Re: trying to install 3.0.2 via CPAN
On Monday 20 December 2004 05:22 pm, Robert Menschel wrote: I found a month or so ago, during a system rebuild, that for some reason I was getting errors like this for 3.0.1, from a CPAN install, but I then did a download of the tar and installed from that, and make test came out clean. You might try something similar -- use CPAN to make sure your dependencies are all in place (especially the SPF prereqs), and then install (at least through the make test from a tarball, and see if that gets around the problem. Bob Menschel (I have got to learn to hit 'reply all' when replying on this list) I guess I did everything bassackwards, I did the upgrade to 3.0.2 from CPAN (via webmin), noticed the SPF test was skipped, then I installed SPF and the dependencies. I didn't notice any actual errors though during my install. -- Chris Registered Linux User 283774 http://counter.li.org 7:12pm up 22 days, 4:31, 1 user, load average: 0.74, 0.64, 0.34 Is that a 286 or are you just running Windows? Live - From Virgin Radio UK Genesis - Follow You Follow Me --- -- Chris Registered Linux User 283774 http://counter.li.org 7:18pm up 22 days, 4:36, 1 user, load average: 0.65, 0.60, 0.39 No man is useless who has a friend, and if we are loved we are indispensable. -- Robert Louis Stevenson Live - From Virgin Radio UK The Stranglers - Duchess
Re: Interesting NW article
SA plus SARE rules, even the only very conservative batch, is closer to 99% with few if any false positives. And with the Bayes scores on 3.x I figure why bother to Bayes? (So I doctored my rule values.) {^_^} - Original Message - From: Carnegie, Martin [EMAIL PROTECTED] Well, from our implementation I would say that this article is junk. We are running SA with pretty much default config and no Bayes and are getting about 97% with the only FPs being some mass mailings from vendors (MS Technet for example). If we looked at turning on Bayes then this product would probably be the best out there. This quote SpamAssassin requires a significant amount of integration work to make an enterprise-class installation succeed is bs, we did the upgrade from 2.64 which worked great and have not seen any issues and the amount of work to implement was about an hour. So keep up the great work guys and ignore these technical reviews.
Re: OT Boincing Spam
From: Evan Platt [EMAIL PROTECTED] ChupaCabra said: My boss is twisting off today because he got 350 messages marked [SPAM] over the weekend. His Reaction is to Bounce em all, Let the isps sort it out. I tried explaining about forged headers and the myriad of other methods spammers use to look like they come from someplace else. Apparantly he feels like I am blowing smoke. I don't have a link for you, but tell your boss to imagine if someone decided to dictionary attack every ISP they could find, using not only dictionary words, but every combination of letters up to 9 letters, i.e. a, b, c, etc up to z for every ISP they can find. And tell your boss that they intend to use HIS address as the reply-to address for the spam. Now ask him if he still thinks it's a good idea for ISP's to 'bounce' spam to this unintended victim - him. Nice to fantasize about, Evan; but, doing so can truncate a budding career woefully short. If he uses procmail then he can toss all the spam above 10 points into /dev/null. For the rest teach your boss how to setup a SPAM folder in his email program. Then explain the false positive problem and how he might lose customers that way. That might get him to cull through the few 5.0 to 9. spams he'd receive. I am sure something equivalent can be done with the spam stars with virtually any filter mechanism be it milter, amavis, or whathaveyou. Also, a note for the SARE folks: There might be an alternate set of scores for the sexual related spams that give them very high weights. These are things that do not belong in most business environments. Let the employees be kinky at home. {^_^}
Re: OT Boincing Spam
From: Evan Platt [EMAIL PROTECTED] Evan Platt said: I don't have a link for you, but tell your boss to imagine if someone decided to dictionary attack every ISP they could find, using not only dictionary words, but every combination of letters up to 9 letters, i.e. a, b, c, etc up to z for every ISP they can find. And tell your boss that they intend to use HIS address as the reply-to address for the spam. Now ask him if he still thinks it's a good idea for ISP's to 'bounce' spam to this unintended victim - him. Let me follow up to myself (please allow myself to introduce... myself.) I posted a message to a yahoo group last week. A few minutes later, I get a e-mail that my message has been marked as Spam by some software, and if I wish to confirm my identity, I must click on a link to that companies web site (tracking numbers and all that in the URL). And, of course, this will add me to the persons allowed list so I won't have to do it again. Needless to say, I will NOT do that. This company could then sell its lists of CONFIRMED addresses for a goldmine. I then posted to the list, asked if anyone else had received this message, and a number of people did, and for the most part, no one clicked on the link. So now there's some 1d10t wondering why he's not getting any mail. I know this isn't your boss'es intention, but it sounds like he wants anything marked as spam deleted? Not a good idea, IMHO. (Baby, bathwater). Evan I consign such tweebles to the bit bucket in procmail before they ever get to SpamAssassin. I very seldom review that very slowly growing set of rules. If someone reforms I'm still not interested in the critter. {^_^}
Re: OT Boincing Spam
So true. If the boss wants to make an effort, then submit the spams to spamcop -- or personally go to the upstream providers with individual abuse complaints--- But attempting to bounce spam to likely bogus servers and users is futile, with results about the same as him going outside and pissing into the wind. On Mon, December 20, 2004 8:34 pm, jdow said: Let your boss know that this policy he suggests WILL get him blocked at many sites permanently and spammers will find him such a convenient bounce spam relay that he'll end up on every blacklist in the world.
Re: Spam processing errors
From: Joe Zitnik [EMAIL PROTECTED] I know I saw this in a previous thread, but for the life of me I can not find it. I saw some postings where people were reporting that SA was only processing every other e-mail, or not processing all e-mail. Was this the correct list, and if so, can someone point me to the problem and solution, AND most importantly: Happy Holidays to all on the list. If your SpamAssassin daemon runs with the --max-conn-per-child=N flag edit it so that it does not. That caused me to have email leak through the system without SpamAssassin doing anything about it. (Also edit your /etc/init.d/spamassassin script to place a 5 second or so sleep between the stop and start for the restart: case. That way any old spamd still processing email will have time to terminate before you try to run it again. I discovered this can be a race condition with the new spamd trying to use the still in use socket.) {^_^}
Re: Bayes question
Chuck Campbell wrote: On Mon, Dec 20, 2004 at 12:56:43PM -0600, Steve Bondy wrote: For example, the default score in 2.6.x for BAYES_90 is either 2.454 or 2.101. If that's the only rule you hit, and your threshold is above those numbers, it will come through. But what if you repeatedly learn the message(s) in question as spam? Shouldn't bayes start to give it higher scores? If it becomes a near perfect match, it should get a bayes_99, right? true, but by default BAYES_99 alone still won't mark a message as spam. the default BAYES_99 score is either 4.07 or 1.886, and the default for spam is 5.0. also bayes won't learn the *exact* same message repeatedly. if it's already seen a message it won't process it at all. i'm not sure if it works off the message-id or a hash of the message content. i set BAYES_99 to a very high score for my personal setup, because i have never seen a legit message yet that triggered that rule. -jsd-
Re: Bayes question
On Mon, Dec 20, 2004 at 08:28:45PM -0800, Jon Drukman wrote: also bayes won't learn the *exact* same message repeatedly. if it's already seen a message it won't process it at all. i'm not sure if it works off the message-id or a hash of the message content. Just for clarification, it's a SHA1 hash of several message headers and a section of the body. It's not (anymore) simply the Message-Id header. :) -- Randomly Generated Tagline: Let's start by ... spelling the word correctly... - Roxanne Tisch pgpafp2RNSKY1.pgp Description: PGP signature
70_sare_spoof.cf vis a vis paypal
PayPal seems to have started using PostDirect for their email service. So the PayPal spoof test is breaking, rather dramatically. = Return-Path: [EMAIL PROTECTED] X-Original-To: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] Received: from localhost (XXX [127.0.0.1]) by XXX (Postfix) with ESMTP id BFC7524383 for [EMAIL PROTECTED]; Mon, 20 Dec 2004 20:17:32 -0800 (PST) Status: U Received: from smtp.earthlink.net [207.217.121.213] by localhost with POP3 (fetchmail-6.2.5) for [EMAIL PROTECTED] (single-drop); Mon, 20 Dec 2004 20:17:32 -0800 (PST) Received: from firebird.postdirect.com ([206.165.246.85]) by tanager.mail.pas.earthlink.net (EarthLink SMTP Server) with ESMTP id 1cGBrH60f3NZFmQ0 for [EMAIL PROTECTED]; Mon, 20 Dec 2004 20:16:25 -0800 (PST) Received: from postdirect.com (tiburon.postdirect.com [192.168.24.142]) by firebird.postdirect.com (Postfix) with ESMTP id 116406489589D for [EMAIL PROTECTED]; Mon, 20 Dec 2004 20:16:24 -0800 (PST) DATE: Mon, 20 Dec 2004 20:16:23 PST From: PayPal [EMAIL PROTECTED] Subject: Changes to Winning Buyer Notification Email To: Joanne Dow [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Errors-To: [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: text/html; charset=us-ascii Message-Id: [EMAIL PROTECTED] === (XXX replaces my internal address.) {^_^}
Re: MIT Spam conference
William Stearns [EMAIL PROTECTED] writes: I'll be attending the MIT spam conference this year, Jan 21st, 9-5. Details at http://www.spamconference.org/ . The registration is free, but they suggest an early registration before the conference fills up. Last year, it was awesome to meet up with SpamAssassin developers and other anti-spam folks, but the MIT spam conference itself was disappointing for the second year in a row. It: - was full of poorly reviewed papers of anecdotal information - was unbelievably cold (both inside and outside) - uncomfortable to sit in circa-1965 wood chairs I'd love a chance to meet other people working on spamassassin and surbl. Is anyone else planning on attending? I'd love to meet you and other SURBL/SA people. If you want to attend a peer-reviewed anti-spam conference with heating, a pleasant climate, and comfortable seating, I can definitely recommend CEAS. If you're ever in the SF Bay Area and would like to get together, drop me a line. I've met with Jeff a few times. Daniel -- Daniel Quinlan http://www.pathname.com/~quinlan/
Re: OT Boincing Spam
On Monday, December 20, 2004, 12:49:59 PM, ChupaCabra ChupaCabra wrote: My boss is twisting off today because he got 350 messages marked [SPAM] over the weekend. His Reaction is to Bounce em all, Let the isps sort it out. I tried explaining about forged headers and the myriad of other methods spammers use to look like they come from someplace else. Please don't bounce spams back to the (forged) senders. All that does is create more noise, and it's considered by most to be a poor practice. If you're not already, consider using the RBL sbl-xbl.spamhaus.org at the MTA level. It's quite safe and rejects a lot of spam before it's even seen by SpamAssassin, etc. What SpamAssassin or other anti-spam features are you currently using? SURBLs are quite effective and pretty safe IMO. :-) Jeff C. -- Jeff Chan mailto:[EMAIL PROTECTED] http://www.surbl.org/
Re: [SURBL-Discuss] Re: MIT Spam conference
On Monday, December 20, 2004, 11:34:34 PM, Daniel Quinlan wrote: William Stearns [EMAIL PROTECTED] writes: I'll be attending the MIT spam conference this year, Jan 21st, 9-5. Details at http://www.spamconference.org/ . The registration is free, but they suggest an early registration before the conference fills up. Last year, it was awesome to meet up with SpamAssassin developers and other anti-spam folks, but the MIT spam conference itself was disappointing for the second year in a row. It: - was full of poorly reviewed papers of anecdotal information - was unbelievably cold (both inside and outside) - uncomfortable to sit in circa-1965 wood chairs I'd love a chance to meet other people working on spamassassin and surbl. Is anyone else planning on attending? I'd love to meet you and other SURBL/SA people. If you want to attend a peer-reviewed anti-spam conference with heating, a pleasant climate, and comfortable seating, I can definitely recommend CEAS. If you're ever in the SF Bay Area and would like to get together, drop me a line. I've met with Jeff a few times. Daniel Yes, CEAS was pretty good and it was nice to meet some of the SA and anti-spam folks from around the world. One of the flaws is that it's not strictly focussed on spam, but some of the related topics are at least tangentially interesting. FWIW here's the Call for Papers from CEAS: __ Subject: Conference on Email and Anti-Spam Preliminary Call for Papers Date: Mon, 20 Dec 2004 10:44:43 -0800 From: Joshua Goodman (MicroSoft) To: ceas-announce at lists.Stanford.EDU The Second Conference on Email and Anti-Spam (CEAS) In Cooperation with The International Association for Cryptologic Research and The IEEE Technical Committee on Security and Privacy Preliminary Call for Papers July 21-22, 2005 (Thurs,Fri) Stanford University, Palo Alto, CA http://www.ceas.cc General Conference Chair: Joshua Goodman (Microsoft Research) Program Co-Chairs: *Josh Alspector (AOL) *Tom Fawcett (HP) *Andrew McCallum (UMass) The Conference on Email and Anti-Spam (CEAS) invites the submission of papers for its second meeting. Papers are invited on all aspects of email, instant messaging, cell phone text messaging, and voice over internet protocol (VoIP). This includes spam, spit (spam over internet telephony), spim (spam over instant messenger), phishing and identity theft via messaging, viruses, spyware, etc. including research papers, industry reports, and law and policy papers. Research: Computer science oriented academic-style research Industry: Descriptions of important or innovative products Law, Policy, and Economics: Legal, policy, and economic papers * Research papers include experimental or theoretical, academic-style papers on all aspects of messaging and abuses, including but not limited to: Techniques for stopping email, VoIP and IM spam, including Machine learning techniques Postage techniques Proof-of-work Challenge-response Human Interactive Proofs (or CAPTCHAs) Disposable email addresses Protocols for sender authentication and verification Digital signatures Proof of group membership Role of spam as a malware vector Spam traceback New features for email and messaging systems Automatic foldering of email Categorizing messages Message search Clustering messages Advanced calendaring and scheduling Digital rights management for email and digital messages Public Key Infrastructure for messaging * Industry papers describe products or systems (commercial or open source) and matters of commercial or practical interest. Papers claiming excellent results should include good experimental or theoretical evidence supporting the claims. Example topics include: Industry cooperation for stopping messaging abuse New standards and interoperability For spam, spit, spim filters and authentication For calendaring and scheduling Public key infrastructure for encryption and identity Digital rights management New products, especially those with novel features * Legal, policy and financial papers focus on topics such as What new laws or social institutions are most appropriate for messaging? Legal strategies against spam, phishing, and spyware The CAN-SPAM act and potential FTC regulations International legal approaches What should be done about phishing and other message scams? The economics of spam, spim, spit, phishing The economic effects of per-message charges (postage) Email, IM, VoIP and identity: who should control it? Privacy for email, IM, VoIP, and chat Messaging in the workplace. * In all three areas, submissions closely related to messaging, viruses attached to messages, chat rooms, usenet groups, and mailing lists will be given full consideration. KEY DATES:
Re: MIT Spam conference
Daniel Quinlan wrote: William Stearns [EMAIL PROTECTED] writes: ...snip... If you're ever in the SF Bay Area and would like to get together, drop me a line. I've met with Jeff a few times. if any of you are ever in tokyo, i'd be down for meeting up for drinks or something. alan
relays.visi.com down, how to deactivate a single rbl?
Hi, as some of you may know, relays.visi.com is down since a while now. I wondered what would be the best way to tell SA not to use it any more (to speed up network tests) through local.cf. Is there something like an undefine RCVD_IN_VISI? regards, Jakob
Re: Interesting NW article
Interesting article... Did anyone actually see the 'invite' they talk about??? I didn't see anything on this list, or others. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Jerry Bell wrote: There's a big review of anti-spam products at nw fusion here: http://www.nwfusion.com/reviews/2004/122004spampkg.html?ts Here's a bit on spamassassin: http://www.nwfusion.com/reviews/2004/122004spamside6.html It's a pretty disappointing article. Jerry http://www.syslog.org ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. **
RE: OT Boincing Spam
If you're not already, consider using the RBL sbl-xbl.spamhaus.org at the MTA level. It's quite safe and rejects a lot of spam before it's even seen by SpamAssassin, etc. I'd have to disagree with you Jeff. A lot of the Irish and UK ISP netblocks end up in there as well, so you run a higher risk of FPs if you are not careful. Mr Michele Neylon Blacknight Internet Solutions Ltd Hosting, co-location domains http://www.blacknight.ie/ Tel. +353 59 9137101 http://www.blacknight.ie/specialoffers.html -- Email scanned by Blacknight for viruses and dangerous content. Visit http://www.blacknight.ie for more information
Re: relays.visi.com down, how to deactivate a single rbl?
Martin Hepworth wrote: score RCVD_IN_VISI 0 turns off the rule.. ah, tnx, I should have read the manpage more carefully... btw, I had the wrong rule name, it's score RCVD_IN_RSL 0 According to some postings in news.admin.net-abuse.email, relays.visi.com will not go online again, so it should be taken out in the next SA release...
whitelisting problems
Hi, I use spamd with -c -a -m5 -H -d switches. I have in my global local.cf, whitelist_from [EMAIL PROTECTED] [EMAIL PROTECTED] But still when a client sending mail using the From address as [EMAIL PROTECTED] gets marked as SPAM. The client's IP is in rbl and he is in process of removing it but till then I do want to receive his mails. What is the solution or reason for this behaviour by spamassassin? Cheers, Shantanu --
whitelist_to parametr question
Hi ! I have few users which if the email is spam it has to be delivered to theirs mailboxes. I used whitelist_to parametr but there are some meassages which are blocked. From docs: There are three levels of To-whitelisting, whitelist_to, more_spam_to and all_spam_to. Users in the first level may still get some spammish mails blocked, but users in all_spam_to should never get mail blocked. I would like to know if the string ... should never get mail blocked is true :-) greetz boka
bayes
Hello. I have more than the required 200 spam/200 ham in my bayes db. When I add a spam message with sa-learn should SA now tag as spam, any message that comes in with the same content? Is there a way to reinject the message into the smtp system (I'm using postfix) to see if the message is tagged? Thanks, Rod -- Get Firefox Web Browser at the link below! You won't regret it! http://tinyurl.com/4cqbv
Re: custom rules
Andy Hester wrote: Hello all, Im setting up a new spam gateway with amvisd-new and spamassassin. Where do I need to put custom rules/scoring in order to be used correctly. I would like to use for example rules from sare and weight it so that some things such as the adult rules will be visibly increased. That is if I sent a message to myself from a webmail account with a bunch of sexual content in the subject line I want to see the score jump up in my mail log so I know that the rule is working and that I can tune the scoring. In short I need some info on how/where to use and tweak custom rules. Any tips or help would be greatly appreciated. The SA website www.spamassassin.org might be a good place to look. Particularly http://wiki.apache.org/spamassassin/WhereDoLocalSettingsGo Did you even check the website first? How about the ML archives? -Jim
RE: SA Score
Sorry, I was away from the office unexpectedly. This is what is in my config file minus the quotes: ***SPAM(_SCORE_)*** I typed it in manually before and mistyped it in the email. Any ideas? Thanks much. Scott -Original Message- From: Candee Vaglica [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 14, 2004 1:45 PM To: Johnson, S; users@spamassassin.apache.org Subject: RE: SA Score Are you using rewrite_header Subject SPAM(_SCORE_) Per the upgrade docs? http://svn.apache.org/repos/asf/spamassassin/branches/3.0/UPGRADE From: Johnson, S [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 14, 2004 2:17 PM To: users@spamassassin.apache.org Subject: SA Score I recently upgraded from 2.5 to 3 and am attempting to use the _SCORE_ in the tag. However, when the tag comes back instead of replacing the _SCORE_ with the actual score, it' just ***SPAM***(_SCORE). Any ideas why I'm seeing this? =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Confidentiality Notice If the information in this electronic communication relates to an individual pupil, it is a confidential pupil record under Minnesota Law and may not be reviewed, distributed, or copied by any person other than the individual(s) to whom it is addressed. This electronic communication is intended solely for the use of the individual(s) to whom it is addressed. If you are not the intended recipient, any further review, dissemination, distribution, or copying of this electronic communication or any attachment thereto is strictly prohibited. If you have received an electronic communication in error, you should immediately return it to the sender and delete it from your system. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Confidentiality Notice If the information in this electronic communication relates to an individual pupil, it is a confidential pupil record under Minnesota Law and may not be reviewed, distributed, or copied by any person other than the individual(s) to whom it is addressed. This electronic communication is intended solely for the use of the individual(s) to whom it is addressed. If you are not the intended recipient, any further review, dissemination, distribution, or copying of this electronic communication or any attachment thereto is strictly prohibited. If you have received an electronic communication in error, you should immediately return it to the sender and delete it from your system.
Re: whitelist_to parametr question
At 12:54 PM 12/21/2004 +0100, boka wrote: I have few users which if the email is spam it has to be delivered to theirs mailboxes. I used whitelist_to parametr but there are some meassages which are blocked. From docs: There are three levels of To-whitelisting, whitelist_to, more_spam_to and all_spam_to. Users in the first level may still get some spammish mails blocked, but users in all_spam_to should never get mail blocked. I would like to know if the string ... should never get mail blocked is true :-) all_spam_to provides a -100 point score. That's a pretty hefty nonspam bias, and unless you've been jacking spam rules up into the +30 range, it should be effective. However, beware... SA cannot always determine who the recipient of a message is. It does not get a copy of the envelope, thus it must try to decipher the recipient from the headers alone. If the message is Bcc'ed and your MTA doesn't insert a for [EMAIL PROTECTED] in the received headers, SA will not know who the message is being sent to, and all_spam_to will fail. In general, absolute whitelists are generaly best done by going around SA in the tool that calls SA.. ie: using procmail rules to skip the call. You save CPU time this way too
Interesting spam
I just got a spam with NO url, no address, and no phone number. Looks like a simple throw away account with a sbcglobal drop box: What I found interesting was the opt-out clause at the end :) Which is it? I also like the 'hello' messege in the header. How did the spammer know I was a hottie? ;) Also has anyone seen this header, X-ELNK-Trace: ? Received: from smtpauth01.mail.atl.earthlink.net (smtpauth01.mail.atl.earthlink.net [209.86.89.61]) by moglobal.com (8.12.5/8.12.5) with ESMTP id iBLCrx1E013772 for [EMAIL PROTECTED]; Tue, 21 Dec 2004 07:54:00 -0500 Message-Id: [EMAIL PROTECTED] Received: from [68.125.239.246] (helo=Hottie) by smtpauth01.mail.atl.earthlink.net with asmtp (Exim 4.34) id 1CgjTH-0007s7-Vr for [EMAIL PROTECTED]; Tue, 21 Dec 2004 07:50:36 -0500 From: Stance Schudy [EMAIL PROTECTED] Subject: Exhibit/Portable Display (2005 Annual) Date: Tue, 21 Dec 2004 04:49:48 -0800 MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 X-ELNK-Trace: 954d4e9e704f8cded780f4a490ca69563f9fea00a6dd62bc2e1e1acf247da42f608c01fdd6af 818b350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c X-Originating-IP: 68.125.239.246 DIRECTOR OF MARKETING: Hi. My name is Stance Schudy, director of client services for Budget Displays; who specializes in Portable Exhibits and Modular Displays. I have emailed you today to ask your permission to email or mail you a Partial Portfolio on our Design and Fabrications Capabilities of: · Portable Displays (Pop-Ups) · Custom Modular Exhibits · Rental Exhibits We will include full color photos of recent Custom Exhibits; Displays; Pop-up's; Museums; Graphics; Signage; and Kiosks that Budget Displays has both designed and produced. If you could please respond to this email letting me know if it is ok for me to forward our Partial Portfolio, I would greatly appreciate it. I wish you the very best and thank you for your consideration. Best regards, Stance Schudy Budget Displays, Inc. *to opt-out or accept information please reply Chris Santerre System Admin and SARE/SURBL Ninja http://www.rulesemporium.com http://www.surbl.org 'It is not the strongest of the species that survives, not the most intelligent, but the one most responsive to change.' Charles Darwin
Re: Interesting spam
At 11:05 AM 12/21/2004, Chris Santerre wrote: Also has anyone seen this header, X-ELNK-Trace: ? Google is your friend: http://www.google.com/search?hl=enq=%22X-ELNK-Trace%22btnG=Google+Search Appears to be a header added by the ISP earthlink.net.
Re: Interesting NW article
Gary W. Smith wrote: The article mentions that they reached out to the SA community to request submission. Which community did they read out to? I would have been glad to throw an environment together just for their testing purposes. I also wonder how many vendors on that list use SA as a backend to their custom scripts. Gary -Original Message- From: Jerry Bell [mailto:[EMAIL PROTECTED] Sent: Monday, December 20, 2004 7:42 AM To: users@spamassassin.apache.org Subject: Interesting NW article There's a big review of anti-spam products at nw fusion here: http://www.nwfusion.com/reviews/2004/122004spampkg.html?ts Here's a bit on spamassassin: http://www.nwfusion.com/reviews/2004/122004spamside6.html It's a pretty disappointing article. Jerry http://www.syslog.org It wouldnt have been difficult for the author/testers to submit a message to this list and ask for suggestions/help/comments/etc. Did anyone see such a message? I didnt. Perhaps we should send a message to the author why this wasnt done and exactly what community they attempted to contact. For all that wish to do so, the authors address is [EMAIL PROTECTED] One would think the easiest way to reach out to the SA community would be the SA mailing list. Aparently they thought otherwise. -Jim
Re: Interesting NW article
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am Montag, 20. Dezember 2004 16:41 schrieb Jerry Bell: There's a big review of anti-spam products at nw fusion here: http://www.nwfusion.com/reviews/2004/122004spampkg.html?ts Here's a bit on spamassassin: http://www.nwfusion.com/reviews/2004/122004spamside6.html It's a pretty disappointing article. Jerry http://www.syslog.org I agree that a lot in this article about spamassassin is bs. Nou but. I'm using SA since a few days and had no problems. I bought a book from O'Reiley about SA and had not trouble in upgrading from 2.6.4 to 3.01 and now 3.0.2. Rule writing is not very difficult, so I'm writing my own rules and for mails which still got through. But I'm not near at 100%. Some mails are flagged as spam because of sorted recipients but after lowering the score or whitelisting the sender in procmailrc this is solved. My opinion is that SA is easy to use and integrate. Thomas - -- icq:133073900 aim:tawhv -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) iD8DBQFByGAtHe2ZLU3NgHsRArqUAJwNsmgf2QwbbmkhRAebMN+1BMu2EACfdDAG o7wgGnGYOkYt+RBphjxa9pg= =TB7g -END PGP SIGNATURE-
Re: bayes
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am Dienstag, 21. Dezember 2004 14:06 schrieb Rodney Green: Hello. I have more than the required 200 spam/200 ham in my bayes db. When I add a spam message with sa-learn should SA now tag as spam, any message that comes in with the same content? Is there a way to reinject the message into the smtp system (I'm using postfix) to see if the message is tagged? Thanks, Rod Hello, 1. The classification as spam depends on many rules . bayes is one rule but normaly the score is 4.1 or lower. Default for spam is 5.0. So additional rules must apply to get a score above 5.0. 2. To test how the message is tagged after learning you don't need postfix. Just save it and run spamassassin path-to-saved-message or spamc path-to-saved-message 3. If you have AWL enabled then you will see a report that the sender is in the AWL and the score maybe lowered. Look in the WiKi for an eplanation. Thomas - -- icq:133073900 aim:tawhv -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) iD8DBQFByGQGHe2ZLU3NgHsRAq4AAJ9Hm5jxcF0ojepfpeP65RIJi1LHxQCfaCEi +D5OpNgb+LdVrxX2kKcN2vo= =T5F4 -END PGP SIGNATURE-
Re: Interesting NW article
While I don't actually use SA, I recently subscribed to the SA list because I recognize SA as a leading product and I like to get ideas from this list. Also, I understand (and agree with) the frustration on the part of those here who think that SA should have had better inclusion and coverage in the NW article. However, OTHERWISE, it was a good article. I was curious about some OTHER things in the article and I e-mailed some questions and he replied back with very helpful and candid answers. One thing that he mentioned is that a large portion of the FPs from this testing fit into two categories: (1) bounced virus messages... I presume that he meant situations where a virus joe jobed someone and the person received a warning about sending a virus that was actually sent from another person's computer? (2) List messages... Google Groups... etc. I think that the list messages can be troublesome because so much gets mentioned throughout and because the e-mail address of participants get scattered thoughout the list... perhaps (also) some of the domains of these e-mail address may be actually spammers' domains? I'm going to start separate thread on these two types of FPs to see if anyone has any ideas... it kinda gets off topic to discuss these on this thread. But, nevertheless, try to cut the poor guy some slack. Nobody is perfect and, like I said, I found him to be very competent and helpful. Rob McEwen
whitelisting lists
RE: whitelisting lists Does anyone have suggestions about whitelisting messages from lists. I know that a lot of FPs come from List messages getting blocked (for a number of reaons). Also, there is obviously no way to whitelist ALL lists. However, I was thinking that maybe there is a way to whitelist the leading, most frequently used groups. Of course, it would have to be a ruleset which checks a number of factors to ensure that it doesn't get tricked into whitelisting a clever spam message impersonating a list. Rob McEwen
RE: Interesting NW article
I just got an email back from Joel. At least he is responsive. Apparently he did reach out and touch the community. He apparent asked the core development team. Unfortunately it was a narrow vision community skipping everyone else. But there isn't much more that can be done about it now. Gary -Original Message- From: Jim Maul [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 21, 2004 9:16 AM To: Gary W. Smith Cc: Jerry Bell; users@spamassassin.apache.org Subject: Re: Interesting NW article Gary W. Smith wrote: The article mentions that they reached out to the SA community to request submission. Which community did they read out to? I would have been glad to throw an environment together just for their testing purposes. I also wonder how many vendors on that list use SA as a backend to their custom scripts. Gary -Original Message- From: Jerry Bell [mailto:[EMAIL PROTECTED] Sent: Monday, December 20, 2004 7:42 AM To: users@spamassassin.apache.org Subject: Interesting NW article There's a big review of anti-spam products at nw fusion here: http://www.nwfusion.com/reviews/2004/122004spampkg.html?ts Here's a bit on spamassassin: http://www.nwfusion.com/reviews/2004/122004spamside6.html It's a pretty disappointing article. Jerry http://www.syslog.org It wouldnt have been difficult for the author/testers to submit a message to this list and ask for suggestions/help/comments/etc. Did anyone see such a message? I didnt. Perhaps we should send a message to the author why this wasnt done and exactly what community they attempted to contact. For all that wish to do so, the authors address is [EMAIL PROTECTED] One would think the easiest way to reach out to the SA community would be the SA mailing list. Aparently they thought otherwise. -Jim
Re: Interesting NW article
Here is the thread. The word very should have been underlined and bolded, but the mail ready seemed to change it to clear text. I know there are more than 15, but I was just mentioning the very active ones such as Theo and Chris. I know I'm less active (more or less lurching now a days... Gary -Original Message- From: Joel M Snyder [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 21, 2004 10:26 AM To: Gary W. Smith Cc: Joel M Snyder; Keith Shaw Subject: Re: reach out to the SA community Gary: OK. What we need to do is figure out how to handle the 'tool-based' approach of the open source world in comparison to the 'packaged solution' in the commercial world. This is really the heart of the issue that no magazine has been able to successfully resolve. It has been difficult in the past to have good discussions on this topic because of the fairly idiosyncratic nature of the personalities involved. But it is clear that this is a very important thing to our readers and I'd welcome some way to have a reasoned discussion on the topic. I think that both the open source user community and the enterprise network managers that we write for would find some benefits. What do you suggest would be a good path forward? jms Gary W. Smith wrote: Joel, I'm fairly active in the SA users community. There are a group of about 15 very active people on the list that help out any others. Many of use have been using SA in large production environments for a couple years now. users@spamassassin.apache.org I am not directly involved in the core development but rather we are core users. Gary Smith -Original Message- From: Joel M Snyder [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 21, 2004 9:59 AM To: Gary W. Smith; Keith Shaw Subject: Re: reach out to the SA community Gary: Thanks for the note. I got a note yesterday from Daniel Quinlan asking to talk about this as well. I'm trying to schedule a call with him. I assume that you know him? Anyway, once we get a time, we can try and get you on it as well. Keith Shaw handled all the invites, so he would know more about it than I. Maybe you and Daniel can figure out a good time to talk? In terms of ruled out, that would be very untrue. We looked at 36 products, and several of them have SpamAssassin inside, both in Windows and Unix variants. So the filtering of the product was well represented by vendors who have commercialized SpamAssassin. Plus, of course, there are vendors who have SpamAssassin inside that didn't choose to disclose that. jms Gary W. Smith wrote: In reference to http://www.nwfusion.com/reviews/2004/122004spamside6.html, which community did you reach out to? We have a very active list of users and developers and none of them were ever requested to participate in such tests. Many people on the list believe that you have ruled out a significant piece of software. Gary Smith -- Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719 Phone: +1 520 324 0494 (voice) +1 520 324 0495 (FAX) [EMAIL PROTECTED]http://www.opus1.com/jmsOpus One -- Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719 Phone: +1 520 324 0494 (voice) +1 520 324 0495 (FAX) [EMAIL PROTECTED]http://www.opus1.com/jmsOpus One
RE: Interesting NW article
-Original Message- From: Gary W. Smith [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 21, 2004 1:34 PM To: users@spamassassin.apache.org Subject: Re: Interesting NW article Here is the thread. The word very should have been underlined and bolded, but the mail ready seemed to change it to clear text. I know there are more than 15, but I was just mentioning the very active ones such as Theo and Chris. I know I'm less active (more or less lurching now a days... I hope you don't mean me :) I'm not a core dev. I just annoy them ;) I help SA thru a different means. Perhaps after having a beer with DQ I can work closer with them. I'm testing things for SA outside of the dev structure. If it pans out, one of the SARE ninjas will submit it. It anables us to give the devs some beta, rather then alpha material. Also I am more of a go between on many antispam projects. Devs don't always have time to be involved in other things. So with SARE's help, we can give them some of the best ideas from other projects. This whole thread seems kind of Deja Vu. I remember having almost the exact same conversation on another similar report was done, and completely left out SA. Almost always, including printed reviews, they say the same thing about SA. When the authors are contacted they also say similiar things like, We had no time to test, Its not really a commercial product., ect That gets real old, real fast. :) Managment still considers open source software to not be good enough. They want to waste money to get a box and a phone number. Chris Santerre System Admin and SARE/SURBL Ninja http://www.rulesemporium.com http://www.surbl.org 'It is not the strongest of the species that survives, not the most intelligent, but the one most responsive to change.' Charles Darwin
Re: Interesting NW article
On Tue, Dec 21, 2004 at 02:09:47PM -0500, Chris Santerre wrote: Managment still considers open source software to not be good enough. They want to waste money to get a box and a phone number. If that's all it takes, I can put something in a box and ship it to them. *grin* Michael pgp1F7nIBqwSL.pgp Description: PGP signature
[OT] Making two machines talk to one another
Hello, I am attempting to offload SA to a machine that is not my main MX server. I have two machines, two NIC cards and a crossover cable, but after that I get very lost. I believe there should be a way to make them aware of one another using this direct connection w/out the need for DHCP or a router but I have no idea how to set this up. Can someone offer advice or point me in the direction of where I should be looking, reading, asking? many thanks! __ Do you Yahoo!? Yahoo! Mail - You care about security. So do we. http://promotions.yahoo.com/new_mail
RE: OT Boincing Spam
-Original Message- From: ChupaCabra [mailto:[EMAIL PROTECTED] First he wanted that. I did it but actually kept em all. So then his partner didn't get an urgent email so it was turned back to the users to decide. I get a different kneejerk each week. What fun dealing with an 80 yo ex military man. This am it was Lets spambomb every isp that sends spam and maybe *they* will do something about it. And screw the rest of the world too. America owns the internet. Fsck Em, they would all die without the american economy, etc. Boy you guys are all missing it. He needs to put it in terms his boss understands. Tell him it is like hearing shots fired and putting surpressive fire on the area without determining WHO is actually firing! He's looking at an internet courtmartial, for failing to act calm under fire. --4 Star Major of antispam, Chris
Unsubscribe?
I've been over-ruled by those who pay the bills, so I can't use SpamAssassin since it's open source How do I unsubscribe from the lists? Thank-you!
Problem with ClamAV plugin.
Hi. I'm running CGPSA 1.4f4 under Communigate 4.2.7 and SpamAssassin 3.0.1. I've installed ClamAV 0.8 and the SpamAssassin ClamAV plugin as described here: http://wiki.apache.org/spamassassin/ClamAVPlugin I get the following error in my mail headers: X-Spam-Virus: Error (Cannot connect to 'localhost:3310': IO::Socket::INET: connect: Invalid argument) I know SpamAssassin is working fine, Clamscan works for files. My testing server is behind a firewall and has no firewall of its own so port 3310 is open. Any suggestions would be appreciated! Cameron .:. -- Cameron Bales .:. www.bales.ca [EMAIL PROTECTED] [EMAIL PROTECTED]
RE: Unsubscribe?
From the headers of every message sent through the mailing list: list-help: mailto:[EMAIL PROTECTED] list-unsubscribe: mailto:[EMAIL PROTECTED] list-post: mailto:users@spamassassin.apache.org -Original Message- From: William Holman [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 21, 2004 1:08 PM To: users@spamassassin.apache.org Subject: Unsubscribe? I've been over-ruled by those who pay the bills, so I can't use SpamAssassin since it's open source How do I unsubscribe from the lists? Thank-you!
RE: Unsubscribe?
-Original Message- From: William Holman [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 21, 2004 3:08 PM To: users@spamassassin.apache.org Subject: Unsubscribe? I've been over-ruled by those who pay the bills, so I can't use SpamAssassin since it's open source Anyone else not surprised, but completely aggravated by this statement? They are most likely going to go pay for a package that is SA in the background anyway. Good luck William! --Chris
Re: Unsubscribe?
Chris Santerre wrote: -Original Message- From: William Holman [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 21, 2004 3:08 PM To: users@spamassassin.apache.org Subject: Unsubscribe? I've been over-ruled by those who pay the bills, so I can't use SpamAssassin since it's open source Anyone else not surprised, but completely aggravated by this statement? They are most likely going to go pay for a package that is SA in the background anyway. Good luck William! Good luck indeed. All i can say is when i installed an anti-spam program on our email server and my bosses inbox was spam free they were delighted beyond belief. When i told them it was all free they nearly fell over. I got a raise 3 days later. Maybe you should be looking for another job ;) -Jim
RE: Unsubscribe?
Anyone else not surprised, but completely aggravated by this statement? They are most likely going to go pay for a package that is SA in the background anyway. Good luck William! --Chris Actually SA was the one that has given us more ammo to use open source. Our management saw how good it performed and when we told them the cost vs the existing product they started allowing use to look at more products, i.e. amavisd-new and clamav Martin.
RE: Unsubscribe?
If I understand you Mail Address correct aren't the Tax Payers the ones paying the bills. While I don't live in your County or State I would have to wonder why the people you work for NEED to spend the taxpayers money on something they already have for free. Don't they have a better way of spending the money like maybe on Education, Law Enforcement, EMS Services, or Fire Services... Just a thought!! Regards, Pete Peter P. Benac, CCNA Celtic Spirit Network Solutions Providing Network and Systems Project Management and Installation and Web Hosting. Phone: 919-618-2557 Web: http://www.emacolet.com Need quick reliable Systems or Network Management advice visit http://www.nmsusers.org To have principles... First have courage.. With principles comes integrity!!! -Original Message- From: William Holman [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 21, 2004 15:08 To: users@spamassassin.apache.org Subject: Unsubscribe? I've been over-ruled by those who pay the bills, so I can't use SpamAssassin since it's open source How do I unsubscribe from the lists? Thank-you!
RE: Unsubscribe?
Happens all the time at all levels of gov't. And maybe worse with DOD stuff. I've worked with small government and DOD contractors. When it comes to Perl v. $30,000 the $30,000 wins. Or MySQL v. Microsofts SQL Server... Microsoft wins. A combination of not my money, and nobody wanting to put their neck out to make a decision. Easier to write the million-dollar checks and forget about it... Very troubling. Sorry to venture further into the OT... :-) But, as a programmer who primarily works to integrate top-heavy, kludgy and expensive products... it's disheartening to say the least. Andy At 02:32 pm 2004-12-21, Peter P. Benac wrote: If I understand you Mail Address correct aren't the Tax Payers the ones paying the bills. While I don't live in your County or State I would have to wonder why the people you work for NEED to spend the taxpayers money on something they already have for free. Don't they have a better way of spending the money like maybe on Education, Law Enforcement, EMS Services, or Fire Services... Just a thought!! Regards, Pete Peter P. Benac, CCNA Celtic Spirit Network Solutions Providing Network and Systems Project Management and Installation and Web Hosting. Phone: 919-618-2557 Web: http://www.emacolet.com Need quick reliable Systems or Network Management advice visit http://www.nmsusers.org To have principles... First have courage.. With principles comes integrity!!! -Original Message- From: William Holman [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 21, 2004 15:08 To: users@spamassassin.apache.org Subject: Unsubscribe? I've been over-ruled by those who pay the bills, so I can't use SpamAssassin since it's open source How do I unsubscribe from the lists? Thank-you!
Re: Unsubscribe?
Good afternoon, William, On Tue, 21 Dec 2004, William Holman wrote: I've been over-ruled by those who pay the bills, so I can't use SpamAssassin since it's open source In all sincerity, why not recommend McAfee SpamKiller? It's commercial, I'm sure it has paid support available, all the things you'd want from a commercial product. Oh, and I think some guy named Justin something-or-other works there. ;-) You can decide if you want to mention what software runs it or not. In your shoes I'd grin quietly and praise my superiors for making such an _excellent_ technology choice. For full disclosure, I have no finacial ties to McAfee (although there's some early discussion that they and the sa-blacklist/surbl project may help each other in the future). Cheers, - Bill --- Eagles may soar, high and proud, but weasels don't get sucked into jet engines. (Courtesy of Mike Andrews [EMAIL PROTECTED]) -- William Stearns ([EMAIL PROTECTED]). Mason, Buildkernel, freedups, p0f, rsync-backup, ssh-keyinstall, dns-check, more at: http://www.stearns.org --
Re: Unsubscribe?
I know what you mean Pete, I work for a public school system, and it is a major fight whenever I introduce an OpenSource solution. By using OpenSource solutions, I have provided better solutions to problems, and saved much money. But, it has not been easy, and there have been few, if any thanks. Shane - Original Message - From: Peter P. Benac [EMAIL PROTECTED] To: 'William Holman' [EMAIL PROTECTED]; users@spamassassin.apache.org Sent: Tuesday, December 21, 2004 3:32 PM Subject: RE: Unsubscribe? If I understand you Mail Address correct aren't the Tax Payers the ones paying the bills. While I don't live in your County or State I would have to wonder why the people you work for NEED to spend the taxpayers money on something they already have for free. Don't they have a better way of spending the money like maybe on Education, Law Enforcement, EMS Services, or Fire Services... Just a thought!! Regards, Pete Peter P. Benac, CCNA Celtic Spirit Network Solutions Providing Network and Systems Project Management and Installation and Web Hosting. Phone: 919-618-2557 Web: http://www.emacolet.com Need quick reliable Systems or Network Management advice visit http://www.nmsusers.org To have principles... First have courage.. With principles comes integrity!!! -Original Message- From: William Holman [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 21, 2004 15:08 To: users@spamassassin.apache.org Subject: Unsubscribe? I've been over-ruled by those who pay the bills, so I can't use SpamAssassin since it's open source How do I unsubscribe from the lists? Thank-you!
Invalid local.cf options
There was a discussion a little while back (couple weeks at most) where a lot of people were having problems with SA not working properly and the culprit was invalid options in local.cf. Particularly auto_learn instead of bayes_auto_learn. I forget who, but someone asked if there was a program or something that people were using to generate this invalid option. A link was posted to the website which generates this. As it turns out, taking a look at the SA website just a few minutes ago, i found a link to this site as well. Perhaps this should be removed from the SA website as it causes more harm than good. On http://spamassassin.apache.org/downloads.cgi it says Other stuff regarding released versions Michael Moncur has written a very good configuration tool which will generate a local.cf or user_prefs file for you, once you fill out a few simple questions. configuration tool links to the website in question. -Jim
Re: Unsubscribe?
Yes... God forbid that you wouldn't have to pay a bill. Those bill payers would be out of work. Be sure to let us all know what company you work for so that we can divest our stock as soon as possible ;-) RO - Original Message - From: William Holman [EMAIL PROTECTED] To: users@spamassassin.apache.org Sent: Tuesday, December 21, 2004 12:08 PM Subject: Unsubscribe? I've been over-ruled by those who pay the bills, so I can't use SpamAssassin since it's open source How do I unsubscribe from the lists? Thank-you!
RE: Unsubscribe?
-Original Message- From: shane mullins [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 21, 2004 3:52 PM To: Peter P. Benac Cc: users@spamassassin.apache.org Subject: Re: Unsubscribe? I know what you mean Pete, I work for a public school system, and it is a major fight whenever I introduce an OpenSource solution. By using OpenSource solutions, I have provided better solutions to problems, and saved much money. But, it has not been easy, and there have been few, if any thanks. I completely rearranged, secured, web hosted, VPN, and antispam'd the company using all opensource. Thanks I get? I got a spam this morning, WTF are you doing? - President. Yes you read correctly... 'a spam'. It was tagged as spam, but he 'got it' still. :/ Oh the other thanks, Why can't I connect into the internal system from any hotel using my AOL account? I want to do that. Other companies do that. Budget for doing all this work... $0. Hardware.$Old_systems. Less headaches from being more secure and less spam..$Priceless. --Chris (I feel your pain.)
RE: Unsubscribe?
Ironically, that's one thing that Joel said in his email (regarding some of the venders using SA). It's got to be said. Dude, tell your management that they are stupid and if they still need help we can offer the clueX4 to assist in their learning... This was just referenced only 7 emails ago. Go with commercial then (that way you can feel better about yourself knowing that you purchased an open source product from a vender that is paying no royalties for it). In terms of ruled out, that would be very untrue. We looked at 36 products, and several of them have SpamAssassin inside, both in Argh...
spamass-milter vs user_prefs
I'm trying to get spamass-milter with user_prefs to work, the only solution what i found yet is to use a global user_prefs with the spamd virtual-config-dir option. Is there a configuration possible which allows individual user_prefs with spamass-milter ? go
Re: [OT] Making two machines talk to one another
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am Dienstag, 21. Dezember 2004 20:43 schrieb email builder: Hello, I am attempting to offload SA to a machine that is not my main MX server. I have two machines, two NIC cards and a crossover cable, but after that I get very lost. I believe there should be a way to make them aware of one another using this direct connection w/out the need for DHCP or a router but I have no idea how to set this up. Can someone offer advice or point me in the direction of where I should be looking, reading, asking? If I understand you right, you want to the checking on another machine? Look for spamd / spamc the spamassassin daemon and client. Thomas - -- icq:133073900 aim:tawhv -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) iD8DBQFByJ4EHe2ZLU3NgHsRAvINAJ9Jh2txDA3nhKALZpLgYGT03DNT2QCeOFQI VVTgwE5gJnOvSssV4J3fCjs= =rMEf -END PGP SIGNATURE-
Re: whitelist_to parametr question
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am Dienstag, 21. Dezember 2004 12:54 schrieb boka: Hi ! I have few users which if the email is spam it has to be delivered to theirs mailboxes. I used whitelist_to parametr but there are some meassages which are blocked. From docs: There are three levels of To-whitelisting, whitelist_to, more_spam_to and all_spam_to. Users in the first level may still get some spammish mails blocked, but users in all_spam_to should never get mail blocked. I would like to know if the string ... should never get mail blocked is true :-) I send the GTUBE test message to myself and added my address to whitelist_to and .._from This is the report: .. Content analysis details: (889.6 points, 5.0 required) pts rule name description - -- -- - -100 USER_IN_WHITELIST From: address is in the user's white-list - -6.0 USER_IN_WHITELIST_TO User is listed in 'whitelist_to' - -2.9 ALL_TRUSTEDDid not pass through any untrusted hosts 1000 GTUBE BODY: Generic Test for Unsolicited Bulk Email - -1.7 BAYES_00 BODY: Bayesian spam probability is 0 to 1% [score: 0.0004] 0.1 AWLAWL: From: address is in the auto white-list You can see that the whitelisting gives only a high negative score, which may not be high enough. Try all_spam_to for yourself to see the efect. Best regards Thomas - -- icq:133073900 aim:tawhv -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) iD8DBQFByKdMHe2ZLU3NgHsRAnBsAJkBtJORMLMVuzNfeExbhsmysdrg2wCfadAX DaS3Aw2eHoBurXQ84nir+2o= =K7IQ -END PGP SIGNATURE-
Re: whitelist_to parametr question
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am Dienstag, 21. Dezember 2004 23:44 schrieb Thomas Arend: Am Dienstag, 21. Dezember 2004 12:54 schrieb boka: Hi ! I have few users which if the email is spam it has to be delivered to theirs mailboxes. I used whitelist_to parametr but there are some meassages which are blocked. From docs: There are three levels of To-whitelisting, whitelist_to, more_spam_to and all_spam_to. Users in the first level may still get some spammish mails blocked, but users in all_spam_to should never get mail blocked. I would like to know if the string ... should never get mail blocked is true :-) I send the GTUBE test message to myself and added my address to whitelist_to and .._from This is the report: .. Content analysis details: (889.6 points, 5.0 required) pts rule name description -- -- -100 USER_IN_WHITELIST From: address is in the user's white-list -6.0 USER_IN_WHITELIST_TO User is listed in 'whitelist_to' -2.9 ALL_TRUSTEDDid not pass through any untrusted hosts 1000 GTUBE BODY: Generic Test for Unsolicited Bulk Email -1.7 BAYES_00 BODY: Bayesian spam probability is 0 to 1% [score: 0.0004] 0.1 AWLAWL: From: address is in the auto white-list You can see that the whitelisting gives only a high negative score, which may not be high enough. Try all_spam_to for yourself to see the efect. Here are the scores for 3.0.x which explain the meaning of ... should never get mail blocked header From: address is in the auto white-listAWL1 header From: address is in the user's black-listUSER_IN_BLACKLIST 100.000 header From: address is in the user's white-listUSER_IN_WHITELIST -100.000 header From: address is in the default white-list USER_IN_DEF_WHITELIST -15.000 header User is listed in 'blacklist_to' USER_IN_BLACKLIST_TO10.000 header User is listed in 'whitelist_to' USER_IN_WHITELIST_TO-6.000 header User is listed in 'more_spam_to' USER_IN_MORE_SPAM_TO-20.000 header User is listed in 'all_spam_to' USER_IN_ALL_SPAM_TO -100.000 Best regards Thomas - -- icq:133073900 aim:tawhv -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) iD8DBQFByKomHe2ZLU3NgHsRAignAJ9RRNj5Mh7yGRjlYZFfDf9DuHCffACfXjp2 +iNWDJDbB9QcLh7wLozVoXQ= =9fuy -END PGP SIGNATURE-
Re: Unsubscribe?
William Holman wrote: I've been over-ruled by those who pay the bills, so I can't use SpamAssassin since it's open source How do I unsubscribe from the lists? Thank-you! I have an anti-spam product I, ah, we, ah, my COMPANY, (yeah, that's the ticket) call Snowjack Scanner which is at least as effective as any other... commercial solution. It has a Bayes filter, score averaging by sender, whitelisting capabilities, many effective individual rules which are weighted by genetic algorithm, and the ability to incorporate information from RBL and SURBL lookups. For only $5000, much less than many competing commercial solutions, I will send you this amazing package as soon as I can gimp a logo and slap it on a CD. I'll even set it up to auto-install on a bare-bones PC, with automated security updates, and for only $200 per hour I... uh, one of our CONSULTANTS... will help you integrate it into your mail systems. -- Snowjack Consulting Services Inc. LLC. TBS. OMFG.
Re: Unsubscribe?
Oh good! Can I buy a service contract too? Hopefully it's priced per spam! RO - Original Message - From: snowjack [EMAIL PROTECTED] To: users@spamassassin.apache.org Sent: Tuesday, December 21, 2004 3:09 PM Subject: Re: Unsubscribe? William Holman wrote: I've been over-ruled by those who pay the bills, so I can't use SpamAssassin since it's open source How do I unsubscribe from the lists? Thank-you! I have an anti-spam product I, ah, we, ah, my COMPANY, (yeah, that's the ticket) call Snowjack Scanner which is at least as effective as any other... commercial solution. It has a Bayes filter, score averaging by sender, whitelisting capabilities, many effective individual rules which are weighted by genetic algorithm, and the ability to incorporate information from RBL and SURBL lookups. For only $5000, much less than many competing commercial solutions, I will send you this amazing package as soon as I can gimp a logo and slap it on a CD. I'll even set it up to auto-install on a bare-bones PC, with automated security updates, and for only $200 per hour I... uh, one of our CONSULTANTS... will help you integrate it into your mail systems. -- Snowjack Consulting Services Inc. LLC. TBS. OMFG.
Re: Unsubscribe?
snowjack wrote: I have an anti-spam product I, ah, we, ah, my COMPANY, (yeah, that's the ticket) call Snowjack Scanner which is at least as effective as any other... commercial solution. It has a Bayes filter, score averaging by sender, whitelisting capabilities, many effective individual rules which are weighted by genetic algorithm, and the ability to incorporate information from RBL and SURBL lookups. For only $5000, much less than many competing commercial solutions, I will send you this amazing package as soon as I can gimp a logo and slap it on a CD. I'll even set it up to auto-install on a bare-bones PC, with automated security updates, and for only $200 per hour I... uh, one of our CONSULTANTS... will help you integrate it into your mail systems. -- Snowjack Consulting Services Inc. LLC. TBS. OMFG. reply to self alertFor the humor-impaired, that was a joke. OMFG./alert /reply
Re: Unsubscribe?
My company is very cheap in the products it buys, some of the commercial products we have are HORRIBLE (read: Microsoft office and alpine view.) However, since they are so cheap, I can offer one commercial product verses an open sourced one, and it will always win. Cheap = good? Not really. Open source = good? oh yes :-D Many managers look at the TCO and don't realize you will still need to train/maintain that DB of tokens for bayes either way. TCO is definitely much lower with open source in may ways. But they can slap a price sticker on support and try to enforce the support vendor on their 'word' that they will provide 'cost equivalent support.' In an OT, They just recently upgraded the support contract with Dell for another year for 600USD on a server that is only worth 500USD. Pick your battles is all I need say :D That commercial product will cost more than spamassassin. It is a shame however, that your state taxpayers will pickup the bill. (in another note, my city has swapped all their mail/db/GIS servers to open source recently, saving the city millions of dollars a year.) Good luck in your adventures (was where you were at.) Thanks, JamesDR Gary W. Smith wrote: Ironically, that's one thing that Joel said in his email (regarding some of the venders using SA). It's got to be said. Dude, tell your management that they are stupid and if they still need help we can offer the clueX4 to assist in their learning... This was just referenced only 7 emails ago. Go with commercial then (that way you can feel better about yourself knowing that you purchased an open source product from a vender that is paying no royalties for it). In terms of ruled out, that would be very untrue. We looked at 36 products, and several of them have SpamAssassin inside, both in Argh... smime.p7s Description: S/MIME Cryptographic Signature