecon.com/ ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] scoring system and values...
The CASHCASHCASH rule tests for the string '$$$' not for the phrase CASH! CASH! CASH! The ADDRESSES_ON_CD rule caught almost as much ham when tested against a half-million message corpus as it did spam. The BLANK_LINES_90_100 caught MORE ham than it did spam. http://search.cpan.org/src/JMASON/Mail-SpamAssassin-2.60/rules/STATISTIC S-set1.txt The reality is that you THINK these should be higher, but they're not as indicative of spam as you THINK they are. This has been empirically tested with a statistically significant sample. Click the link above and you'll see the results of the testing on that corpus. I think that since you work in an environment that does not tolerate any mention of the word v?a?ra you should score these rules higher in your local.cf file. That's the beauty of being able to simply put score ADDRESSES_ON_CD 97.0 in your own config files. -tom -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of maarten van den Berg Sent: Friday, November 07, 2003 3:25 PM To: [EMAIL PROTECTED] Subject: Re: [SAtalk] scoring system and values... But put yourself in my place. Upon looking at those rules I see al LOT of inconsistencies. For instance, I found these rules that have score of zero(!) (and these are merely the top of a large iceberg) score CASHCASHCASH 0 score ADDRESSES_ON_CD 0 score BLANK_LINES_90_100 0 score EJACULATION 0 score HERBAL_V+AG+A 0 One could argue that yelling CASH CASH CASH is a valid sales pitch in a normal mail. But hey, are we being realistic here ? How could anything but spam have this property ? For addresses_on_cd one could argue that it IS possible to have such a statement in a regular email (albeit that's already stretching it) but then I would retort that although possible it would stand to reason to give it at LEAST a score of 0.5 or so, but not _zero_! And the third, well, it could be a misconfigured client, but still, is an email that is 90% thin air worth of being treated as a valid email? And the fourth... of course you will find ejaculation in many many forums but, again, give it at least some low figure but NOT equal zero... And... well I won't even go into the fifth rule... come on ;-) --- This SF.Net email sponsored by: ApacheCon 2003, 16-19 November in Las Vegas. Learn firsthand the latest developments in Apache, PHP, Perl, XML, Java, MySQL, WebDAV, and more! http://www.apachecon.com/ ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] Razor2 Custom scores?
Since I'm stupid, you'll want to test this thoroughly. In 20_body_checks.cf you'll find: bodyRAZOR2_CF_RANGE_11_50 eval:check_razor2_range('11','50') bodyRAZOR2_CF_RANGE_51_100 eval:check_razor2_range('51','100') tflags RAZOR2_CF_RANGE_11_50 net tflags RAZOR2_CF_RANGE_51_100 net describe RAZOR2_CF_RANGE_11_50 Razor2 gives confidence between 11 and 50 describe RAZOR2_CF_RANGE_51_100 Razor2 gives confidence between 51 and 100 And in 50_scores.cf you'll find: score RAZOR2_CF_RANGE_11_50 0 0.559 0 0.876 score RAZOR2_CF_RANGE_51_100 0 1.552 0 1.101 Narrow those body rules down with ('11','50') and ('51','89') and change the names. Add a rule for ('90','100') and add a score appropriately. Like I said, I'm stupid, so test it first. :) -tom -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robert Leonard III Sent: Thursday, November 06, 2003 10:07 AM To: Spamassassin-Talk (E-mail) Subject: [SAtalk] Razor2 Custom scores? My system has only two scoring options for the Razor2 matches.. 0-50, and 51-100.. I'd like to score those with a confidence of 90+ higher than those with at 51.. What is the syntax to add to my local.cf files to allow this to happen.. or can it happen? Thanks! --- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] RE: [RD] spam sentences
VSNL is, I believe, the largest ISP in India or at least in the top 2. I'd tread lightly on blocking them if you do business with India at all. -tom -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chris Santerre Sent: Thursday, November 06, 2003 10:36 AM To: 'Colin A. Bartlett'; [EMAIL PROTECTED] Subject: [SAtalk] RE: [RD] spam sentences I noticed something last night regarding this certain spam, the unsub IP is the same for all! I noticed my evilrules was hitting on 203.197.204.157. Did a quick search: This has ALL the makings of a spamhost. The main page is just a image for, Cris inc. - mail worldwide. which would be odd since the site is in India! Whois info at end of this message. I would say pretty much everyone can block that IP at the firewall if they wanted to. I'm thinking on blocking the whole /16 block, as we don't do business with India. I did not contact the ISP. They are likely spammer friendly. --- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] Best Blacklists
Matt, thanks for this. It's a great resource. However, I'm wondering why the following were scored as zero and thus don't have numbers to support their efficacy or lack thereof: 0.000 0. 0.0.500 0.110.00 RCVD_IN_SORBS_BLOCK 0.000 0. 0.0.500 0.110.00 RCVD_IN_MAPS_RSS 0.000 0. 0.0.500 0.110.00 RCVD_IN_MAPS_RBL 0.000 0. 0.0.500 0.110.00 RCVD_IN_MAPS_DUL 0.000 0. 0.0.500 0.110.00 RCVD_IN_MAPS_NML 0.000 0. 0.0.500 0.110.00 RCVD_IN_BL_SPAMCOP_NET -tom -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Kettler Sent: Tuesday, November 04, 2003 3:19 PM To: Steve Heggood; [EMAIL PROTECTED] Subject: Re: [SAtalk] Best Blacklists just use: grep RCVD_IN_ STATISTICS-set1.txt As a quick example: OVERALL% SPAM% HAM% S/ORANK SCORE NAME 39.058 56.1503 0.20420.996 0.981.10 RCVD_IN_DSBL This means that DSBL match 39% of all email in the test, 56.15% of the spam, and 0.2042% of the nonspam. By comparison NJABL didn't do nearly as well, it got about the same amount of spam, but over 10x more nonspam. 41.161 57.6715 3.63220.941 0.840.10 RCVD_IN_NJABL OPM has impressively low nonspam hit rate, but it's spam hit rate isn't quite as high as some others (less than half the spam hit rate of DSBL, but 1/50th the nonspam hit rate): 15.868 22.8473 0.00401.000 0.954.30 RCVD_IN_OPM --- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] Are these blacklists widely used, anywhere?
No, but you can enable it if you like. Their web site tells you how. Just save this text as /etc/mail/spamassassin/something.cf http://www.ahbl.org/using/spamassassin.txt -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nigel Featherston Sent: Wednesday, November 05, 2003 7:58 PM To: [EMAIL PROTECTED] Subject: [SAtalk] Are these blacklists widely used, anywhere? I would like to know if SpamAssassin uses the following blacklists: rhsbl.ahbl.org dnsbl.ahbl.org And I would also like to know under what conditions they are enabled (i.e. by default, etc.) (Not a SpamAssassin user at the moment.) Thanks, Nigel --- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] a new rule
If it's already 100% sure that it's spam, how is it helpful to train it that it's spam? It's not like it's going to be 110% sure that it's spam. It's already trained! Not trying to be a wise-ass, I've just seen this question come up fairly often, and can't wrap my head around it. -tom -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chris Barnes Sent: Wednesday, November 05, 2003 2:09 PM To: [EMAIL PROTECTED] Subject: [SAtalk] a new rule How hard would it be to create a new rule for BAYES scoring that IS used by autolearn? Specifically, when I see this: * BAYES_99 BODY: Bayesian spam probability is 99 to 100% * [score: 1.] in the header, I'm fairly comfortable with having it autolearnt and letting my .procmailrc script send it straight to /dev/null. However, since BAYES scores are not used in deciding whether or not autolearn is used, this rarely happens. So a new rule of BAYES_100 (for scores that are 100%), that is used would be helpful. How? --- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] Patterns and load, progress???
Example 1. Use spamc/spamd, it defaults to only scanning messages under 250k and you can change that limit with spamc's -s switch. Example 2. What version of Spamassassin are you running? There's a whole ton of tests based upon the ratio of image to text. -tom From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian Kerhin Sent: Tuesday, November 04, 2003 3:43 AM To: [EMAIL PROTECTED] Subject: [SAtalk] Patterns and load, progress??? I've been working hard to build a network that stops spam from entering mail boxes, but I'm getting tired of what appears to be solutions to problems that don't need solving. EXAMPLE: Message comes in that is 13 Megs (big attachment) - message goes quickly through spamassassin, but sits in postfix's header and body check filters for 30 minutes? Question: Why even bother scanning something that big, no spammer has that much bandwidth to waste on one attempt, a setting would be nice to ignore spam on large messages. EXAMPLE 2 - the worst We've gotten VERY good at blocking text messages, I get almost NON in my mail box, what I do get is the goofy subject line followed by the single gif or jpg image of nasty stuff people want you to buy, if that's not enough the drug companies come in there. Question: Why not filter more when message size is LOW and image content is there. Can this be built into spamassassin or something else? How are you all dealing with this? Thanks, Brian --- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] Problems with bayes forgetting in 2.60
John, if you run the email through Spamassassin -tD mail.txt |more then you should be able to see which tokens it's finding, and the weight it's giving. Perhaps that particular email contains tokens which have been found in several learnable hams as well. If you save the output at the initial test, and then test again when this happens, you may see that those tokens get weighted differently. -tom -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Stewart, John Sent: Monday, November 03, 2003 1:13 PM To: '[EMAIL PROTECTED]' Subject: [SAtalk] Problems with bayes forgetting in 2.60 However, what I've noticed is that bayes seems to be forgetting. I had a couple of mails I trained it on last week, and immediately after learning them, it was hitting BAYES_99. Today one is hitting BAYES_50, and the other is not hitting any bayes rules, which I take to mean the check_bayes algorithm is returning somethintg between 0.4999 and 0.5001, as this is the only area not scored by some amount in the 23_bayes.cf file. --- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] spamd using up all system memory and swap space
-m 15 will limit it to 15 spamd instances. Give that a shot. I'm kinda surprised by how quickly this happens, though. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dennis Duval Sent: Monday, November 03, 2003 5:05 PM To: [EMAIL PROTECTED] Subject: [SAtalk] spamd using up all system memory and swap space I have created a script that monitors the number of spamd processes running, and stops spamd, modifies qmail-scanner-queue.pl to not use spamassassin, and sleeps for 30 seconds if it detects that more than 15 instances are running. --- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] IP Blocks to kill at the firewall?
Okay, this is the sixth copy of this email that I've gotten. Is it me, is it sourceforge, or is it maybelline? (Yeah, I know it's sourceforge, but I wanted to kvetch) -tom -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chris Trudeau Sent: Thursday, October 23, 2003 4:18 PM To: John L; [EMAIL PROTECTED] Subject: Re: [SAtalk] IP Blocks to kill at the firewall? Found this linked from the Emporium :) http://www.stearns.org/sa-blacklist/sa-blacklist.current You can probably use this... CT --- This SF.net email is sponsored by: The SF.net Donation Program. Do you like what SourceForge.net is doing for the Open Source Community? Make a contribution, and help us add new features and functionality. Click here: http://sourceforge.net/donate/ ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] IP Blocks to kill at the firewall?
Sweet. 27 hours for that to show up. (And looking at headers it's the ISP anyway, heh) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Meunier Sent: Friday, October 24, 2003 8:47 AM To: [EMAIL PROTECTED] Subject: RE: [SAtalk] IP Blocks to kill at the firewall? Okay, this is the sixth copy of this email that I've gotten. Is it me, is it sourceforge, or is it maybelline? (Yeah, I know it's sourceforge, but I wanted to kvetch) -tom -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chris Trudeau --- This SF.net email is sponsored by: The SF.net Donation Program. Do you like what SourceForge.net is doing for the Open Source Community? Make a contribution, and help us add new features and functionality. Click here: http://sourceforge.net/donate/ ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] Bayes always 99%
Even on good mail? Or only on Spam? Because when I see spam, I'm 99% sure it's spam, and a well-trained Bayes engine would be 99% sure also. If it's on good mail that you're seeing 99%, every time, then your database is screwed up and you should start over. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Scott Rothgaber Sent: Wednesday, October 22, 2003 7:37 AM To: [EMAIL PROTECTED] Subject: [SAtalk] Bayes always 99% My Bayes database finally got its 200 spams and hams and kicked in. I've noticed, however, that it *always* says that the probability is 99%. Is this normal? Thanks! Scott --- This SF.net email is sponsored by OSDN developer relations Here's your chance to show off your extensive product knowledge We want to know what you know. Tell us and you have a chance to win $100 http://www.zoomerang.com/survey.zgi?HRPT1X3RYQNC5V4MLNSV3E54 ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk --- This SF.net email is sponsored by OSDN developer relations Here's your chance to show off your extensive product knowledge We want to know what you know. Tell us and you have a chance to win $100 http://www.zoomerang.com/survey.zgi?HRPT1X3RYQNC5V4MLNSV3E54 ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] list of test gone
Sorry, I should've left a note. I had brought it to the printers to get a banner made, and thought I'd take it out for a nice ice cream sundae too. It's back now, though. I put it at http://www.spamassassin.org/tests.html -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Cliff Browning Sent: Tuesday, October 21, 2003 9:39 AM To: [EMAIL PROTECTED] Subject: [SAtalk] list of test gone I went to the spamassassin.org site today and the list of tests is not there. Could you please put it back. Thanks Cliff --- This SF.net email is sponsored by OSDN developer relations Here's your chance to show off your extensive product knowledge We want to know what you know. Tell us and you have a chance to win $100 http://www.zoomerang.com/survey.zgi?HRPT1X3RYQNC5V4MLNSV3E54 ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk --- This SF.net email is sponsored by OSDN developer relations Here's your chance to show off your extensive product knowledge We want to know what you know. Tell us and you have a chance to win $100 http://www.zoomerang.com/survey.zgi?HRPT1X3RYQNC5V4MLNSV3E54 ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] Auto learning and manual blacklists
I have a pretty comprehensive (and paranoid) list of blacklisted from addresses that I *know* will only send spam. Is there any way I configure SA such that these will be used to train the bayes? Make a custom header rule for the domain, and score it with a crazy amount of points. The format I've stolen from somewhere on the rules wiki - I'm too stupid to write a rule all by myself. Keep in mind that it won't autolearn unless you have a sufficient number of points in your body AND your header. I don't recall what these thresholds are, and I'm too lazy to go look. :) header ZZZ_SPAMMER_COM ALL =~ /spammername\.com/i describe ZZZ_SPAMMER_COM Score spammername.com ridiculously high. score ZZZ_SPAMMER_COM 98.6 -tom --- This SF.net email sponsored by: Enterprise Linux Forum Conference Expo The Event For Linux Datacenter Solutions Strategies in The Enterprise Linux in the Boardroom; in the Front Office; in the Server Room http://www.enterpriselinuxforum.com ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] LOTS of mail being tagged wrong
Train Bayes with sa-learn --ham using a sizable representative sample of the shipping company's known good email. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of HÃ¥kon Nilsen (Exinet AS) Sent: Friday, October 17, 2003 6:21 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: [SAtalk] LOTS of mail being tagged wrong Hi, This is a cross-message for MIMEdefang and SpamAssassin mailing lists. System: RH 7.3, Sendmail 8.12.10, SA 2.60, MIMEdefang 2.37 I just added new domain relaying through my mailserver. The users are ship brokers, and receive a _lot_ of mail from around the world. The problem is that lots and lots of the mails are tagged as spam. 90% of the mails tagged as SPAM isn't spam. And that's not very good. Here's the results of a mail: 5.4 BAYES_99 BODY: Bayesian spam probability is 99 to 100% --- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] Bayes location setting?
That's right. It seems weird, doesn't it? But basically, that setting tells SA that the filenames are /usr/local/share/bayes_* To achieve what you think it should be, you'd want to do bayes_path /usr/local/share/bayes/bayes - funny as that sounds. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Bartmess Sent: Friday, October 17, 2003 12:19 PM To: SpamAssassin Email List Subject: [SAtalk] Bayes location setting? In my local.cf, I've got # Enable the Bayes system use_bayes 1 bayes_path /usr/local/share/bayes bayes_file_mode 0666 But it seems to put the bayes_journal, etc in /usr/local/share instead. --- This SF.net email sponsored by: Enterprise Linux Forum Conference Expo The Event For Linux Datacenter Solutions Strategies in The Enterprise Linux in the Boardroom; in the Front Office; in the Server Room http://www.enterpriselinuxforum.com ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] Spamassassin updates
-Original Message- I'm Linux SysAdmin at the company I work for, I always install everything from source. A colleague, a Windows SysAdmin, installs everything on his Linux boxes from RPMs. What does that tell you? :) Tells me we need a larger sample size. I'm a Windows SysAdmin I install everything from source. An ex-colleague who does third-tier Enterprise Redhat support for the largest PC company in the world installs everything from RPMS. --- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] Automatic Unsubscribe
It's arguable whether that will unsubscribe them, or confirm to the spammer that they've scored a direct hit, and make your users a more valuable spam target. Think about it: Is someone who just hijacked a Taiwanese elementary school's mail server to send out necrophilia pornography with forged headers, likely to honor their promise to unsubscribe your users? -tom -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Leon Oosterwijk Sent: Tuesday, October 14, 2003 8:28 AM To: [EMAIL PROTECTED] Subject: [SAtalk] Automatic Unsubscribe All, I would like some feedback from you all on the following idea. What if spamassassin followed unsubscribe links for all emails that came through it's filter for emails that are obviously spam. This way people would automatically get unsubbed from some of these lists. Leon --- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] Bayes not working.. On System Wide SA
Well, it depends. If you run sa-learn and you're concerned that it's not running, use the --showdots switch and it'll give you a progress indicator. Just go ahead and sa-learn --ham a couple hundred hams real quick, it'll start up from there. No further config necessary. -tom -Original Message- From: Robert Leonard III [mailto:[EMAIL PROTECTED] Sent: Monday, October 13, 2003 1:00 PM To: Tom Meunier; [EMAIL PROTECTED] Subject: Re: [SAtalk] Bayes not working.. On System Wide SA Thanks for the tip.. I guess it was an addressing/permission issue.. I see now, when I --lint -D that there are 200 in my HAM db and the SPAM has now gone over 200 so I am assuming it works.. do I need to do a.. sa-learn --spam to actually implement the database? then a sa-learn --ham once that has passed the 200 level too? I've tried sa-learn --spam, but it goes for a LONG TIME.. is that normal? I've never actually let it finish, thinking it was 'stuck'.. but it may just take a long time.. --- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] Not reading local.cf?
-H should list a directory other than the default home directory of the user that's calling spamc. Else, don't use it at all. -m5 should be -m 5 I believe. Other than that, Idunno. Feel free to ignore me. -tom -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Bartmess Sent: Monday, October 13, 2003 9:02 PM To: SpamAssassin Email List Cc: Matt Kettler Subject: Re: [SAtalk] Not reading local.cf? OK, that doesn't work... I changed from: SPAMDOPTIONS=-d -c -a -m5 -H to: SPAMDOPTIONS=-d -c -a -m5 -H -u root and now spamd won't start. --- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] How to ignore attachments of a certain size?
How do you call SpamAssassin? Please be specific with your answer. :) If you use spamc/spamd it defaults to only scanning up to 250kb, configurable with the -s switch. No config file necessary, you set it as a switch on the line that you call spamc with. http://www.spamassassin.org/doc/spamc.html -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of C. D. Tobola Sent: Sunday, October 12, 2003 7:55 PM To: [EMAIL PROTECTED] Subject: [SAtalk] How to ignore attachments of a certain size? One of my users periodically sends large office documents. Unfortunately, scanning these files causes a time-out in Postfix. How do I go about setting Spamassassin so it passes along large attachments without scanning them? (Please be specific with your answer -- parameter to set and location of the config file -- I'm new at this.) Thanks! -Cloy --- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] Bayes not working.. On System Wide SA
Okay, are you running spamassassin as root? If not, you'll probably want to specify bayes_path in your local.cf - so that when you do a spamassassin -D it reflects the ACTUAL location of the Bayes databases. Then run it again, and see if you actually have zero spams in the database. It will tell you in the output whether the user that's calling SpamAssassin has sufficient rights to the /foo/bar/.spamassassin directory and its files - if not, just go in and chmod and chown as necessary. (*n?x words confuse me; I'm a win32 admin) I'm guessing that the debug info you're seeing logged on as root is not accurate for troubleshooting purposes. -tom -Original Message- From: Robert Leonard III [mailto:[EMAIL PROTECTED] Sent: Saturday, October 11, 2003 10:13 PM To: [EMAIL PROTECTED] Subject: [SAtalk] Bayes not working.. On System Wide SA Hi all.. Quick question.. I hope.. I'm running SA 2.60 on RH9 and am trying to get Bayes to autolearn.. I pass ALL my mail from this system to my exchange server and host no local mailboxes.. While not ideal, it is what I was asked to do for the company.. I understand that Bayes can still work, though I have not seen it do so.. I believe I have it enabled correctly in the /etc/mail/spamassassin/local.cf file, and the /usr/bin/spamassassin --lint -D data below looks to me as if it is trying to work.. --- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
[SAtalk] Popcorn Weeds Backhair
So I'm loving the rules http://spamhammers.nxtek.net/ that Jennifer Wheeler wrote , but I'm up against a few (philosophical?) questions, and would like to invite discussion. I've noticed that about 95% of the time when these rules are hit, they're listed as BAYES_99. In this case, should I even bother? I guess they ensure that the 5% that are not BAYES_99 have more of a chance of getting fed back into Bayes because of it, and that's A Good Thing. I've also considered dumping spammers at the MTA level before they are even passed to SpamAssassin, using a homebrew RBL or something. The good part of this is that it would save traffic on my Postfix/SA gateway box, then my AV box, then my mailserver (drive space here, too) itself. The bad part is that these spams would then never get learned by Bayes. I do blacklist defunct users at the Postfix level, and that actually cut my spam traffic by over 50% by itself, but again this stuff never gets learned in Bayes. Has anyone else juggled these questions? -tom --- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] Too many rules?
Call it with spamd and limit the number of spamd processes with the -m switch. For comparison sake, I have a light-volume postfix/spamd gateway server that handles about 1000 messages per hour during business hours. It's a PII-400 with 512mb RAM. I can't give you spamstats time statistics output with evilrules.cf, as I simply blacklist_from *foo.tld offending domains to my blacklist.cf file. -tom -Original Message- From: Robert Leonard III [mailto:[EMAIL PROTECTED] Sent: Saturday, October 11, 2003 10:09 PM To: [EMAIL PROTECTED] Subject: [SAtalk] Too many rules? [ ] However When I implemented the gigantic evilrules.cf, they worked great for about an hour.. Then the whole server went into such a slow mode that I had to do a hard reboot just to get it back.. It wasn't dead, but just so bogged down that it couldn't function. [ ] --- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] SA memory utilization (Was: Evil rules HUGE update!
-Original Message- From: Roger Merchberger [mailto:[EMAIL PROTECTED] [ ] 2) Is there any way of setting up logging to know which rules are being hit which ones aren't without grabbing all of the message headers? I'd like to be able to profile which rules are being hit the hardest which aren't [ ] I run spamd with the -D switch, and it logs full debug output to my maillog file. Then I look for the line in the maillog that lists all the tests I hit, and identify and grep a unique string that appears on that line: (Lookit all the weeds! Thanks Jennifer!) # tail -f /var/log/maillog | grep required=5 Oct 12 20:21:37 spamassassin spamd[7196]: debug: is spam? score=-4.8 required=5 tests=BAYES_00,CLICK_BELOW Oct 12 20:22:59 spamassassin spamd[7201]: debug: is spam? score=28.542 required=5 tests=BAYES_99,FROM_ENDS_IN_NUMS,HTML_FONTCOLOR_UNKNOWN,HTML_FONT_INVISI BLE,HTML_MESSAGE,HTTP_ENTITIES_HOST,J_WEEDS_A,J_WEEDS_B,J_WEEDS_E,J_WEED S_H,J_WEEDS_I,J_WEEDS_J,J_WEEDS_N,J_WEEDS_O,J_WEEDS_P,J_WEEDS_R,J_WEEDS_ S,J_WEEDS_W,J_WEEDS_Z,MSGID_FROM_MTA_SHORT,RCVD_IN_DSBL,RCVD_IN_NJABL,RC VD_IN_NJABL_PROXY,RCVD_IN_RFCI,RCVD_IN_SORBS,RCVD_IN_SORBS_MISC,RCVD_IN_ SORBS_SMTP Oct 12 20:23:06 spamassassin spamd[7215]: debug: is spam? score=115.041 required=5 tests=BAYES_99,CLICK_BELOW,EXCUSE_6,FORGED_MUA_MOZILLA,HTML_70_80,HTML_F ONT_INVISIBLE,HTML_IMAGE_ONLY_04,HTML_LINK_CLICK_HERE,HTML_MESSAGE,MIME_ HEADER_CTYPE_ONLY,MIME_HTML_NO_CHARSET,MIME_HTML_ONLY,NORMAL_HTTP_TO_IP, RCVD_IN_SBL,RCVD_IN_SORBS,T_AM_SPAMMY_SENDER,USER_IN_BLACKLIST,W_ROT13_B _R -tom --- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] Why SpamAssassin STOP FILTERING SPAM !!! HELP !!!
top-posting Okay, so SpamAssassin is working fine. The mail is properly marked up when it leaves SpamAssassin at the original place SpamAssassin is called. Then the next process is what's marking it as 0.0. It almost looks as if it's running spamassassin twice, once on the original mail and once on the already-scanned mail. Perhaps during whatever adds that funny X-UIDL header. Follow the path that the email's taking between Internet and final destination, and you'll see the place where the process breaks down. It's difficult to see because you're not including full headers. -tom -Original Message- From: O-Zone [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 08, 2003 9:39 AM To: David B Funk Cc: [EMAIL PROTECTED] Subject: Re: [SAtalk] Why SpamAssassin STOP FILTERING SPAM !!! HELP !!! debug: running meta tests; score so far=1.27 debug: is spam? score=1.27 required=5 tests=DATE_MISSING,NO_REAL_NAME but, at the present, i continue to get the same header in all spam emails: Message-Id: [EMAIL PROTECTED] Date: Wed, 8 Oct 2003 12:58:53 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on domini.tdsiena.it X-Spam-Level: X-Spam-Status: No, hits=0.0 required=5.0 tests=none autolearn=ham version=2.60 X-UIDL: `%p!!nog!gXo!!M[J!! Status: R X-Status: N X-KMail-EncryptionState: X-KMail-SignatureState: ... --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] RBL check
Hi Doug, The answer to your question varies depending on what version of SpamAssassin you're using, and what RBL's you're seeing scores on. This is crucial information to answering your question. Since this is a well-documented issue with versions before 2.60, I'm going to assume that, and that you still have deprecated RBLs enabled. You'll want to disable any RBLs that have been DDOS'd off the planet. Visit http://news.spamassassin.org and see the articles entitled orbs.dorkslayers.com no longer available And Osirusoft Blocklists Dead -Original Message- From: Doug Crompton [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 07, 2003 8:47 AM To: SpamAssassin-Talk list Subject: [SAtalk] RBL check Are others having the degree of disatisfaction with the RBL check that I am. It seems that seeminly legitimate sites are being tagged as relay's. --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] Why SpamAssassin STOP FILTERING SPAM !!! HELP !!!
top posting again (I must be annoying SOMEBODY) Hi Oz, Which machine(s) have spamassassin? I know domini does, but does siena also have spamassassin? That would cause this behavior. -tom - headers - On Wednesday 08 October 2003 13:25, you wrote: It's difficult to see because you're not including full headers. here the full header of a spam e-mail: Return-Path: [EMAIL PROTECTED] X-Original-To: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] Received: from 127.0.0.1 (localhost [127.0.0.1]) by siena.tdsiena.it (Postfix) with SMTP id EE6185801F for [EMAIL PROTECTED]; Wed, 8 Oct 2003 13:06:16 +0200 (CEST) Received: by siena.tdsiena.it (Postfix, from userid 1090) id D06565801E; Wed, 8 Oct 2003 13:06:16 +0200 (CEST) Received: from domini.tdsiena.it (domini.tdsiena.it [81.113.95.251]) by siena.tdsiena.it (Postfix) with ESMTP id D3A955801E for [EMAIL PROTECTED]; Wed, 8 Oct 2003 13:06:12 +0200 (CEST) Received: from 127.0.0.1 (localhost [127.0.0.1]) by domini.si.tdnet.it (Postfix) with SMTP id 09D743FCFD for [EMAIL PROTECTED]; Wed, 8 Oct 2003 13:04:45 +0200 (CEST) Received: by domini.tdsiena.it (Postfix, from userid 12612) id E3FD02; Wed, 8 Oct 2003 13:04:44 +0200 (CEST) Received: from mail.comenter (unknown [81.195.93.155]) by domini.tdsiena.it (Postfix) with ESMTP id BCC773FCFD for [EMAIL PROTECTED]; Wed, 8 Oct 2003 13:04:41 +0200 (CEST) Message-ID: [EMAIL PROTECTED] From: Cindy Nicholas [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Vicodin, pain medication available95irjc2 Date: Wed, 08 Oct 2003 11:03:26 + MIME-Version: 1.0 User-Agent: Mozilla/5.001 (windows; U; NT4.0; en-us) Gecko/25250101 Content-Type: text/html Content-Transfer-Encoding: base64 X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on domini.tdsiena.it X-Spam-Level: X-Spam-Status: No, hits=0.0 required=5.0 tests=none autolearn=ham version=2.60 X-UIDL: $I6!!\L5!\-H!!/7E! Status: R X-Status: N X-KMail-EncryptionState: X-KMail-SignatureState: Now ? Can you see something wrong ? Oz --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] Why SpamAssassin STOP FILTERING SPAM !!! HELP !!!
-Original Message- From: O-Zone [mailto:[EMAIL PROTECTED] On Wednesday 08 October 2003 13:40, Tom Meunier wrote: top posting again (I must be annoying SOMEBODY) Hi Oz, Which machine(s) have spamassassin? I know domini does, but does siena also have spamassassin? That would cause this behavior. Yes, also Siena have Spamassassin ! It's wrong ? Why ? :O Thanks a lot ! Oz -- It's wrong because Siena is not scanning an email from the Internet; it's scanning an email from your internal server [domini]. These are two different emails altogether. --- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] 2.60 Problems
6 asterisks indicates it's not quite 7.0. Probably 6.9something. You could add up the scores to verify if you really like, but that's what's happening. X-Spam-Level: ** X-Spam-Status: No, hits=7.0 required=7.0 tests=BAYES_10,DATE_IN_PAST_03_06, HTML_FONTCOLOR_BLUE,HTML_FONTCOLOR_RED,HTML_FONT_BIG,HTML_MESSAGE, MIME_HTML_ONLY,MIME_HTML_ONLY_MULTI,MISSING_MIMEOLE, MISSING_OUTLOOK_NAME,RCVD_IN_DYNABLOCK autolearn=no version=2.60 -Original Message- From: Jeffrey Wheat [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 07, 2003 8:01 AM To: [EMAIL PROTECTED] Subject: [SAtalk] 2.60 Problems I am seeing problems with 2.60 on a FreeBSD server, using exim as my mta. Emails are being tagged as having the required hits but are not being tagged as spam. --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] OT: anti-spam email-only host
Sounds like Postini. Or Messagelabs. postini dot com or messagelabs dot com. Messagelabs is using a modified SpamAssassin, iirc. -Original Message- From: Jonathan Vanasco [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 07, 2003 5:23 PM To: [EMAIL PROTECTED] Subject: [SAtalk] OT: anti-spam email-only host I remember seeing a while back an anti-spam email-only host. It had a crazy name, and worked like this: you have your mx point to their machine, and webmail/imap handles multiple aliases so you can track/monitor/disable it was something like $25 a month, including domain -- anyone remember this? --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] spamd and -a option in 2.60?
It's the first option on the list if you type spamd --help -Original Message- From: Rob Mangiafico [mailto:[EMAIL PROTECTED] Sent: Monday, October 06, 2003 1:10 PM To: [EMAIL PROTECTED] Subject: [SAtalk] spamd and -a option in 2.60? In the 2.60 docs, the -a auto whitelist parameter is no longer listed as an option. Is it still supported? If not, what do we set for using auto whitelists with spamd? --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] 50% Spam Reduction Rate
What version of SpamAssassin? You can implement Razor, DCC, RBLs, and train your Bayes up to 200 each of spam/ham to augment the tools at SA's disposal. -tom -Original Message- From: David M. Carney [mailto:[EMAIL PROTECTED] Sent: Monday, October 06, 2003 1:09 PM To: [EMAIL PROTECTED] Subject: [SAtalk] 50% Spam Reduction Rate I've only had spamassassin installed and operating for about 2 days. I don't normally get a lot of spam, but it only seems to be stopping about half of all the spams that hit my mailbox. My ~/.procmailrc file is pretty much the sample that comes with the docs. I am doing sa-learn on all the spams that get through. Is there anything else that I can do? --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] SA's recently slowed down for me!
You need to either upgrade to 2.60 or remove your Osirusoft and orbs tests tests as specified in the article at http://news.spamassassin.org. Those blocklists are dead and are waiting until your timeout. -tom -Original Message- From: Jim Ford [mailto:[EMAIL PROTECTED] Sent: Monday, October 06, 2003 1:19 PM To: [EMAIL PROTECTED] Subject: [SAtalk] SA's recently slowed down for me! Hi. I've been using SA 2.55 for some months now and it's been working so well that I unsubscribed from the list. However, in the past couple of days the processing by SA has slowed down such that it halts and the server times out. It always happens when 'untieing bayes', not as I initially exepected when accessing network DBs. Here's a typical example: spamd[2217]: debug: is spam? score=27.9 required=5 tests=BAYES_90,DCC_CHECK,FORGED_MUA_OUTLOOK,HARDCORE_PORN,HOT_ NASTY,HTML_60_70,HTML_FONT_BIG,HTML_TAG_BALANCE_TABLE,LIVE_POR N,MIME_HTML_ONLY,OBFUSCATING_COMMENT,RCVD_IN_DSBL,RCVD_IN_OSIRUSOFT_COM, TRACKER_ID,UPPERCASE_50_75 spamd[2217]: logmsg: identified spam (27.9/5.0) for jim:1000 in 33.1 seconds, 1743 bytes. spamd[2217]: identified spam (27.9/5.0) for jim:1000 in 33.1 seconds, 1743 bytes. spamd[2217]: debug: bayes: 2217 untie-ing I've got a pretty slow machine, but it's been OK 'till now. Any ideas, please? (I see 2.60 is out. I'll probably migrate to it when I get round to it.) --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] spamassassin -tD creates higher score than MailScanner SpamAssassin
So you're saying that when you cut and paste the body of a spam into an email, removing the spammer's headers, SpamAssassin doesn't rate your headers as spammy as the spammer's headers? And you include only the spammy body, and it trips off all the spammy body checks? That's to be expected, isn't it? -Original Message- From: Chris T. [mailto:[EMAIL PROTECTED] Sent: Monday, October 06, 2003 6:52 PM To: [EMAIL PROTECTED] Subject: [SAtalk] spamassassin -tD creates higher score than MailScanner SpamAssassin when I paste the contents of email-sample-spam.txt into an email and send it through MailScanner Version 4.23-11 it only scores a 2.064. --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] Highest Score
Look, there's a poll for this at http://news.spamassassin.org/modules.php?op=modloadname=NS-Pollsfile=index Is it inappropriate to suggest that we see who's got the biggest thingy over there? -tom --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] Re: Pyzor in 2.60?
I've been able to re-discover pyzor servers (and it always winds up with the same server) and get pyzor working for a couple hours before the couldn't grok response '...TimeoutErrors' begins again. I've disabled Pyzor and just written it off to my own ignorance. Basically once it starts not grokking, it successfully queries roughly 10% of the time. And I've increased the timeout beyond belief, too. Idunno. Disabled works for me, at this point. -Original Message- From: Robert Leonard III [mailto:[EMAIL PROTECTED] Sent: Friday, October 03, 2003 9:51 AM To: [EMAIL PROTECTED] Subject: Re: [SAtalk] Re: Pyzor in 2.60? The solution was given to me yesterday... and it, as many solutions are, was easy.. if not obvious.. On Pyzors website they state that their servers IP address have changed and you need to run 'pyzor discover'... I did.. it re-discovered.. and it now works... :) Here is what I see when I run spamassassin --lint -D debug: Pyzor is available: /usr/bin/pyzor debug: entering helper-app run mode debug: Pyzor: got response: 66.47.67.162:24441 TimeoutError: debug: leaving helper-app run mode debug: Pyzor: couldn't grok response 66.47.67.162:24441 TimeoutError: --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] Re: Automating usage of sa-learn
-Original Message- From: Malte S. Stretz [mailto:[EMAIL PROTECTED] and 3 ways to attach a complete message (as sent by the POP3 server) to a new message. Could you tell me the way to do it with Outlook 2000? I searched for that option on a customers box today, without avail. It almost drove me crazy... Tools Options Email Options When Forwarding Attach Original Message. or from the message editing interface itself: Insert Item and browse through your folders to find the mail you want to attach. -tom --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] SA WISH LIST Country Identification 2 Digit Codes
You could probably make some of that happen yourself by implementing some of the blacklists at http://www.blackholes.us See http://www.blackholes.us/docs/usage.html#spamassassin for usage info. -tom -Original Message- From: Andrew Thomas [mailto:[EMAIL PROTECTED] Sent: Friday, September 26, 2003 11:06 AM To: [EMAIL PROTECTED] Subject: [SAtalk] SA WISH LIST Country Identification 2 Digit Codes It would be great if SA created a Header entry called country of Origin and Identified this with a the 2 digit code... Examples CO:CA CO:US CO:AF Creating Continent code or the assigning IP org would be great to. So that each header would contain the country and continent code... Many small businesses with a few employees only do email business with a closely knit group of companies many of which might only be in the same country. Having an Outlook Rule that looks for and takes advantage of this would be useful... --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] Bayes question: Can I change the number of messages required before bayes kicks in?
Why not just go get 80 spams from the public corpus? It'll be not optimal, but it'll be better than forcing it with 120. http://spamassassin.org/publiccorpus/ -Original Message- From: Bill [mailto:[EMAIL PROTECTED] Sent: Friday, September 26, 2003 10:45 AM To: [EMAIL PROTECTED] Subject: [SAtalk] Bayes question: Can I change the number of messages required before bayes kicks in? I have a low volume mail server and do not get many spams. In the past 2 months I have only been able to collect 120 spams to feed the bayes. (I have over 1000 hams in the datatbase.) I would like to enable bayes at this point. I thought I saw a command to set minimum number of bayes entries required to start using bayes. I cannot find that command now that I am ready to try to enable it. A little help here would be appreciated. I am running your latest version 6.0 TIA, Bill --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] Auto-whitelist (AWL) enable/disable?
AFAICT you'd do auto_whitelist_factor 0 use_bayes 0 will disable bayes, not the (unfortunately named - it's as much an auto blacklist as an auto whitelist, innit?) auto whitelisting feature. I hope if I'm mistaken somebody will jump in and correct me. I remember this being asked a few months ago, and no definitive answer was given. -tom -Original Message- From: Doug Ledbetter [mailto:[EMAIL PROTECTED] Sent: Friday, September 26, 2003 2:12 PM To: [EMAIL PROTECTED] Subject: [SAtalk] Auto-whitelist (AWL) enable/disable? Hello all, What enables or disables the auto-whitelisting feature? Would it be use_bayes? If I don't want auto-whitelisting, will use_bayes 0 turn it off? --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] required_hits 10 email scores a 7 and is blocked
SpamAssassin doesn't block mail. All it does is mark it up for content. That mail seems to have been marked up for spam content correctly. Therefore, your problem is not with SpamAssassin but rather with the product that you've configured to quarantine mail. -Original Message- From: CHRISTOP TATRO [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 23, 2003 6:59 AM To: [EMAIL PROTECTED] Subject: [SAtalk] required_hits 10 email scores a 7 and is blocked I have required_hits set to 10 in my /etc/mail/spamassassin/local.cf and the message is only scoring a 7 and is still being blocked and sent to my spam-quarantine mailbox. What is up with that? This is a copy of the email sent to my $spam_admin = '[EMAIL PROTECTED]' --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] problems with 2.60
Go check your filesystem rights on those file directories. That's happened to me before, and I was waiting for it to happen this time too, and mysteriously, it didn't. My gateway boxen must be contagious. :) -tom -Original Message- From: Steve Heggood [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 23, 2003 10:06 AM To: [EMAIL PROTECTED] Subject: [SAtalk] problems with 2.60 Just Upgraded to 2.6 I using spamd/spamc and have these 3 errors in my log: (I edited out my site info) cannot write to /var/spamassassin/bayes_journal, Bayes db update ignored debug: open of AWL file failed: lock: 24174 cannot create tmp lockfile /root/.spamassassin/auto-whitelist.lock.[MYNODE].[MYDOMAIN].com.24174 for /root/.spamassassin/auto-whitelist.lock: Permission denied debug: mkdir /root/.spamassassin failed: mkdir /root/.spamassassin: Permission denied at /usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin.pm line 1272 How can I resolve? -steve- --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] Better logging?
I think the main thrust of his answer was that Google Is Your Friend. http://www.gryzor.com/tools/ -tom -Original Message- From: Jim Knuth [mailto:[EMAIL PROTECTED] First hit after googling for spamstats and perl: http://freshmeat.net/projects/spamstats/?topic_id=245 thank you, but this site is not attainable --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] Better logging?
Spamstats does that. http://www.gryzor.com/tools/ -Original Message- From: Markus Gaugusch [mailto:[EMAIL PROTECTED] Sent: Monday, September 22, 2003 5:31 AM To: [EMAIL PROTECTED] Subject: [SAtalk] Better logging? Hi, I'm using spamassassin on our relay server (with postfix), and I would like to associate the mail recipients with the messages from spamd, to do some stats (who gets the most spam, etc.). --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] SpamAssassin filters seem too weak out of the box...
It's not abysmal. You just don't understand it. Most people get in excess of 99% of spam with SpamAssassin. Isn't it great to know that SpamAssassin is so well geared against false positives that you're TRYING to send a spammy email and can't do it? http://www.spamassassin.org/tests.html Break a few more tests and you'll get over the threshold. Or run some of your REAL spam through it. Of course, you could write your own rule to make PEN*S 5.0 points if you like. But it's been tested thoroughly and it turns out that no, that is not an appropriate score for that test. -Original Message- From: Mike Klein [mailto:[EMAIL PROTECTED] Sent: Monday, September 22, 2003 1:36 AM To: [EMAIL PROTECTED] Subject: [SAtalk] SpamAssassin filters seem too weak out of the box... After some dyslexia in running the tests in USAGE (which passed/failed as they should)... I decided to send some really annoying spam to myself. Basically email consisted of an all caps subject INCREASE YOUR PEN*S SIZE NOW!!! and several lines in the body with same text and a url to go to. BTW, I didn't make the above typo in my email...I spelled the organ part correctly. The best I can seem to do on my own is rate a 3.1...with 5 to reject. This seems a skosh weak. I mean...let's get real. The subject alone s/have made the email rate a 5...imho. I will look at configuring hit rate lower, but this s/not be necessary I think. Why is the rating system so abysmal? --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] Philosophical SA questions
Hi Darren, 256 Ham, 1040 Probably Spam (5 points), 256 Almost Certainly Spam (15 points), and 269 false negatives, 0 false positives. Bayes was trained with 16680 Spam, 4092 Ham, 125776 tokens. I have auto-learning enabled, and feed all the false negatives back into sa-learn the same day... What version of SA are you using? I can't imagine any reason for this, other than your bayesian database is tainted. Did you hand-confirm those 21,000 emails? Honestly, you'd do much much better than that with just 200 of each. There's something very wrong with those numbers, that can't be accounted for in normal operation. Spot-check through the headers of the false negatives, and see if the BAYES_xx is wrong. It should hardly ever be wrong. Philosophical question #1: Am I expecting too much to be disappointed with so many false negatives? Personally, I'd rip it out and rebuild with numbers like that. Philosophical question #1.5: Are the network tests (RAZOR, etc.) essentially required? No. They're nice to have, but I disabled them with very slight initial impact. After I was satisfied that Bayes was trained. If you disable them, you'll be using another score set that compensates. Philosophical question #2: I feel I could do much better tweaking some of the rules (already made MIME_HTML_ONLY 3 points) that most of my spam hits that never are in my ham, but should I start there or just lower my overall spam threshold? Has anyone already done a more aggressive prefs file, especially anti-HTML mail so that I don't have to start from scratch? You may want to check out the rules sites: http://www.merchantsoverseas.com/wwwroot/gorilla/sa_rules.htm http://www.exit0.us/ Personally, I try not to touch the rules - I like to rely on Bayes if I can. However, I *really* like the ROT13, etc. rules. And when I see a domain repeatedly spamming me, I throw a blacklist_from *domain.com into my .cf file just in case they learn how to sneak through. Philosophical question #2.5: How are the default scores chosen? I thought I read they were determined mathematically based on their frequency in the test spam corpus? Is that true? If so, why is my corpus so different? It's my understanding that they're put under load with a large corpus of ham/spam, and their effectiveness is analyzed from the results of that run. Philosophical question #3: One of the things I liked about SpamBouncer was feeding it your legitimate email addresses and mailing list addresses and then it would consider items sent TO those (missing or specifically there) in the overall scoring. I don't think SA offers anything like that... it's not whitelisting (since that's From:), and it fails on BCCs (hence the need for positive weighting of other factors)... would be nice to have? Anyone written a rule like that? Any suggestions? I'm not sure how highly to score it. There are various levels of adding this type of whitelisting to your prefs file. Philosophical question #4: Should I convert purely to bayes-type filters? I can't believe it's worth throwing out some of the basic SA heuristics, but the Bayes scores coming from SA have been pretty accurate. To start with, has anybody already written a prefs file favoring bayes heavier than default? Alternatively, can somebody explain to me the differences in the DEFAULT SCORES (local, net, with bayes, with bayes+net) column on the tests page? I've considered it, but I like the ability to help it along with alternative heuristics. Spammers are becoming very interested in Bayes poisoning lately. Philosophical question #5: Should I try to get my bayes ham vs. spam ratio closer as many suggest? If so, why exactly? It seems a waste to throw out spam since it can only further prove the frequency of spam tokens and lack of hammy ones... maybe I'm missing the math behind it? I'm interested in a definitive answer to this question also. Experience tells me no, but lack of analysis says I could very well be wrong for the 1 billionth time this month. Philosophical question #6: Why autolearn only on the certainly spam? Most of them already score high on Bayes, why not train on the borderlines where bayes could push it over the edge? I get a lot of 3.9s and 4.2s with no (or little) affecting score from bayes. To guard against mistakes, which would be a big problem. And to give you a chance to manually train the borderline stuff. I'm rather certain your Bayes is trashed, Darren. -tom --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] Autodeleting spam based on score without deleting all spam
Why, Google of course! http://savannah.nongnu.org/projects/spamass-milt/ Yes, it works with qmail. -tom -Original Message- From: Tom Macek [mailto:[EMAIL PROTECTED] Sent: Sunday, September 21, 2003 8:40 AM To: [EMAIL PROTECTED] Subject: Re: [SAtalk] Autodeleting spam based on score without deleting all spam Can you tell me, where can I get the spamass-milter program?? Is it a script? Does it work with qmail? --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] Autodeleting spam based on score without deleting all spam
Oh pooh. Ignore me. Of course Patrick is right; it doesn't support qmail. -Original Message- From: Tom Meunier Sent: Sunday, September 21, 2003 9:51 AM To: 'Tom Macek'; [EMAIL PROTECTED] Subject: RE: [SAtalk] Autodeleting spam based on score without deleting all spam Why, Google of course! http://savannah.nongnu.org/projects/spamass-milt/ Yes, it works with qmail. -tom -Original Message- From: Tom Macek [mailto:[EMAIL PROTECTED] Sent: Sunday, September 21, 2003 8:40 AM To: [EMAIL PROTECTED] Subject: Re: [SAtalk] Autodeleting spam based on score without deleting all spam Can you tell me, where can I get the spamass-milter program?? Is it a script? Does it work with qmail? --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] Question for the FAQ
Absolutely. www.exit0.us/index.php/VirusBounceRules among other things. -tom -Original Message- From: Ivar Magne Auestad [mailto:[EMAIL PROTECTED] Sent: Thursday, September 18, 2003 1:01 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: [SAtalk] Question for the FAQ You are writing in the FAQ that you don't focus on viruses, but I have a suggestion. It would be very easy to add attachment type as a qualifyer. Very many viruses are attached as .pif-files or double extention attachments (document.doc.exe) or refered to as inline mime code. This would remove quite some prosent of the viruses spread. Ivar Magne --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] Scan Message Max Size
-Original Message- From: Gary Funck [mailto:[EMAIL PROTECTED] Sent: Friday, September 19, 2003 10:38 AM To: Spamassassin List Subject: RE: [SAtalk] Scan Message Max Size Define safe - I stick with the default of 250kb and have never had an issue with it. I can't see receiving a spam anywhere near that size, that wouldn't also trigger an attachment blocking rule on my gateway MTA. Define near. The latest Microsoft update spoof is about 155K. That'd be like that New Shimmer! It's a virus AND a banned executable attachment! I have tools designed to deal with both of those, and SpamAssassin isn't one of them. -tom --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] Spam and bounces
SpamAssassin doesn't bounce mail, period. If you want it to bounce mail, please do so. If you don't, don't. Further documentation in your MTA's man pages. -tom -Original Message- From: Regis Wilson [mailto:[EMAIL PROTECTED] Sent: Thursday, September 18, 2003 4:56 PM To: [EMAIL PROTECTED] Subject: [SAtalk] Spam and bounces I have an interesting one: Is it possible to not bounce mail that is marked as spam? Unfortunately, I believe spamassassin is usually called by procmail and thus would not be possible. Maybe as a milter? But I have read bad things about the milters. Thanks for any helpful replies. --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] disable rbls, but keep pyzor, dcc, razor
skip_rbl_checks 1 #even though they're default if installed anyway... use_razor2 1 use_pyzor 1 use_dcc 1 You've disabled the Osirusoft tests, I hope. Those hit everything on the Internet. -tom -Original Message- From: Covington, Chris [mailto:[EMAIL PROTECTED] Sent: Thursday, September 18, 2003 9:29 AM To: [EMAIL PROTECTED] Subject: [SAtalk] disable rbls, but keep pyzor, dcc, razor What is the best way to disable all SpamAssassin (2.55) RBL checks, but keep Pyzor, DCC, and Razor2 enabled? thanks Chris ps - as a side note, I wonder if 2.6 will help stop all these FPs I get? My threshold is 6.0. --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] Recognising dynamic rr.com IPs
http://blackholes.us/ -Original Message- From: Peter Kiem [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 17, 2003 7:41 PM To: [EMAIL PROTECTED] Subject: [SAtalk] Recognising dynamic rr.com IPs I'm getting sick of all the spam that comes from rr.com and have been blocking based on client addresses like houston.rr.com, nyc.rr.com, satx.rr.com etc but they seem to have LOTS of pools like this. Does anyone know a regexp to detect either 1) the dynamic rr.com pools for blacklisting; or 2) the legal rr.com mailservers for whitelisting? --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] The Verisign folly
Date: Sat, 25 Jan 2003 10:19:37 +1100 -tom -Original Message- http://www.iab.org/Documents/icann-vgrs-response.html --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] The Verisign folly
I think the linked IAB missive is related to this: http://www.merit.edu/mail.archives/nanog/2003-01/msg00023.html WTF is Verisign doing anyway? Deciding the Internet is their own private toy? And everyone in the world is using it at their (verisign's) whim? -tom -Original Message- From: Tom Meunier [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 16, 2003 2:02 PM To: [EMAIL PROTECTED] Subject: RE: [SAtalk] The Verisign folly Date: Sat, 25 Jan 2003 10:19:37 +1100 -tom -Original Message- http://www.iab.org/Documents/icann-vgrs-response.html --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] SA only ran 1 test??
How can you tell it only ran one test? I'd say it ran all of the tests but only hit on one of them. What rule do you feel your example spams broke, that SpamAssassin missed tagging? The only answer to spams like your example is Bayes, RBLs, and distributed checksums such as Razor/Pyzor/DCC, if the headers themselves don't break any rules. -tom -Original Message- From: jpf [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 09, 2003 11:51 PM To: [EMAIL PROTECTED] Subject: [SAtalk] SA only ran 1 test?? I rec'd the following mail...It had only run 1 test and rec'd a score of only 0.1...any ideas why? thanks, jpf --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] No BAYES_* ?
If there's no BAYES_ test whatsoever, it isn't thinking it's ham. It's not saying anything whatsoever. Probably based upon the fact that it didn't have sufficient tokens or something. Please note that Bayes doesn't use keywords. It uses tokens, which may or may not resemble words. Also note that this email has very unusual spacing between words, and does funny things with the placement of punctuation. It probably confused Bayes. You'll want to learn it. For some reason I didn't see the spam header report on this email, so this is all pure conjecture. -tom -Original Message- From: Carlo Wood [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 10, 2003 8:56 AM To: [EMAIL PROTECTED] Subject: [SAtalk] No BAYES_* ? The attached mail got through spam-assassin without a problem... Why? Where is the BAYES_* test? Does this mean that the bayes engine thinks this is less than 10% chance to be spam? That would be ridiculous! How can I test on which keywords it is basing that this ham? -- Carlo Wood [EMAIL PROTECTED] --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
[SAtalk] Rules for hoaxes
I'm mulling over whether to make some SA rules for some of the more common urban legends and virus hoaxes. Has anyone played with this, that is willing to share experiences? -tom --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] Not sure if my Bayesian filter is adding to the score ...
You are correct. It needs 68 more spams. -Original Message- From: James Herschel [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 09, 2003 9:58 AM To: [EMAIL PROTECTED] Subject: [SAtalk] Not sure if my Bayesian filter is adding to the score ... [snip] Sep 9 10:25:55 ahnold spamd[11821]: debug: debug: Only 132 spam(s) in Bayes DB 200 [snip] Is it not taking the Bayes into consideration because I'm below 200 emails in the DB right now, or am I missing something here? --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] Not sure if my Bayesian filter is adding to the score ...
if you run spamassassin -D --lint it will show you a dbug line: debug: bayes corpus size: nspam = [number], nham = [number] -Original Message- From: James Herschel [mailto:[EMAIL PROTECTED] Plus I'd just like to know how much further I have to go before the Bayes kicks in --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] Not sure if my Bayesian filter is adding to the score ...
Yes, you're not running spamd as root, but you ran spamassassin -D --lint as root. Note the different paths to the bayes databases in your output. -Original Message- From: James Herschel [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 09, 2003 3:07 PM To: Tom Meunier; [EMAIL PROTECTED] Subject: RE: [SAtalk] Not sure if my Bayesian filter is adding to the score ... I'm using spamd which shows 139 spam registered now - I'm thinking I need a different command because running your suggested command below strangely reports that only 56 spams are in the DB ... Tailing the maiilog Sep 9 15:56:43 ahnold spamd[18508]: debug: bayes: 18508 tie-ing to DB file R/O /var/qmail/.spamassassin/.spamassassin/bayes_seen Sep 9 15:56:43 ahnold spamd[18508]: debug: debug: Only 139 spam(s) in Bayes DB 200 Running your command: debug: Initialising learner debug: using /root/.spamassassin for user state dir debug: bayes: 18535 tie-ing to DB file R/O /root/.spamassassin/bayes_toks debug: bayes: 18535 tie-ing to DB file R/O /root/.spamassassin/bayes_seen debug: debug: Only 56 spam(s) in Bayes DB 200 debug: bayes: 18535 untie-ing debug: bayes: 18535 untie-ing db_toks debug: bayes: 18535 untie-ing db_seen James -Original Message- From: Tom Meunier [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 09, 2003 3:52 PM To: James Herschel; [EMAIL PROTECTED] Subject: RE: [SAtalk] Not sure if my Bayesian filter is adding to the score ... if you run spamassassin -D --lint it will show you a dbug line: debug: bayes corpus size: nspam = [number], nham = [number] -Original Message- From: James Herschel [mailto:[EMAIL PROTECTED] Plus I'd just like to know how much further I have to go before the Bayes kicks in --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] osirusoft still working?
1. It *is* the case indeed. Look at your email. Since Osirusoft has blacklisted the entire internet, every one would have that test flagged, wouldn't it? Yes. It doesn't, does it? No. Setting it to 0 disables the test. 2. Even if it *did* run the test, if a test were to score zero points, it wouldn't be listed. Therefore, the poster's test is being run, and it is scoring more than zero points. His changes have not taken effect. 3. User error is why. The original poster isn't giving the full story. He never answered whether he restarted spamd. There's something the user is doing that isn't being told here. By now he's probably rebooted his machine in frustration, and it's working fine now. -Original Message- From: Ralf G. R. Bergs [mailto:[EMAIL PROTECTED] Sent: Friday, September 05, 2003 2:47 AM Cc: [EMAIL PROTECTED] Subject: Re: [SAtalk] osirusoft still working? Simon Byrnand wrote: At 20:43 4/09/2003 +0200, Ralf G. R. Bergs wrote: Jim Porter wrote: score RCVD_IN_OSIRUSOFT_COM 0 score X_OSIRU_DUL 0 score X_OSIRU_DUL_FH0 score X_OSIRU_OPEN_RELAY0 score X_OSIRU_SPAMWARE_SITE 0 score X_OSIRU_SPAM_SRC 0 From what I understood, this would disable rbl checking of osirusoft.com, but I am still seeing lines like this in my log file. Wrong. This doesn't disable checking, but it gives the results the weight 0, i.e. it doesn't add to or subtract from the score. Sorry, but it's you thats wrong. Setting the score of an RBL check to zero *does* disable the test itself, and has be confirmed by the developers on previous occasions If that *were* the case, then kindly explain why the original poster still observed the checks being executed. --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] sa-learn says it learnt from 134 messages butcheck_bayes__db only reports 19 as nspam?
only half joking Feed it 1400 more? -tom -Original Message- From: Peter Kiem [mailto:[EMAIL PROTECTED] Yes I don't expect it to activate in SA until then but how can you get it to over 200 when I feed it 134 emails but the db says it only learned 19? --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] Performance optimization for bigger setups
currently I am looking for options on how to speed up spamassassin 2.54. Hi Jochen, I've been considering the idea proferred at http://www.advosys.ca/papers/printable/postfix-filtering.html under A Word About Performance quoted The method shown here is an easy and reliable way to filter messages with Postfix. However, performance suffers because each e-mail message has the overhead of invoking a shell, starting the Perl interpreter, and creating a temporary file. The file creation overhead can be greatly reduced by mounting directory /var/spool/filter as a memory filesystem (tmpfs in Linux and Solaris). These filesystems are thousands of times faster than physical disk and are ideal for short-lived temp files. /quoted -tom --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] why so low
http://useast.spamassassin.org/tests.html You've got negative scores all over that thing. Add them up. -Original Message- From: landy [mailto:[EMAIL PROTECTED] Sent: Thursday, September 04, 2003 5:31 AM To: SA Cc: [EMAIL PROTECTED] Subject: [SAtalk] why so low i have been getting many of these and even after doing sa-learn the score is super low, these emails are really pissing me of To: [EMAIL PROTECTED] From: [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Subject: Change password. Date: Wed, 03 Sep 2003 21:35:21 PDT X-Spam-Status: No, hits=-7.6 required=5.0 tests=BAYES_10,FORGOTTEN_PASSWORD,GENUINE_EBAY_RCVD,NO_REAL_NAME, RCVD_IN_BONDEDSENDER,RCVD_IN_OSIRUSOFT_COM version=2.55 X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp) --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] Change RBL lookup
There are already tests for SpamCop and NJABL: RCVD_IN_BL_SPAMCOP_NET RCVD_IN_NJABL X_NJABL_OPEN_PROXY X_NJABL_DIALUP You can see what blacklists are tested by default, and their assigned scores, at http://www.spamassassin.org/tests.html For examples of rules for alternative blacklists, see how blackholes.us describes the rule set for using their country blacklists. http://www.blackholes.us/docs/blackholes.cf -Original Message- From: gregj [mailto:[EMAIL PROTECTED] Is there a way I can set SA to use a RBL other than Osirusoft? I would like to use SpamCop or NJABL. Any help is greatly apreciated. Thanks! --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] Bayes filter and autolearning
Hi Dave, You've got two different things happening here. -Original Message- From: Dave Kliczbor [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 03, 2003 12:52 PM To: [EMAIL PROTECTED] Subject: [SAtalk] Bayes filter and autolearning | X-Spam-Status: No, hits=4.1 required=5.0 | tests=BAYES_90,NO_REAL_NAME | autolearn=ham version=2.55 auto_learn_threshold_nonspam is set to 1.9. Now I am wondering why on earth SpamAssassin learns that message as _ham_? As far as I can see, this should not happen. On this one, it's because autolearn learns the message pre-Bayes test. Without your Bayes_90, that message scored under 1.9 points, and so it was autolearned. The other reason that applies here is explained below. On the other hand, I have more than one mail where SpamAssassin behaves like that: | X-Spam-Status: Yes, hits=11.8 required=5.0 | tests=BAYES_70,FORGED_MUA_OUTLOOK,MSG_ID_ADDED_BY_MTA_3, |NIGERIAN_BODY,RATWARE_OE_MALFORMED,RISK_FREE | version=2.55 auto_learn_threshold_spam is set to 5.0. Why doesn't SpamAssassin learns this message as spam? There's a safety zone around your spam hits in 2.55. It's not there in 2.60. If you run spamassassin -D --lint you'll see a line like: debug: auto-learn? safety=4, ham=1.9, spam=5, body-hits=-0.4, head-hits=-1.3 This means that the only spams you'll auto-learn as spam are ones that are NOT within 4 points of your spam level setting. So in your case, you simply cannot learn spams 9 and you simply cannot learn hams 1. No matter what you set your auto_learn_thresholds to. -tom --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] Bayes filter and autolearning
Hi Dave, hope I can help here beyond parroting what I've read played with... On this one, it's because autolearn learns the message pre-Bayes test. Without your Bayes_90, that message scored under 1.9 points, and so it was autolearned. The other reason that applies here is explained below. Ah. Could this behavior be changed by changing something in the config? Or by changing the source a bit (that also a perl novice like me can do it)? I are but a simple sysadmin, not a programmer. Why would you want the Bayes score wrapped into the decision about whether to learn it? If I get something *REALLY* spammy, high enough to be learned, but then it scores BAYES_00, it may be dropped below my autolearn threshold. That is the stuff I want going through bayes, not the BAYES_99 stuff. That is my lowest rated mail learned as spam (same settings as in the original posting): | X-Spam-Status: Yes, hits=8.4 required=5.0 | tests=BASE64_ENC_TEXT,HTML_30_40,HTML_IMAGE_ONLY_04, | HTTP_USERNAME_USED,PRIORITY_NO_NAME,RCVD_IN_RFCI, | RCVD_IN_SBL,USERPASS | autolearn=spam version=2.55 That does not comply with your statement. I didn't see the complete debug output as it was processed by SpamAssassin, so I can't really comment, except keep in mind that Bayes autolearning uses either scoreset 0 or 1. This may be scoreset 3 or 4, which may be different. I don't know. I'm curious about the safety zone... why did the programmer(s) decide to put it in? Even if they saw sense in it, most open source programs do let you make senseless configurations. Or, to say it in other words: They not only let you shoot yourself in the foot, they give you an assortment of guns already loaded and pointed downwards[2] :-) I imagine they define shooting yourself in the foot as exactly what you're attempting to do. Unattended autolearning in the sweet spots for false positives and false negatives. I'd never autolearn that close to my threshold. I'd hand-feed. But I guess it's good that they allow you to do it now. --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] Bayes and whitelisting
You'll likely find that those words wouldn't be considered interesting tokens - and if they do, they will also be considered interesting tokens for all the ham you receive discussing these topics. The bayesian engine doesn't simply grab words; it grabs tokens, and it grabs them in some really (to a human eye) bizarre contexts. Also, out of curiosity: do you find that the spamassassin-talk emails with attached spams score high enough to meet your auto-learn threshold? -tom -Original Message- From: Carlo Wood [mailto:[EMAIL PROTECTED] Sent: Monday, September 01, 2003 7:25 PM To: Simon Byrnand Cc: [EMAIL PROTECTED] Subject: Re: [SAtalk] Bayes and whitelisting [ ] Take for example this mailinglist, this very mail, it is full of words like whitelist, SpamAssassin, autolearnt, score, man pages etc. If you included a SPAM as example (quite possible on this list, and the reason why I whitelist it) then I still don't want it to be autolearnt: that would mean that the mentioned words get tagged as spammy, and they are not. --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] bayes feedback
Because without a few hundred messages, it would be completely and utterly useless? It would be like meeting an airline pilot who was 5'7 tall and had a scar on his left cheek and wore his hat backwards. Bayes would think that scars on left cheeks were as reliable an indicator of airline-pilotness as was an airline uniform. All statistics are based upon having a statistically significant sample, and to tell the truth, a corpus of 200 hams / 200 spams is severely stretching it. http://www.paulgraham.com/spam.html -Original Message- From: Ron Gilbert [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 02, 2003 10:54 AM To: [EMAIL PROTECTED] Subject: RE: [SAtalk] bayes feedback I read here that bayes is only turned on after it learned from at least 200 spams AND 200 hams. That number could be more. It only starts to be efficient after you got say 1000 of both. Can someone explain to me why SA won't start using bayes until it's seen several hundred messages? --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] bayes feedback
-Original Message- From: Ron Gilbert [mailto:[EMAIL PROTECTED] Because without a few hundred messages, it would be completely and utterly useless? Yes, i do understand that. I guess my complaint is that I would have rather it started working and been somewhat useless (like POPFile did), or provide much better feedback on it's status. From what I can tell, it really isn't *200* ham/spams, it's 200 different enough ham/spams. Again...good feedback would have solved a lot of my frustrations, and judging from the posts here, others as well. Ron I'll agree with you there. When I first installed mine, I trained it on the public corpus, although I imagine that wasn't the smartest thing to do. Once it kicked in, it trained itself pretty darned quickly. Managed to get through with only 2 FPs in the first couple of days, and by then it had trained itself up to several thousand hams/spams. -tom --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] Changing Bayes scoring
Somebody already answered the syntax for modifying your scores in your local.cf, so... The auto-learn bayes evaluator doesn't take the Bayes scores into account when deciding whether to learn as spam or ham. So you could have autolearn threshold set to 10, have your Bayes tests at 20 points, and get a 29-point spam come in, but not be sent through autolearn. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Friday, August 29, 2003 11:43 AM To: [EMAIL PROTECTED] Subject: [SAtalk] Changing Bayes scoring Greetings, I'd like to increase the score for certain bayes confidence levels. My understanding is that I need to put one (or more) of these lines from /usr/locals/hare/spamassassin/23_bayes.cf: body BAYES_60 eval:check_bayes('0.60', '0.70') body BAYES_70 eval:check_bayes('0.70', '0.80') body BAYES_80 eval:check_bayes('0.80', '0.90') body BAYES_90 eval:check_bayes('0.90', '0.99') body BAYES_99 eval:check_bayes('0.99', '1.00') into /etc/mail/spamassassin/local.cf and in order to increase the scores from certain bayes confidence levels, make edits, such as: body BAYES_70 eval:check_bayes('0.70', '1.80') body BAYES_80 eval:check_bayes('0.80', '1.90') body BAYES_90 eval:check_bayes('0.90', '2.99') body BAYES_99 eval:check_bayes('0.99', '3.00') Or am I off the mark entirely? A good 80-90% of the spam that scores 4.3-4.9, while being all over the place wrt other scores (i.e. some have bad mime, some have bad html, some have bad times), they have bayes confidences of 70-99. As well the few lists that I'm on seem to get 3.5 to 4.5-ish scores, mostly for the bad html that comes from their MUA, yet have pretty consistent bayes confidences around 20-50%. So, it seems to me that I should rely a bit more on bayes, as just lowering the threshold will get a fair bit of ham. Yet, in doing so, does this feed back into the bayes evaluator? Cheers! -sam --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] Changing Bayes scoring
My guess is that if it has a high bayes score already, you don't need to re-learn it - the Bayesian engine already /knows/ about the interesting tokens contained therein. However, I admit to sa-learning my lower-scoring spam that may have a BAYES_n where n is less than 90. If it has a BAYES_99 I don't need to sa-learn it. -tom -Original Message- From: Jon Gabrielson [mailto:[EMAIL PROTECTED] Sent: Friday, August 29, 2003 1:03 PM To: Tom Meunier; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: [SAtalk] Changing Bayes scoring Is there a way to change this behavior? It seems to me that a high bayes score also shows that it is spam and it might be possible to grab a few new tokens from the spam which you otherwise wouldn't get. Jon. --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] Spamassassin and Razor
http://www.spamassassin.org/tests.html It adds points to the total score, as in any other SA test. See the RAZOR2_CHECK and RAZOR2_CF_RANGE rules. -Original Message- From: Mike Burkhouse [mailto:[EMAIL PROTECTED] Sent: Thursday, August 28, 2003 9:24 AM To: [EMAIL PROTECTED] Subject: [SAtalk] Spamassassin and Razor Razor returns a message as being spam. If Razor returns that a message looks to be spam, does SA automatically trigger the X-Spam-Status flag, or does it mark it in some other way that I need to filter on? --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] Spamassassin and Mail Relay
1. Don't delete your user's mail. Just mark it and let them make rules client-side. If you've an intermediary gateway that can do some content filtering, you can use that to delete or quarantine especially high-scoring spam. 2. See (3.) 3. http://lawmonkey.org/anti-spam.html http://www.geocities.com/scottlhenderson/spamfilter.html http://www.advosys.ca/papers/printable/postfix-filtering.html -tom -Original Message- From: John B. [mailto:[EMAIL PROTECTED] Sent: Thursday, August 28, 2003 11:23 AM To: [EMAIL PROTECTED] Subject: [SAtalk] Spamassassin and Mail Relay 1) There has to be different types of filtering. Is it best to mark the message as spam and let the end user filter it out? Is it possible to create a secondary mailbox and have the spam sent to that mailbox (on a per user basis) (remember a LOT of domains)? 2) How does the relay work? Methods may be SendMail and Milton, ProcMail (But I think that is for local delivery only).. Any other ideas? 3) And the hardest... Simple directions for me to do the install I am new to Linux so I do not know all the INs when it comes to tricks of the trade. --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] Spamassassin and Mail Relay
Oh yeah: If I were running Imail (I don't, but I play a person who does on TV) I'd at least give a cursory glance to IMGATE. http://imgate.meiway.com/ -Original Message- From: John B. [mailto:[EMAIL PROTECTED] Sent: Thursday, August 28, 2003 11:23 AM To: [EMAIL PROTECTED] Subject: [SAtalk] Spamassassin and Mail Relay I am new to the list (and the linux community) and I am hoping that someone could give me a step in the right direction. I have a Windows 2k server running IMAIL of wich end users connect to download their email. --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
[SAtalk] Pyzor misconfig?
I must be doing something stupid, or have something misconfigured. My server times out on Pyzor tests about 90% of the time, and on DCC tests about 5-10% of the time. I've set the timeouts to 10 seconds. My average message analysis time due to these tests taking so long is 13-15 seconds. It wasn't much better when I was just using Razor and DCC - maybe 9 to 11 seconds. Razor is kinda slow, but bye slow I mean 0.5-3 seconds. I have specified [dns_available yes] in my local.cf, fwiw. Any clues as to where I've misconfigured my system? SA 2.60 rc0 called from Postfix 1.x as a gateway smtp relay, although the behavior has existed in 2.54 and 2.55 also. debug: Pyzor is available: /usr/bin/pyzor debug: entering helper-app run mode debug: Pyzor: got response: 66.92.49.157:24441 TimeoutError: debug: leaving helper-app run mode debug: Pyzor: couldn't grok response 66.92.49.157:24441 TimeoutError: --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] Scores for OSIRU Tests
Keep in mind when you modify 20_head_tests.cf it'll be overwritten with each subsequent upgrade of SpamAssassin. Your local.cf won't. -Original Message- From: Larry Gilson [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 27, 2003 2:06 PM To: '[EMAIL PROTECTED]'; [EMAIL PROTECTED] Subject: RE: [SAtalk] Scores for OSIRU Tests Hey Justin, There was another suggestion that the tests could be commented out in 20_head_tests.cf. Which is the best and/or recommended method? --Larry --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] Custom Rules - spamd
Chris, A google of [reg2rule] and [reg2rule.pl] brings up nada. Throw me a bone? fwiw, I blacklist 'em when they come in, and my average spam score is up in the 40s. -tom -Original Message- From: Chris Santerre [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 26, 2003 8:12 AM To: 'Larry Gilson'; 'Matt Kettler'; spamassassin_list Subject: RE: [SAtalk] Custom Rules - spamd [ ] evil domains generated by reg2rule.pl, plus more custom ones I haven't put on the [ ] --- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0 ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] Sobig virus blocking
http://www.exit0.us/index.php/VirusBounceRules -Original Message- From: Steve Combs [mailto:[EMAIL PROTECTED] Sent: Monday, August 25, 2003 11:07 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: [SAtalk] Sobig virus blocking Can someone help me write a rule to block the sobgi virus? I just want to block all of the common subjects. --- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0 ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] exchange and IMAP Public Folder messages
-Original Message- From: Covington, Chris [mailto:[EMAIL PROTECTED] Sent: Monday, August 11, 2003 2:33 PM To: Tom Meunier; [EMAIL PROTECTED] Subject: RE: [SAtalk] exchange and IMAP Public Folder messages -Original Message- From: Tom Meunier [mailto:[EMAIL PROTECTED] I don't know how you're doing this, but my Ham and Spam public folders work exactly as specified. Are you certain your users aren't forwarding them there, but rather dragging dropping from Outlook? Are your users connecting to the server via IMAP or MAPI? (We don't use IMAP, so I can't duplicate that. -tom The users are using MAPI, but the way SpamAssassin gets the emails is via an IMAP script. The headers get truncated when the messages are pulled using IMAP from the Public Folders. How do you get messages from the Public Folders to SpamAssassin? Chris D'oh! Sure 'nuff you're right. I've been merrily using MUTT via IMAP, and I'm seeing the same behavior. I mean, now that I actually *look* that is. crawls back under rock -tom --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01 ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk