Re: Where do I find sa-learn?
> I installed red hat 8.0 and have been using sa from there for about a year. > The sa version is 2.31. Oh my. That is seriously old. I'd most emphatically suggest it is time for an upgrade. 3.0.1 would be the desired version since it is current and seemingly installs fairly easily. But at the very least you should consider 2.64. Loren
RE: Where do I find sa-learn?
I installed red hat 8.0 and have been using sa from there for about a year. The sa version is 2.31. -Original Message- From: Matt Kettler [mailto:[EMAIL PROTECTED] Sent: Sunday, 12 December 2004 4:45 AM To: Paul Grenda; users@spamassassin.apache.org Subject: Re: Where do I find sa-learn? At 08:02 PM 12/11/2004 +1100, Paul Grenda wrote: >I use sa for my home network and am finally getting (gotten) jack of most of >the spam getting through. >I've tried to find / -name 'sa-learn' >but it aint there. > >Where do I get sa-learn? sa-learn is an integral part of SA versions 2.50 and higher. If you don't have it, it's been deleted, or you've got an old version of SA. Check what version of SA you have.
Could not create INET Socket
I am trying to get fetchmail, maildrop and spamassassin happily running together, and most things are working except between maildrop and SA. I am getting this message: fetchmail: reading message [EMAIL PROTECTED]:1 of 1 (1122 octets) #Could not create INET socket on 127.0.0.1:783: Permission denied (IO::Socket::INET: Permission denied) maildrop: error writing to filter. the call to SA is xfilter "spamd" Is there something that I need to pass with spamd to get the socket created? -- Mountlake Terrace, WA USA
Re: some mails are not tagged
From: "Loren Wilton" <[EMAIL PROTECTED]>
> > since the upgrade from spamassassin 2.61 to 3.01. i sometimes experience
> > a strange problem. the subject of some mails is not rewritten with
> > *SPAM even if the score is high enough and the report attached
> > to the headers says its spam:
> >
> > X-Spam-Checker-Version: SpamAssassin on ianus
> > X-Spam-Status: Yes, hits=8.0 required=5.0
tests=BAYES_99,MISSING_HEADERS,
> > MISSING_SUBJECT,NO_REAL_NAME,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_XBL,
> > SPF_SOFTFAIL autolearn=no
>
> This is a FAQ question, or at least should be.
>
> MISSING_SUBJECT - the original mail doesn't have a subject.
>
> SA *RE*writes headers. It doesn't *create* headers that weren't there.
> So since there was no subject, there was no subject to rewrite, so there
was
> no place to put the tag.
>
> There is an enhancement open on this, and I had thought that it actually
> made it in to 3.1.0 or so; but I could well be mistaken about that.
>
> Loren
In the mean time a procmail/formail rule should be able to toss in a
dummy subject. I'll see if I can think of what the procmail search
string should look like. (I suspect a subject of all blanks, say 20 to
40 of them, would still trigger that behavior.)
{^_^}
Re: Resending mail Outlook still strips out headers
Copy it to a folder is probably the best shot if he does not directly
export the files as MBOX files. Outlook mangles headers a little, I
understand. But it's far easier to deal with than OutlookExpress.
(Express - - is'nt that doctor talk for popping zits?)
{^_^}
- Original Message -
From: "Loren Wilton" <[EMAIL PROTECTED]>
> > What am I doing wrong (besides still using a piece of shit like
Outlook)?
>
> Thats the problem in a nutshell. :-( Even Outlook Depress, er, Express
can
> manage better than Outlook.
>
> If you have set up an IMAP folder for Outlook, I *think* you *should* be
> able to "move" or "copy" or drag/drop the message into the imap folder.
> This *should* preserve as much of the headers that Outlook hasn't already
> trashed. This works fine on OE.
>
> Oh wait. You said *resend* it. No, that won't work, it indeed will make
it
> come from you.
>
> The two functional methods are either using a folder you can drag the
> message to, or send the spam *as an attachment* to some target that will
> strip the included spam message out of the new message.
>
> The IMAP trick is probably the simplest to implement. Once you have an
IMAP
> folder or two on the SA server and can drop spam/ham there, about all you
> need is a cron job to suck up the stuff to learn once a day and then
delete
> the stuff from the folder.
>
> Loren
Re: Where do I find sa-learn?
At 08:02 PM 12/11/2004 +1100, Paul Grenda wrote: I use sa for my home network and am finally getting (gotten) jack of most of the spam getting through. I've tried to find / -name 'sa-learn' but it aint there. Where do I get sa-learn? sa-learn is an integral part of SA versions 2.50 and higher. If you don't have it, it's been deleted, or you've got an old version of SA. Check what version of SA you have.
Re: Errors after upgrading to SA 3.0.1
On Sat, Dec 11, 2004 at 07:46:40AM -0700, Scott wrote: > After upgrading to 3.0.1 I get the following errors when I run sa-learn: > > Unrecognized escape \Q passed through in regex; marked by <-- HERE in > m/X-Mailer =~ /\Q <-- HERE charset(89)\E// at > /usr/local/lib/perl5/site_perl/5.8.4/Mail/SpamAssassin/Conf/Parser.pm > line 766. It looks like you have some bad local rules installed. SA tries to verify that the rules are valid before adding them, and as shown above, you have at least 1 rule which fails that test. -- Randomly Generated Tagline: I don't know if it's what you want, but it's what you get. :-) -- Larry Wall in <[EMAIL PROTECTED]> pgplhIJUONtDb.pgp Description: PGP signature
Re: some mails are not tagged
> since the upgrade from spamassassin 2.61 to 3.01. i sometimes experience > a strange problem. the subject of some mails is not rewritten with > *SPAM even if the score is high enough and the report attached > to the headers says its spam: > > X-Spam-Checker-Version: SpamAssassin on ianus > X-Spam-Status: Yes, hits=8.0 required=5.0 tests=BAYES_99,MISSING_HEADERS, > MISSING_SUBJECT,NO_REAL_NAME,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_XBL, > SPF_SOFTFAIL autolearn=no This is a FAQ question, or at least should be. MISSING_SUBJECT - the original mail doesn't have a subject. SA *RE*writes headers. It doesn't *create* headers that weren't there. So since there was no subject, there was no subject to rewrite, so there was no place to put the tag. There is an enhancement open on this, and I had thought that it actually made it in to 3.1.0 or so; but I could well be mistaken about that. Loren
Re: Resending mail Outlook still strips out headers
> What am I doing wrong (besides still using a piece of shit like Outlook)? Thats the problem in a nutshell. :-( Even Outlook Depress, er, Express can manage better than Outlook. If you have set up an IMAP folder for Outlook, I *think* you *should* be able to "move" or "copy" or drag/drop the message into the imap folder. This *should* preserve as much of the headers that Outlook hasn't already trashed. This works fine on OE. Oh wait. You said *resend* it. No, that won't work, it indeed will make it come from you. The two functional methods are either using a folder you can drag the message to, or send the spam *as an attachment* to some target that will strip the included spam message out of the new message. The IMAP trick is probably the simplest to implement. Once you have an IMAP folder or two on the SA server and can drop spam/ham there, about all you need is a cron job to suck up the stuff to learn once a day and then delete the stuff from the folder. Loren
Re: Rude spammers
--On Friday, December 10, 2004 7:52 PM -0800 Jeff Chan <[EMAIL PROTECTED]> wrote: But "Get a capable html e-mailer" could also be generic text for non-MIME or non-HTML capable mail clients to see. It's highly lame (especially when messages should be in plain text IMO), but it could appear in hams. If it appears in the plain text side, it's a spam-sign. But if it appears in the HTML side, maybe we should award it bonus negative points! ;)
Errors after upgrading to SA 3.0.1
After upgrading to 3.0.1 I get the following errors when I run sa-learn: Unrecognized escape \Q passed through in regex; marked by <-- HERE in m/X-Mailer =~ /\Q <-- HERE charset(89)\E// at /usr/local/lib/perl5/site_perl/5.8.4/Mail/SpamAssassin/Conf/Parser.pm line 766. Unrecognized escape \E passed through in regex; marked by <-- HERE in m/X-Mailer =~ /\Qcharset(89)\E <-- HERE // at /usr/local/lib/perl5/site_perl/5.8.4/Mail/SpamAssassin/Conf/Parser.pm line 766. A google search turned up a lot of non-relevant stuff.. Thanks Scott
Re: Resending mail Outlook still strips out headers
On Sat, 11 Dec 2004 06:39:38 -0500, "Steve Dondley" <[EMAIL PROTECTED]> wrote: >I'm trying to train SpamAssassin. I've set up two mailboxes on my server. >One for spam and one for non-spam. I'm trying to figure out how to deliver >mail there from my client (Outlook 2000). > >There is some advice given on the SpamAssassin web site to not forward mail >but to resend it. I do that. But when I look at the raw mail on my server, >none of the original headers are there. The e-mails all look like the >originally came from me. > >What am I doing wrong (besides still using a piece of shit like Outlook)? You can't do it if you're popping from Outlook. I get around it by setting Outlook to POP but "Leave mail on server for 2 days". I also have Outlook set to make an IMAP connection to my server. When SA misses a spam, I use the IMAP account in Outlook to move the message to a "spam" folder. I run a cron job twice a day: sa-learn --dbpath /var/spool/spamassassin/bayes --mbox --spam /home/*/mail/spam to pick up mail moved into the "spam" folders. -- Steve
Re: some mails are not tagged
i know and as i have written 99% is tagged correctly. only mails which miss the subject tag in the headers are not tagged! regards alex Werner Detter wrote: hi, sytax for rewriting the subject has changed from spamassassin 2.x to 3.0 old rewrite_subject ***SPAM*** new rewrite_header subject ***SPAM*** bye, werner i think i found the reason for my problem: the subject tag is missing in those spammails. seems like this confuses spamassassin! from my point of view it would make sense it spamassassin would create the subject tag if it is missing. alex Alexander Gruber wrote: hi together, since the upgrade from spamassassin 2.61 to 3.01. i sometimes experience a strange problem. the subject of some mails is not rewritten with *SPAM even if the score is high enough and the report attached to the headers says its spam: X-Spam-Checker-Version: SpamAssassin on ianus X-Spam-Status: Yes, hits=8.0 required=5.0 tests=BAYES_99,MISSING_HEADERS, MISSING_SUBJECT,NO_REAL_NAME,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_XBL, SPF_SOFTFAIL autolearn=no but 99% of my spammails are tagged correctly! i´m using the following configuration: - spamassassin 3.01 - perl 5.6.1 - autowhitelists, bayes and user-config via mysql - qmail-scanner 1.24 thanks for any hints! regards alex
Problem using spamd command
Hi, I am using Redhat 9.0 Linux server with sendmail 8.13 and clamav-0.80 working fine. I want add spamasssin filter to it. I have selected option spamassin while installing redhat 9.0. Now when I give following command : [EMAIL PROTECTED] root]# spamd bind: Address already in use at /usr/bin/spamd line 177. ### What could be the problem? Thanks __ Do you Yahoo!? Yahoo! Mail - 250MB free storage. Do more. Manage less. http://info.mail.yahoo.com/mail_250
Re: Rude spammers
On Fri, 10 Dec 2004 23:59:35 -0800 Robert Menschel wrote: > However, if you were in > business and sending emails to your customers or clients, would you > insult them with the demand "Get a capable html e-mailer"? Any company > that does that to me loses my business without any second thoughts. > > I know that my company would never think of saying anything like that > to any of our customers nor our vendors. I second that. My company has developed a secure email product that includes alternate text for e-mail clients who do not support HTML (they can't render images). Our customers would freak if we used anything but professional wording. I also get alternate text in response to an online download request. If that response was as rude as the ones commonly used by spammers, I would totally ignore the entire email even though I initiated contact. Brenda Bell Henniker (the only one on earth) New Hampshire (the state with 5 seasons: black fly, tourist, foliage, ski and mud)
Re: some mails are not tagged
hi, sytax for rewriting the subject has changed from spamassassin 2.x to 3.0 old rewrite_subject ***SPAM*** new rewrite_header subject ***SPAM*** bye, werner > i think i found the reason for my problem: the subject tag is missing in > those spammails. seems like this confuses spamassassin! > from my point of view it would make sense it spamassassin would create > the subject tag if it is missing. > > alex > > Alexander Gruber wrote: >> hi together, >> >> since the upgrade from spamassassin 2.61 to 3.01. i sometimes experience >> a strange problem. the subject of some mails is not rewritten with >> *SPAM even if the score is high enough and the report attached >> to the headers says its spam: >> >> X-Spam-Checker-Version: SpamAssassin on ianus >> X-Spam-Status: Yes, hits=8.0 required=5.0 >> tests=BAYES_99,MISSING_HEADERS, >> MISSING_SUBJECT,NO_REAL_NAME,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_XBL, >> SPF_SOFTFAIL autolearn=no >> >> but 99% of my spammails are tagged correctly! >> >> i´m using the following configuration: >> >> - spamassassin 3.01 >> - perl 5.6.1 >> - autowhitelists, bayes and user-config via mysql >> - qmail-scanner 1.24 >> >> thanks for any hints! >> >> regards >> >> alex >
Re: some mails are not tagged
i think i found the reason for my problem: the subject tag is missing in those spammails. seems like this confuses spamassassin! from my point of view it would make sense it spamassassin would create the subject tag if it is missing. alex Alexander Gruber wrote: hi together, since the upgrade from spamassassin 2.61 to 3.01. i sometimes experience a strange problem. the subject of some mails is not rewritten with *SPAM even if the score is high enough and the report attached to the headers says its spam: X-Spam-Checker-Version: SpamAssassin on ianus X-Spam-Status: Yes, hits=8.0 required=5.0 tests=BAYES_99,MISSING_HEADERS, MISSING_SUBJECT,NO_REAL_NAME,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_XBL, SPF_SOFTFAIL autolearn=no but 99% of my spammails are tagged correctly! i´m using the following configuration: - spamassassin 3.01 - perl 5.6.1 - autowhitelists, bayes and user-config via mysql - qmail-scanner 1.24 thanks for any hints! regards alex
some mails are not tagged
hi together, since the upgrade from spamassassin 2.61 to 3.01. i sometimes experience a strange problem. the subject of some mails is not rewritten with *SPAM even if the score is high enough and the report attached to the headers says its spam: X-Spam-Checker-Version: SpamAssassin on ianus X-Spam-Status: Yes, hits=8.0 required=5.0 tests=BAYES_99,MISSING_HEADERS, MISSING_SUBJECT,NO_REAL_NAME,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_XBL, SPF_SOFTFAIL autolearn=no but 99% of my spammails are tagged correctly! i´m using the following configuration: - spamassassin 3.01 - perl 5.6.1 - autowhitelists, bayes and user-config via mysql - qmail-scanner 1.24 thanks for any hints! regards alex
Re: Resending mail Outlook still strips out headers
If you are doing a one person server Outlook makes life easy. I
understand it can directly export an mbox format file. Do that
periodically and use the exported data to train the bayes filters.
With Outlook Express it is VASTLY more involved and a pain in the
to implement. I know. I use OE and so
does Loren. I hacked a method that works. But setting it up requires
very specialized configurations. (I am utterly amazed that I managed
it with postfix. It presented the challenge. I met it - in Mandrake
10.1, which is severely TCP/IP tool challenged. (Of course, it is
infinitely better than that "thing" called Fedora. But let's not
war about it here. I just needed to vent a little. Treat it as that
and nothing more.)
{^_-}
- Original Message -
From: "Steve Dondley" <[EMAIL PROTECTED]>
> I'm trying to train SpamAssassin. I've set up two mailboxes on my server.
> One for spam and one for non-spam. I'm trying to figure out how to
deliver
> mail there from my client (Outlook 2000).
>
> There is some advice given on the SpamAssassin web site to not forward
mail
> but to resend it. I do that. But when I look at the raw mail on my
server,
> none of the original headers are there. The e-mails all look like the
> originally came from me.
>
> What am I doing wrong (besides still using a piece of shit like Outlook)?
Resending mail Outlook still strips out headers
I'm trying to train SpamAssassin. I've set up two mailboxes on my server. One for spam and one for non-spam. I'm trying to figure out how to deliver mail there from my client (Outlook 2000). There is some advice given on the SpamAssassin web site to not forward mail but to resend it. I do that. But when I look at the raw mail on my server, none of the original headers are there. The e-mails all look like the originally came from me. What am I doing wrong (besides still using a piece of shit like Outlook)?
Re: 70_sare_header0 70_sare_header1 and 70_sare_genlsub problems
I just got 3.0.1 running. I get about 115 of those 22 character and 50
character violations. Most of them are from the rule sets I use here.
{^_^}
- Original Message -
From: "Robert Leonard" <[EMAIL PROTECTED]>
> Hmm.. well, all 3 of those files I mentioned were first time downloads
this
> morning.. I manually got them using wget.. I've been running 3.0 for some
> time now (months) and this is the first time I've seen these errors..
>
> Nobody else is getting this when they lint with these rules?
>
>
>
> _
>
> From: Loren Wilton [mailto:[EMAIL PROTECTED]
> Sent: Friday, December 10, 2004 10:38 AM
> To: users@spamassassin.apache.org
> Subject: Re: 70_sare_header0 70_sare_header1 and 70_sare_genlsub problems
>
>
> You either have very old versions of those files, or are using a pre-3.0
> version of something.
>
> We cleaned up all of those 3.0 warnings a couple of months back, *except*
in
> a couple of files that were specifically 3.0 only. We left the warnings
> there as a hopeful indication that someone would see something wrong.
>
> Loren
>
> - Original Message -
> From: Robert Leonard
> To: 'users@spamassassin.apache.org'
>
> Sent: Friday, December 10, 2004 8:32 AM
> Subject: 70_sare_header0 70_sare_header1 and 70_sare_genlsub problems
>
>
> When I lint this rule I get numerous events warning that the describe
field
> is more the 50 characters in length.. Is this something new, or something
I
> can fix (short of going through and modifying each of these lines by
hand)?
>
> Just running the rulesdujour script I am getting this type of warning all
> over the place... Manually running the --lint seems to pass, with the
debug
> I see the warnings..
>
>
>
> For example..
> warning: description for SARE_SUB_DOUBLE_CONS is over 50 chars
>
>
> Thanks all!
>
>
Where do I find sa-learn?
I use sa for my home network and am finally getting (gotten) jack of most of the spam getting through. I've tried to find / -name 'sa-learn' but it aint there. Where do I get sa-learn? Thanks in anticipation. Regards, Paul. --- Paul Grenda __ Manager /. \/| Soft Fish \__/\| 6 Moorhouse Street Richmond Victoria, Australia 3121 0418 534 764 [EMAIL PROTECTED]
Re: Rude spammers
On Friday, December 10, 2004, 11:59:35 PM, Robert Menschel wrote: > Hello Jeff, > Friday, December 10, 2004, 7:52:50 PM, you wrote: JC>> On Friday, December 10, 2004, 1:21:19 PM, Robert Menschel wrote: LW You mean something like this? Works like a charm. >>> Agreed. Hope to have my own mass-check results of this shortly (my >>> version is slightly different from yours). Looks real useful so far. JC>> But "Get a capable html e-mailer" could also be generic JC>> text for non-MIME or non-HTML capable mail clients to see. JC>> It's highly lame (especially when messages should be in JC>> plain text IMO), but it could appear in hams. > Agreed -- the possibility of FP exists. However, if you were in > business and sending emails to your customers or clients, would you > insult them with the demand "Get a capable html e-mailer"? Any company > that does that to me loses my business without any second thoughts. > I know that my company would never think of saying anything like that > to any of our customers nor our vendors. I've seen similar portions of messages with less rude wording but similar meaning, e.g., "this message can only be properly viewed with an HTML-capable program" or something similar. Jeff C. -- Jeff Chan mailto:[EMAIL PROTECTED] http://www.surbl.org/
Re[2]: Rude spammers
Hello Jeff, Friday, December 10, 2004, 7:52:50 PM, you wrote: JC> On Friday, December 10, 2004, 1:21:19 PM, Robert Menschel wrote: LW>>> You mean something like this? Works like a charm. >> Agreed. Hope to have my own mass-check results of this shortly (my >> version is slightly different from yours). Looks real useful so far. JC> But "Get a capable html e-mailer" could also be generic JC> text for non-MIME or non-HTML capable mail clients to see. JC> It's highly lame (especially when messages should be in JC> plain text IMO), but it could appear in hams. Agreed -- the possibility of FP exists. However, if you were in business and sending emails to your customers or clients, would you insult them with the demand "Get a capable html e-mailer"? Any company that does that to me loses my business without any second thoughts. I know that my company would never think of saying anything like that to any of our customers nor our vendors. Bob Menschel
RE: Virus-Sent Spam
>From what I understand, a larger portion of spam is now being sent by viruses installed on computers which hack the address book and then start sending out spams to generate affiliate income for the virus creator and/or the virus creator's partners. In these types of cases, often, the message sent is not necessarily a virus itself, but just spam. One obvious sign of this is the increase in randomly forged FROMs where you see signs of these being forged with interconnecting relationships of people. However, some of these forgeries could also be due to "joe jobs" campaigns and/or pre-programmed obfuscation using names on relative small but interrelated lists? At least, this is how I understand things to be. Corrections? ...now, my question... Is there some way of knowing for definite whether a non-virus spam was sent by a virus. Is there a corpus of such examples? Also, other than standard maintenance (windows updates, virus checker, etc), does forcing users to use password-authentication for SMTP server usage eliminate or minimize the ability of these viruses to propagate their spam? (or do they just sent it directly and/or hack into the system and use the authentication already set up for Outlook?) Basically, to bring this down to a more concrete situation, I have many clients who use my server for POP3 and web hosting, but use their ISP's server for SMTP. I'm wondering if switching them to my server for sending mail will help due to my requirement for password authentication for SMTP server usage. (of course, my spam filter alone would help in this situation) Thanks, Rob McEwen
Re: Rude spammers
On Friday, December 10, 2004, 1:21:19 PM, Robert Menschel wrote: > Hello Loren, > Friday, December 10, 2004, 10:33:02 AM, you wrote: >>> > Got a couple spams today that slipped by SA with a plain text and HTML >>> > part, and this was the plain text part: >>> > "Get a capable html e-mailer" >>> ... >>> I've seen this mentioned a couple of times recently. If it's really >>> diagnostic of spamware - which it probably is - it might not hurt to write >>> a rule for it. LW>> You mean something like this? Works like a charm. > Agreed. Hope to have my own mass-check results of this shortly (my > version is slightly different from yours). Looks real useful so far. > Bob Menschel But "Get a capable html e-mailer" could also be generic text for non-MIME or non-HTML capable mail clients to see. It's highly lame (especially when messages should be in plain text IMO), but it could appear in hams. Jeff C. -- Jeff Chan mailto:[EMAIL PROTECTED] http://www.surbl.org/
Re: 2.64 - SUBJ_HAS_UNIQ_ID - incorrect interpretation of underscores??
I just finally turned this rule off. For some reason it has started triggering on a whole lot of my normal mail, which isn't useful and is creating a bunch of FPs. I don't think I've ever seen it trigger on spam... :-) Loren
Re: 2.64 - SUBJ_HAS_UNIQ_ID - incorrect interpretation of underscores??
At 08:30 PM 12/10/2004, Matt Kettler wrote:
>The rule doesn't do very well anyway:
>
> 1.039 1.1433 0.11900.906 0.730.90 SUBJ_HAS_UNIQ_ID
>
>Hence the <1 score it receives.
Perhaps this is a decent chunk of why the rule doesn't perform well It
might be worth looking into modifying that regex in the eval to try to get
better performance, or splitting them up so you can test each separately...
Nevermind. Looking at my most recent 300 spams, only one matched, and that
didn't have a UNIQ_ID..
Subject: {SPAM} 0rder your meds" today`
It doesn't look like spammers use UNIQ ID's in the subject lines often
anymore..
The only one I did find, doesn't match the rule:
Subject: {SPAM} STOP_PAYING_FOR YOUR Cable_Movies e6pgu5
There are others posing as shipment notices, but the rule tries to skip
them on purpose..
Subject: {SPAM} Fedex Ship Notification, Tracking Number :
VBN24530946 - 40352TZLP
Subject: {SPAM} Fedex Delivery Confirmation, Tracking Number :
ITZ65070066405343DJCK
Re: 2.64 - SUBJ_HAS_UNIQ_ID - incorrect interpretation of underscores??
At 04:06 PM 12/10/2004, Theo Van Dinter wrote: It's not simply a hyphenated word. It looks like two long sets of characte= rs with a hyphen in the middle, which is the exact same thing as a unique id. The rule doesn't do very well anyway: 1.039 1.1433 0.11900.906 0.730.90 SUBJ_HAS_UNIQ_ID Hence the <1 score it receives. Perhaps this is a decent chunk of why the rule doesn't perform well It might be worth looking into modifying that regex in the eval to try to get better performance, or splitting them up so you can test each separately...
Re: connection to spamd refused...
If MailScanner is set up to use spamassassin, then it normally wouldn't be using spamc. However, if spamd is not running, spamc can't connect to it. spamc = client spamd = daemon On Fri, 10 Dec 2004, Andy Norris wrote: > > My understanding is that spamd should not be running when spamassassin is > used in conjunction with MailScanner as MailScanner uses spamassassin > directly, and not as a daemon? > > So is this a MailScanner issue, then? > > Thanks Mike, > Andy > > > At 01:44 pm 2004-12-10, you wrote: > >Is spamd running? > > > >On Fri, 10 Dec 2004, Andy Norris wrote: > > > > > > > > Sorry to bother again, but I feel we must be getting closer... > > > > > > This in the logs (/var/log/maillog) now...(!) > > > > > > Dec 10 13:44:40 tireswing spamc[22597]: connect() to spamd at 127.0.0.1 > > > failed, retrying (1/3): Connection refused > > > Dec 10 13:44:41 tireswing spamc[22597]: connect() to spamd at 127.0.0.1 > > > failed, retrying (2/3): Connection refused > > > Dec 10 13:44:42 tireswing spamc[22597]: connect() to spamd at 127.0.0.1 > > > failed, retrying (3/3): Connection refused > > > > > > Any hints what to look for here? This is getting very frustrating, as the > > > first few messages are scanned by SA, but after a while it starts to > > either > > > time out or refuse connection, then we're at virtually no spam filtering. > > > > > > >-- > >Mike Burger > >http://www.bubbanfriends.org > > > >Visit the Dog Pound II BBS > >telnet://dogpound2.citadel.org or http://dogpound2.citadel.org > > > >To be notified of updates to the web site, visit > >http://www.bubbanfriends.org/mailman/listinfo/site-update, or send a > >message to: > > > >[EMAIL PROTECTED] > > > >with a message of: > > > >subscribe > -- Mike Burger http://www.bubbanfriends.org Visit the Dog Pound II BBS telnet://dogpound2.citadel.org or http://dogpound2.citadel.org To be notified of updates to the web site, visit http://www.bubbanfriends.org/mailman/listinfo/site-update, or send a message to: [EMAIL PROTECTED] with a message of: subscribe
Re: Do spammers send *german* 'pure bayes poison' just 'now'?
At 06:11 PM 12/10/2004, AltGrendel wrote: >Is this done to posion bayes before 'the real spam' arrives? >So far spamassassin did *not* react on those Mails, having >no clue that it might be spam (it has some trouble with german >anyway). > >Should I stop 'autolearnig' to avoid repercussions of this? > >Stucki (postmaster at math/inf/mi.fu-berlin.de) > > > It sounds to me like they are just trying to verify email addresses. As far as bayes poisoning, it actually helps bayes to get emails like that. Quite frankly, sounds more like an attempt at AWL poisoning than bayes poisoning. Sending a bunch of poison messages before you send a real spam isn't going to be very effective at poisoning bayes, particularly since you don't know what they will do with the messages, but it could be used poison your AWL.
