Re: OT - How often to reboot?
On Mon, Nov 29, 2004 at 10:44:45AM -0500, Michael Barnes wrote: I reboot computers after doing a kernel or fundamental OS upgrade that requires a reboot (rare), after a severe weather emergency (a hurricane, very rare), and when the power goes out longer than my UPS has battery power (occasional), or for a hardware upgrade (occasional). Aside from conditions like this, there is no need to reboot any modern OS (one that has come out in the past 10 years or so). My power supply died on Sunday morning, and as much as I wanted it not too, the machine powered off. Doesn't meet any of your above requirements but I'll let it pass this once. Rob
Re: OT - How often to reboot?
From: Rob [EMAIL PROTECTED] On Mon, Nov 29, 2004 at 10:44:45AM -0500, Michael Barnes wrote: I reboot computers after doing a kernel or fundamental OS upgrade that requires a reboot (rare), after a severe weather emergency (a hurricane, very rare), and when the power goes out longer than my UPS has battery power (occasional), or for a hardware upgrade (occasional). Aside from conditions like this, there is no need to reboot any modern OS (one that has come out in the past 10 years or so). My power supply died on Sunday morning, and as much as I wanted it not too, the machine powered off. Doesn't meet any of your above requirements but I'll let it pass this once. Rob, most of the time this has happened to me I have observed that no number of tries will reboot that machine. So far every powersupply that has died here took the hard drives with it. So it's a different machine when it is finally booted the next time. But that's a my grandfather's axe sort of issue. {^_-}
Feature Request: Bayes as a more general detector
We consider the Bayes system as a detector of SPAM, which 'technically' it isn't. What it reports is how close a given message is to one of two sets, given that it has been previously shown examples of each of the two sets. Because this is the case, I'm thinking it should be possible to use the same system as aSCAM detector. If I have a large number of 419s, lottery scams etc, and show these to sa-learn, then show it some non-scams (SPAM and/or ham) then surely the Bayes network should now be able to return a confidence value of how likely a message is to be a scam. So, what I would like to do is be able to call different bayes databases during the rule checking phase. Ideally I would call 'eval:check_bayes(BAYES_DB, '0.99', '1.00')' where I could define the BAYES_DB to be checked. Does anyone else think this would be useful? I'm far from a perl Guru, but with a few pointers I could find my way around the code and could help with development. Richard --- This email from dns has been validated by dnsMSS Managed Email Security and is free from all known viruses. For further information contact [EMAIL PROTECTED]
New Hardware
Hey list, I am in the quite sureal situation of being given a blank cheque by my boss to buy 2 new servers for SA. They were so impressed with the upgrade to v3 + SURIBLS et al that when i said that our current setup was hitting load max they found some cash for me... :D We are in a university environment with over 100,000 mails daily. What Im currently looking at is either 2 Sun v150s or 2 dual-opterons probably with a gig each, and the standard 80+gigs. Which one will be better suited to SA? I know SA is more cpu/ram than disk IO so im leaning more toward the AMD approach. The reason there are 2 machines of each is because im gonna implement fail over using heartbeat. Does it make a difference the Solaris / Linux route? Will SA benefit from the dual processor option? Any other factors I should consider? many thanks as always ronan -- Regards Ronan McGlue == Analyst/Programmer Information Services Queens University Belfast BT7 1NN
Re: New Hardware
On Tuesday, November 30, 2004, 4:28:35 AM, Ronan Ronan wrote: Hey list, I am in the quite sureal situation of being given a blank cheque by my boss to buy 2 new servers for SA. They were so impressed with the upgrade to v3 + SURIBLS et al that when i said that our current setup was hitting load max they found some cash for me... :D We are in a university environment with over 100,000 mails daily. What Im currently looking at is either 2 Sun v150s or 2 dual-opterons probably with a gig each, and the standard 80+gigs. Which one will be better suited to SA? I know SA is more cpu/ram than disk IO so im leaning more toward the AMD approach. The reason there are 2 machines of each is because im gonna implement fail over using heartbeat. Does it make a difference the Solaris / Linux route? Will SA benefit from the dual processor option? Any other factors I should consider? In general, I'd recommend Linux on AMD. Unix type operating systems often benefit from multiprocessing, especially recent Linux/BSD/etc kernels that have deeper support for multiple processors built in. I'm sure other folks have some more ideas. BTW were you able to get your local mirroring of the SURBL zones working well? Jeff C. -- Jeff Chan mailto:[EMAIL PROTECTED] http://www.surbl.org/
RE: sa-learn ham
Gray, Sorry for the delay in response. I just wanted to let you know that your script worked PERFECTLY and I now have a sensible newest atime, which allowed me to expire my database properly. Thanks a million! Tim Gustafson MEI Technology Consulting, Inc [EMAIL PROTECTED] (516) 379-0001 Office (516) 480-1870 Mobile/Emergencies (516) 908-4185 Fax http://www.meitech.com/ -Original Message- From: Gray, Richard [mailto:[EMAIL PROTECTED] Sent: Thursday, November 25, 2004 11:45 AM To: Gustafson, Tim; users@spamassassin.apache.org Subject: RE: sa-learn ham We had a similar problem with our system a while back (SA 2.64, Exim 4 using exiscan) I found the attached script. It didn't work perfectly, so I edited it a bit. However, this was 2-3 months ago, and I didn't comment my changes (it was only for my company ;) ) We had a problem that because it wasn't expiring tokens, there were some really old tokens in there too, which caused problems as well. There is a line in the code that throws away old tokens. If your Dbase is new then this won't be a problem for you. Anyway, I don't know which bits I added/removed/changed, but if you have a problem you can always drop me a line and I'll see what I can do. Richard smime.p7s Description: S/MIME cryptographic signature
Re: New Hardware
Ronan I'd go for dual opteron V20z if you want to stick with sun kit. Will outperform the Sparc based stuff. no need to heart-beat, just have the two machines on same MX value and DNS will load balance for you. Would be interesting to see how Solaris 10 compares with Linux in this environment - you'd have to test both to see they cope. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Ronan wrote: Hey list, I am in the quite sureal situation of being given a blank cheque by my boss to buy 2 new servers for SA. They were so impressed with the upgrade to v3 + SURIBLS et al that when i said that our current setup was hitting load max they found some cash for me... :D We are in a university environment with over 100,000 mails daily. What Im currently looking at is either 2 Sun v150s or 2 dual-opterons probably with a gig each, and the standard 80+gigs. Which one will be better suited to SA? I know SA is more cpu/ram than disk IO so im leaning more toward the AMD approach. The reason there are 2 machines of each is because im gonna implement fail over using heartbeat. Does it make a difference the Solaris / Linux route? Will SA benefit from the dual processor option? Any other factors I should consider? many thanks as always ronan ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. **
Re: New Hardware
Jeff Chan wrote: On Tuesday, November 30, 2004, 4:28:35 AM, Ronan Ronan wrote: Hey list, I am in the quite sureal situation of being given a blank cheque by my boss to buy 2 new servers for SA. They were so impressed with the upgrade to v3 + SURIBLS et al that when i said that our current setup was hitting load max they found some cash for me... :D We are in a university environment with over 100,000 mails daily. What Im currently looking at is either 2 Sun v150s or 2 dual-opterons probably with a gig each, and the standard 80+gigs. Which one will be better suited to SA? I know SA is more cpu/ram than disk IO so im leaning more toward the AMD approach. The reason there are 2 machines of each is because im gonna implement fail over using heartbeat. Does it make a difference the Solaris / Linux route? Will SA benefit from the dual processor option? Any other factors I should consider? In general, I'd recommend Linux on AMD. Unix type operating systems often benefit from multiprocessing, especially recent Linux/BSD/etc kernels that have deeper support for multiple processors built in. yeah thats what i was thinking I'm sure other folks have some more ideas. BTW were you able to get your local mirroring of the SURBL zones working well? Im a systems guy so im still waiting on my network co-horts to get back to me. They want to see how the load of the bind files works out before they venture into rbldnsd, i dont have an account on our DNS so I'll have to make a case for it to be installed on the DNS otherwise I could just setup a local machine and have the DNS point to it... I'm looking forward to it though as it should take a load off our mailhubs until the new systems arrive (2mnths+) ronan Jeff C. -- Regards Ronan McGlue == Analyst/Programmer Information Services Queens University Belfast BT7 1NN
Re: New Hardware
You might also look at Solaris X86. I've just brought up such a box, and am impressed with the performance relative to Linux on the same box. jay Jeff Chan wrote: On Tuesday, November 30, 2004, 4:28:35 AM, Ronan Ronan wrote: Hey list, I am in the quite sureal situation of being given a blank cheque by my boss to buy 2 new servers for SA. They were so impressed with the upgrade to v3 + SURIBLS et al that when i said that our current setup was hitting load max they found some cash for me... :D We are in a university environment with over 100,000 mails daily. What Im currently looking at is either 2 Sun v150s or 2 dual-opterons probably with a gig each, and the standard 80+gigs. Which one will be better suited to SA? I know SA is more cpu/ram than disk IO so im leaning more toward the AMD approach. The reason there are 2 machines of each is because im gonna implement fail over using heartbeat. Does it make a difference the Solaris / Linux route? Will SA benefit from the dual processor option? Any other factors I should consider? In general, I'd recommend Linux on AMD. Unix type operating systems often benefit from multiprocessing, especially recent Linux/BSD/etc kernels that have deeper support for multiple processors built in. I'm sure other folks have some more ideas. BTW were you able to get your local mirroring of the SURBL zones working well? Jeff C.
RE: New Hardware
We use 4 single processor machines 2.8ghz P4 HT and we are doing 150k per day now without breaking a sweat. We also have two additional backend servers for running spamd. Total 6. I know you said two but if you need to loose just one then your load might be affected. We can bring down half of the nodes for maintenance without any customer impact at all. Gary -Original Message- From: Ronan [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 30, 2004 4:29 AM To: spam Subject: New Hardware Hey list, I am in the quite sureal situation of being given a blank cheque by my boss to buy 2 new servers for SA. They were so impressed with the upgrade to v3 + SURIBLS et al that when i said that our current setup was hitting load max they found some cash for me... :D We are in a university environment with over 100,000 mails daily. What Im currently looking at is either 2 Sun v150s or 2 dual-opterons probably with a gig each, and the standard 80+gigs. Which one will be better suited to SA? I know SA is more cpu/ram than disk IO so im leaning more toward the AMD approach. The reason there are 2 machines of each is because im gonna implement fail over using heartbeat. Does it make a difference the Solaris / Linux route? Will SA benefit from the dual processor option? Any other factors I should consider? many thanks as always ronan -- Regards Ronan McGlue == Analyst/Programmer Information Services Queens University Belfast BT7 1NN
Re: New Hardware
Ronan wrote: Which one will be better suited to SA? I know SA is more cpu/ram than disk IO so im leaning more toward the AMD approach. The reason there are 2 machines of each is because im gonna implement fail over using heartbeat. Depending on your setup, you can probably do without heartbeat. Why not just have simple 50/50 load-sharing? We have a 64-node SA cluster working like this - only individual servers such as the master node run in an HA setup. -- Per Jessen, Zurich Let your spam stop here -- http://www.spamchek.com
wich is the best milter interface for spamassassin?
Hello, I'm running SA with sendmail using milter-spamc to connect them. It's working ok, but I would like to know about your experiences using SA and milter, and which one you think is the best to use. I have not seeing many people trough the list using milter-spamc, and I like to hear of some one :) BR, MatÃas.
Brightmail
Brightmail seems to be getting a lot of good press on the SPAM front. So I'm wondering, why do people running large mail systems choose SA over corporate offerings. Is it cost? Is it configurability, or performance? Can anyone shed any light on how Brightmail achieves the rather impressive statistics it is quoting, or do you think it is just smoke and mirrors? Is it possible to reproduce the other features without spending the cash? --- This email from dns has been validated by dnsMSS Managed Email Security and is free from all known viruses. For further information contact [EMAIL PROTECTED]
Re: Sensible way to use SpamCop reporting?
I apologize for jumping into the thread late. I posted to the SpamCop forum concerning how to report spams using the latest SA 3.0 release. http://forum.spamcop.net/forums/index.php?showtopic=3129 To summarize: - generic SC reporting address in SA goes to bit bucket (might as well turn off reporting to save bandwidth). - no way to automate reports from spam traps. Feature request to SA developers: turn off default SC reporting in the next release. No need to consume bandwidth as the generic reporting address is not used.
Re: New Hardware
Subject: RE: New Hardware Date: Tue, 30 Nov 2004 07:42:02 -0800 From: Gary W. Smith [EMAIL PROTECTED] To: Ronan [EMAIL PROTECTED], spam users@spamassassin.apache.org We use 4 single processor machines 2.8ghz P4 HT and we are doing 150k per day now without breaking a sweat. We also have two additional backend servers for running spamd. Total 6. I know you said two but if you need to loose just one then your load might be affected. We can bring down half of the nodes for maintenance without any customer impact at all. Much the same here. We use 4 single processor machines 2.0ghz Celeron boxes, 512MB ram. They all run OpenBSD, exim+exiscan, SpamAssassin, Sophos virus detection via the sophie daemon running in Linux emulation mode. The're each running their own DNS cache, courtesty of Dan Bernstein's djbdns-1.05 software. Set up like this to prevent our DNS server becoming a potential bottleneck. Although this might just be my paranoia showing through. These boxes are just for handling incoming outgoing mail to and from the Internet. Internal email shouldn't touch them. Although in practice it does when our IMAP server gets choked. In that case internal mail is backed up to them. As above, these boxes rarely break into a sweat. When they do, it's usually because they're hit by some large mailing list on its way to the outside world. I'd be happy to take down half of them for maintenance. Although an upcoming software upgrade is likely to happen one at a time. I don't possess enough hands to upgrade two at once!
Re: Brightmail
At 11:58 AM 11/30/2004, Gray, Richard wrote: Brightmail seems to be getting a lot of good press on the SPAM front. So I'm wondering, why do people running large mail systems choose SA over corporate offerings. Is it cost? Is it configurability, or performance? Can anyone shed any light on how Brightmail achieves the rather impressive statistics it is quoting, or do you think it is just smoke and mirrors? Is it possible to reproduce the other features without spending the cash? My home ISP uses brightmail as a spam filter. I have it set to force spam into a separate folder. I have yet to get a FP with it, but it only seems to net about 95% of the inbound spam (about 1 for every 20 slips by).
Re: Brightmail
Richard, my day job is tech support for Sun mail systems. I support the integration with both SpamAssassin and Brightmail. Both do a very good job. Brightmail is commercial software, and is sold with a contract that automatically updates it, often. Many customers are more comfortable with this approach than they are with open source software, like SA. Brighmail is now owned by the Symantic folk, and also can be purchased with full integration with their virus scanning package. Personally, I use SA on my system, for my wife's company. I had some difficulty getting everything installed, compiled, and integrated, but once it's in, it works very, very well, here. Brightmail indeed seems to live up to their claims for effectiveness and performance. SA may be somewhat lower in performance, but I can't claim to have benchmarked it. Since SA depends on outside resources for some tests, it must be slower at least at times, while Brightmail simply updates an internal database to refer to. jay Gray, Richard wrote: Brightmail seems to be getting a lot of good press on the SPAM front. So I'm wondering, why do people running large mail systems choose SA over corporate offerings. Is it cost? Is it configurability, or performance? Can anyone shed any light on how Brightmail achieves the rather impressive statistics it is quoting, or do you think it is just smoke and mirrors? Is it possible to reproduce the other features without spending the cash? --- This email from dns has been validated by dnsMSS Managed Email Security and is free from all known viruses. For further information contact [EMAIL PROTECTED]
RE: Brightmail
We sell BrightMail to customers that want a "Commercial" antispam solution and have deep pockets to pay a yearly subscription. We build SA based solutions (http://www.spamgate.us) for customers that want a "low-cost" antispam solution. Regards, Damian From: Gray, Richard [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 30, 2004 8:59 AMTo: users@spamassassin.apache.orgSubject: Brightmail Brightmail seems to be getting a lot of good press on the SPAM front. So I'm wondering, why do people running large mail systems choose SA over corporate offerings. Is it cost? Is it configurability, or performance? Can anyone shed any light on how Brightmail achieves the rather impressive statistics it is quoting, or do you think it is just smoke and mirrors? Is it possible to reproduce the other features without spending the cash?---This email from dns has been validated by dnsMSS Managed Email Security and is free from all known viruses.For further information contact [EMAIL PROTECTED]
RE: Brightmail
Oddly enough, we went up head-to-head with our SpamAssassin solution against Brightmail three times in a row and won the customer every time. This is running 2.64. We have a single 8-way 3500, but we'll probably be upgrading that soon. David. - On Tue, 30 Nov 2004, Damian Mendoza wrote: We sell BrightMail to customers that want a Commercial antispam solution and have deep pockets to pay a yearly subscription. We build SA based solutions (http://www.spamgate.us) for customers that want a low-cost antispam solution. Regards, Damian From: Gray, Richard [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 30, 2004 8:59 AM To: users@spamassassin.apache.org Subject: Brightmail Brightmail seems to be getting a lot of good press on the SPAM front. So I'm wondering, why do people running large mail systems choose SA over corporate offerings. Is it cost? Is it configurability, or performance? Can anyone shed any light on how Brightmail achieves the rather impressive statistics it is quoting, or do you think it is just smoke and mirrors? Is it possible to reproduce the other features without spending the cash? --- This email from dns has been validated by dnsMSS Managed Email Security and is free from all known viruses. For further information contact [EMAIL PROTECTED]
25 AWL AWL: From: address is in the auto white-list?
I have some AWL's listed in my local.cf. However they are getting a postative score of 25 points and being marked as spam. Shouldn't it be scoring the message with a negative score so it doesn't get marked as spam?
ok_locales and ok_language purpose
What is the purpose of the ok_languages and ok_locales configurations? I read the POD doc but I am still a bit confused. For example, if Japanese was included in either ok_locales or ok_languages, does that mean that they would be evaluated for spam or ignored? Is it possible to use either of these configuration setting to tell Spam Assassin to ignore Japanese email (to avoid any false positive risk)?
simulating a live setup / testing spamd
Hi, I am currently on dial-up but I have spamassassin installed and spamd is running. I would like to test my setup in the most realistic way possible given my situation. I have tried forwarding spam I get on my regular windows machine to my lan mailserver (the one on which spamd is running) but it doesn't catch it. I am open to all suggestions. Thank you very much. __ Post your free ad now! http://personals.yahoo.ca
Re: ok_locales and ok_language purpose
At 02:12 PM 11/30/2004, Johnson, Robert F wrote: What is the purpose of the ok_languages and ok_locales configurations? I read the POD doc but I am still a bit confused. For example, if Japanese was included in either ok_locales or ok_languages, does that mean that they would be evaluated for spam or ignored? Is it possible to use either of these configuration setting to tell Spam Assassin to ignore Japanese email (to avoid any false positive risk)? ok_languages and ok_locales don't prevent messages from being scanned. Both default to everything is OK. If you set them, you use them to basically declare everything that is not in the list is likely to be spam. So if a message is written in a language which is not in the ok_languages list, it gets an increased score by triggering the UNWANTED_LANGUAGE_BODY rule. If a character set of a message comes from a locality not in on_localles, it gets an increase score by triggering the CHARSET_FARAWAY rule. In the default configuration, neither of these rules fires on anything.
Re: 25 AWL AWL: From: address is in the auto white-list?
At 12:42 PM 11/30/2004, Jerry wrote: I have some AWL's listed in my local.cf. You do? That's not likely true.. AWL has nothing to do with whitelist_from statements and the like. You can't create AWL entries in your local.cf. the AWL is the AUTOMATIC whitelist. It's just that.. automatic. You don't manually declare what's whitelisted and not. It tracks history and averages scores. However they are getting a postative score of 25 points and being marked as spam. Hmm, did that sender send a high-scoring spam in the past? use spamassassin --remove-addr-from-whitelist to clear their record. Shouldn't it be scoring the message with a negative score so it doesn't get marked as spam? No. The AWL is a score averager.. it's both a whitelist and a blacklist. See http://wiki.apache.org/spamassassin/AutoWhitelist and http://wiki.apache.org/spamassassin/AwlWrongWay
Re: Missed spam
On Friday 26 November 2004 10:28 am, Jerry Bell wrote: This spam went through with a score of 0. I'm using 3.01 with most of the sare rulesets. Any ideas on how to catch these? Just as a me too. I've been battling these for the last month or so with SA 3.0.1 with varied results. I run with a little higher required score (7.0) because this is a multi user setup. Regardless, these have proven very difficult to trap. I run the following SARE rules: 70_sare_adult.cf 72_sare_redirect_post3.0.0.cf 70_sare_bayes_poison_nxm.cf 99_FVGT_Tripwire.cf 70_sare_header0.cf 99_sare_fraud_post25x.cf 70_sare_specific.cf evilnumbers.cf Jeremy --- Date: Tue, 02 Nov 2004 11:42:41 +0200 Reply-To: Jeremiah Farkas [EMAIL PROTECTED] From: Jeremiah Farkas [EMAIL PROTECTED] User-Agent: The Bat! (v2.00.4) Personal X-Accept-Language: en-us MIME-Version: 1.0 To: Bo Riedell [EMAIL PROTECTED] Subject: Tell you a secret about keeping slimly built parch Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned: by phydio mail system X-Spam-Status: No, hits=3.5 tagged_above=-10.0 required=7.0 tests=BAYES_60, RCVD_IN_XBL, TW_RX X-Spam-Level: *** X-UID: 8 all-terrain pc-projects ping-kong inc-federal jc-shipfin zz01 fnet-free rxcom The fully stocked R#X check the overnight delivery interests. more satisfaction over nil payment on rx towards the LOow prices http://i.net.HealingRXinfo.com show you more satisfaction actually with overnight delivery. costless rx and consultation. Your mothers head is so big, it shows up on radar. A man limps into a bar with a cane and alligator. The bartender stops himandsays Holdon a secondhere - youcan't bringthatanimal inhere,theyaren'tallowed! Sotheman says, Butmygatorheredoes areally cooltrick... --- Date: Sat, 06 Nov 2004 05:27:08 +0800 Reply-To: billy edmonson [EMAIL PROTECTED] From: billy edmonson [EMAIL PROTECTED] User-Agent: AOL 4.0 for Windows 95 sub 10 MIME-Version: 1.0 To: Perry Anastas [EMAIL PROTECTED] Subject: To suit all tastes is really our work inhumane Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned: by phydio mail system X-Spam-Status: No, hits=2.8 tagged_above=-10.0 required=7.0 tests=BAYES_99, DRUGS_ANXIETY, DRUGS_PAIN, TW_BF X-Spam-Level: ** X-UID: 6 dumpsize cstgnttj frederiksted electroconductores fbfbtab zz01 fbtest enrimmon Super low charge with super service on handreds of RX meds, it is all real. The site lists Vicodin, Valium, and many more. For more, just check it. Hlmuxntww http://vr.net.FavorRXinfo.com/?Ig3 benefitmore from next day delivery. nil payment for rx Yo mama so fat, she put on her lipstick with a paint-roller Q. Why are blondes like 7-Eleven stores? A. Open 24 hours a day. --- Date: Wed, 17 Nov 2004 12:27:23 +0700 From: wesley weekley [EMAIL PROTECTED] User-Agent: Netscape6/6.1b1 X-Accept-Language: en-us MIME-Version: 1.0 To: quintin sigmon [EMAIL PROTECTED] Subject: savvings from reliable internet pharmacy Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned: by phydio mail system X-Spam-Status: No, hits=3.6 tagged_above=-10.0 required=7.0 tests=BAYES_99, TW_OV, URIBL_SBL X-Spam-Level: *** X-UID: 12 express service for rx refill online reduction in price available for you The site offers more than 600 meds in over 40 categories such as Pain Relief, Sleeping Aids, Depression-Anxiety, Muscle Relaxants, Allergy, Antibiotic and Wt. Loss. quality meds all at lower prices http://Rh.Bv.ofsupergood.com/?Ehd2sk8Kkl9-Wi1Rx4197Dxxlu45373Oa I just want to give internet pharmacy a try. Now I find it is really a convenient and quick solution for me. Just great. Online Rx PRO I expected that the matter would never be heard of; but, I wished to relieve my own mind. I had kept the matter`God bless you!' and left her. TO the eyes of Mr. Jeremiah Cruncher, sitting on his stool in Fleet Street withonnettomuuksia 51paljastajat01 sovjetologi saksankieliseenserbeille
Re: reply from sorbs
On Sun, 28 Nov 2004 20:35:31 -0800, Bob Amen wrote And you said an aggressive greet delay. I tried that and found too many false positives with legitimate mail servers that are poorly configured. The only recourse for those false positives is another means of communication (eg. telephone). So who's being irresponsible? I compromise. I use a pretty aggressive greet delay -- but only on machines that are on dynamic IP addresses (as determined by a DNS-based blacklist.) So if the person is on a static IP, *or* they're running an RFC-compliant MTA, their mail gets through. If they're on a dynamic IP and their MTA is crummy, I don't get their mail. Seems fair to me, and so far I haven't had any problems with this technique. It rejects an awful lot of mail from addresses in comcast.net. ;)
Re: OT - How often to reboot?
On Tue, 30 Nov 2004 01:53:20 -0800, jdow wrote From: Rob [EMAIL PROTECTED] My power supply died on Sunday morning, and as much as I wanted it not too, the machine powered off. Doesn't meet any of your above requirements but I'll let it pass this once. Clearly you need to start ordering your computers with dual redundant power supplies. ;)
SA 3.0 lint error
All, This is a relatively fresh install, new as of last week, not an upgrade of an old system. Ran spamassassin --lint as root, and got the following error: 'Argument isn't numeric in numeric eq (==) at /usr/local/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Conf/Parser.pm line 578.' Where might I start in trying to correct this? My local.cf is as follows: report_safe 1 report_safe_copy_headers Received add_header all Status _YESNO_, hits=_HITS_ required=_REQD_ tests=_TESTSSCORES_ bayes=_BAYES_ autolearn=_AUTOLEARN_ version=_VERSION_ add_header all Level _STARS(*)_ use_auto_whitelist 0 use_bayes 1 bayes_use_hapaxes bayes_path /home/filter/spamassassin/bayes bayes_auto_learn 1 skip_rbl_checks 1 use_razor2 0 use_dcc 0 use_pyzor 0 dns_available yes fold_headers 1 score BAYES_99 4.300 score BAYES_80 3.000 score HTML_FONT_INVISIBLE 3.5 score HTML_90_100 3.5 score HTML_WEB_BUGS 2.0 score USER_IN_WHITELIST_TO -50 Thanks, Kurt
Re: Brightmail (really, SA performance statistics)
Robert LeBlanc wrote: The closest thing to a standard way of measuring a spam filter's effectiveness is the scientific model that medical researchers use for diagnostic tests. Even so, there are five separate tests, not just one: Thank you for that very well written and helpful explanation! Now, do you have a script that computes the test values from a SA log file that you'd care to share? Cheers, Bob -- Bob Amen O'Reilly Media, Inc. http://www.ora.com/ http://www.oreilly.com/
Re: SA 3.0 lint error
At 03:33 PM 11/30/2004, Kurt Buff wrote: Ran spamassassin --lint as root, and got the following error: 'Argument isn't numeric in numeric eq (==) at /usr/local/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Conf/Parser.pm line 578.' Where might I start in trying to correct this? snip bayes_use_hapaxes Add a numeric 1 or 0 to the above..
Re: Brightmail (really, SA performance statistics)
Bob Amen wrote: Robert LeBlanc wrote: The closest thing to a standard way of measuring a spam filter's effectiveness is the scientific model that medical researchers use for diagnostic tests. Even so, there are five separate tests, not just one: Thank you for that very well written and helpful explanation! Now, do you have a script that computes the test values from a SA log file that you'd care to share? Doh! I should have engaged brain before fingers. How would a script tell false positives and false negatives from a log file? It can't. -- Bob Amen O'Reilly Media, Inc. http://www.ora.com/ http://www.oreilly.com/
Re: Brightmail (really, SA performance statistics)
At 03:39 PM 11/30/2004, Bob Amen wrote: Thank you for that very well written and helpful explanation! Now, do you have a script that computes the test values from a SA log file that you'd care to share? You can't measure any of those performance metrics from logfiles alone.. there's no way to determine FP and FN count from just logs... Gotta have a human for that part. There's really two ways 1) set up pre-sorted corpus pair and run against that, then calculate. You can detect FP and FN by doing separate runs on each half of the corpus. Any positives in the ham corpus are FPs... 2) go through your mail and hand-decide all the FPs and FNs, and combine that with the total statistics for that account from your logs. Of course, a script that breaks out logs by user, spam count and ham count could make that easier.. If your logs have the delivery account in the same line as the spam/ham claims of your filter, this could just be a simple pair of greps.. grep mkettler /var/log/mailog | grep is spam | wc -l Option 2 involves no advance work, but depending on your log format it can be a painful process.
Re: Brightmail (really, SA performance statistics)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Matt Kettler wrote: | At 03:39 PM 11/30/2004, Bob Amen wrote: | | Thank you for that very well written and helpful explanation! Now, | do you have a script that computes the test values from a SA log file | that you'd care to share? | | | You can't measure any of those performance metrics from logfiles alone.. | there's no way to determine FP and FN count from just logs... Gotta have | a human for that part. | | There's really two ways | 1) set up pre-sorted corpus pair and run against that, then | calculate. You can detect FP and FN by doing separate runs on each half | of the corpus. Any positives in the ham corpus are FPs... | | 2) go through your mail and hand-decide all the FPs and FNs, and | combine that with the total statistics for that account from your logs. | Of course, a script that breaks out logs by user, spam count and ham | count could make that easier.. If your logs have the delivery account in | the same line as the spam/ham claims of your filter, this could just be | a simple pair of greps.. | grep mkettler /var/log/mailog | grep is spam | wc -l There's an alternative to using log analysis or corpus snapshots--record the data you're looking for in a database in real time, based on user-mail interaction (e.g. a quarantine management system). The Maia Mailguard package (which uses SpamAssassin via a heavily-modified amavisd-new base) lets users manage their filter settings, whitelists/blacklists, quarantines, and a ham cache, all from a web-based interface built with PHP. Users can release any false positives from their quarantine page, and similarly they can report false negatives from their ham cache. Doing either of these implicitly adjusts the FP and FN stats in Maia's database. Users (or administrators) essentially do the confirming of ham and spam, and the reporting of false positives and negatives, just by managing their quarantines and ham caches. This then allows a set of Perl scripts to run at scheduled intervals behind the scenes to train the Bayes database and do reporting of spam to Razor/Pyzor/DCC. Since the counts of spam, ham, FP, and FN are maintained in a database table on a per-user basis, it then becomes trivial to compute PPV, NPV, Sensitivity, Specificity, and Efficiency for individual users, or the system as a whole. Maia summarizes all of this data at the bottom of its stats page, e.g. http://www.renaissoft.com/mail/public.php. - -- Robert LeBlanc [EMAIL PROTECTED] Renaissoft, Inc. Maia Mailguard http://www.maiamailguard.com/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQFBrOeDGmqOER2NHewRAl5rAJ4/X5gVMQ/ZnAx25mFC6mbf5KNjpwCfc4WA DMs4YaSVZBTXJ7nLQlXIE0A= =Ncf/ -END PGP SIGNATURE-
Re: simulating a live setup / testing spamd
Ok, you have SpamAssassin installed and you have spamd running. Where do you call spamc? I am not using spamc directly. How is that done? Actually, my system does not have a man page on this program. Anyway, I am using a Sendmail milter called smtp-vilter and I guess that it internally calls spamc. Any thoughts? __ Post your free ad now! http://personals.yahoo.ca
OT: Lycos Make Love Not Spam screensaver
A screensaver that DDoS's spammer websites: http://www.theregister.co.uk/2004/11/26/lycos_europe_spam_blitz/ http://makelovenotspam.com/intl/ http://www.google.com/search?num=100hl=enlr=safe=offq=lycos+make+love+not+spambtnG=Search
Image Composition Analysis
Messagelabs made a big deal of their option of using First 4 Internet's Image Composition Analysis tool to detect pornographic images. Is anyone in the open source world working on something similar. Catching image only E-mail with pornographic images is really difficult. My users are offended when they get one, and wonder how I could not catch it. Explaining that the document was text, filled with bayes poison, and the one porn image with no porn words in the document doesn't seem to have much of an impression on them. Dan
Re: Image Composition Analysis
Smart,Dan said: Messagelabs made a big deal of their option of using First 4 Internet's Image Composition Analysis tool to detect pornographic images. Is anyone in the open source world working on something similar. Catching image only E-mail with pornographic images is really difficult. My users are offended when they get one, and wonder how I could not catch it. Explaining that the document was text, filled with bayes poison, and the one porn image with no porn words in the document doesn't seem to have much of an impression on them. Well, I'm only a interested end user, not a admin, nor could I set up SA if my job depended on it, however I did assist in the configuration a year ago Isn't there a rule for something like Image only e-mails with no text in them? Modify that rule for additional points, so if a e-mail consists of a image only it will score higher. I mean granted, there will be the occasional message from their friend with Here's a picture of my new son that's possibly a FP, but that should be few and far between. Just my .02. Evan
RE: Image Composition Analysis
The ones that get through have bayes poison at the bottom. It did hit a couple of the SARE rules that look for bayes poison, but didn't score enough to kill it. Very well crafted. Dan -Original Message- From: Evan Platt [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 30, 2004 4:53 PM To: users@spamassassin.apache.org Subject: Re: Image Composition Analysis Smart,Dan said: Messagelabs made a big deal of their option of using First 4 Internet's Image Composition Analysis tool to detect pornographic images. Is anyone in the open source world working on something similar. Catching image only E-mail with pornographic images is really difficult. My users are offended when they get one, and wonder how I could not catch it. Explaining that the document was text, filled with bayes poison, and the one porn image with no porn words in the document doesn't seem to have much of an impression on them. Well, I'm only a interested end user, not a admin, nor could I set up SA if my job depended on it, however I did assist in the configuration a year ago Isn't there a rule for something like Image only e-mails with no text in them? Modify that rule for additional points, so if a e-mail consists of a image only it will score higher. I mean granted, there will be the occasional message from their friend with Here's a picture of my new son that's possibly a FP, but that should be few and far between. Just my .02. Evan