Re: can Pyzor run localy?
Stuart Johnston [EMAIL PROTECTED] wrote: Alan Shine wrote: Hi, I have a few questuions regrding the benefit/use of SA fatures. 1. Can Pyzord run localy as SURBL does with rbldnsd (check the message with local repository, not with the Pyzor web servers) ?See: http://pyzor.sourceforge.net/Since the entire system is released under the GPL, people are free to host their own independent servers. Server peering is planned for a future release.What I meant in my first question is: dnsrbld can import localy the zone files - via rsync, can pyzord do the same? - I already understood that pyzord can be installed any where, but can it import the signature files localy? 2.I would like to activate more features to SA (I currently use only SARE rules). We are considering SURBL, DCC and Pyzor. My question is - what are the preferable features that I can add to SA, that will result in better spam identification, and that will cost the lowest in performance time?Probably SURBL but if you are going to enable network tests it is best to have as many activated as possible from the start.http://wiki.apache.org/spamassassin/SingleUserUnixInstall __Do You Yahoo!?Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: can Pyzor run localy?
Stuart Johnston [EMAIL PROTECTED] wrote: Alan Shine wrote: Hi, I have a few questuions regrding the benefit/use of SA fatures. 1. Can Pyzord run localy as SURBL does with rbldnsd (check the message with local repository, not with the Pyzor web servers) ?See: http://pyzor.sourceforge.net/Since the entire system is released under the GPL, people are free to host their own independent servers. Server peering is planned for a future release.What I meant in my first question is: dnsrbld can import localy the zone files - via rsync, can pyzord do the same? - I already understood that pyzord can be installed any where, but can it import the signature files localy? 2.I would like to activate more features to SA (I currently use only SARE rules). We are considering SURBL, DCC and Pyzor. My question is - what are the preferable features that I can add to SA, that will result in better spam identification, and that will cost the lowest in performance time?Probably SURBL but if you are going to enable network tests it is best to have as many activated as possible from the start.http://wiki.apache.org/spamassassin/SingleUserUnixInstall __Do You Yahoo!?Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
sa-learn question
Dear all, I have a question regarding sa-learn and SPAM messages that were passed through SA. My setup: SA 3.0.2 used with qmail-scanner 1.25. There are some spam messages being not blocked by SA so as far as I understood I can teach Bayes to learn them? But is it worth to feed sa-learn with junk messages that already have headers modified? For example I received a junk message, SA checked it and passed through adding the following info to header: X-Spam-Status: No, hits=3.2 required=3.5 X-Spam-Level: +++ X-Spam-Report: SA TESTS 0.0 HTML_MESSAGE BODY: HTML included in message 0.1 RAZOR2_CF_RANGE_51_100 BODY: Razor2 gives confidence level above 50% [cf: 100] 0.2 HTML_10_20 BODY: Message is 10% to 20% HTML 0.2 MIME_HTML_ONLY BODY: Message only has text/html MIME parts -2.0 BAYES_20 BODY: Bayesian spam probability is 5 to 20% [score: 0.1392] 1.5 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/) 0.1 RCVD_IN_SBL RBL: Received via a relay in Spamhaus SBL [222.64.182.119 listed in sbl-xbl.spamhaus.org] 3.1 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL [222.64.182.119 listed in sbl-xbl.spamhaus.org] Can I feed this message to sa-learn identifying it as SPAM? Thank you for your time. Roman
Re: spam goes trough
I had the a problem with your below listed stock spam and others, most of them
also have a 'price' and a 'symbl' in the body. found the following rule
works well enough...even though it's pretty ugly
header __XMStockSGen Subject =~
/(?:[i|!1l]\W*(?:n|\|\\\|)\W*(?:v|\\\/)\W*[e3]\W*[5s\$]\W*[t7]|[e3]\W*q\W*[uy]\W*[i|!1l]\W*[t7]\W*y|[5s\$]\W*[t7]\W*(?:o|0|\(\))\W*[c(]\W*(?:k|\|\)|[EMAIL
PROTECTED](?:[e3]|[i|!1l]\W*(?:n|\|\\\|)\W*g)|[c(]\W*(?:o|0|\(\))\W*(?:m|\|\\\/\|)[EMAIL
PROTECTED](?:n|\|\\\|)(?:y|[i|!1l]\W*[e3]\W*[5s\$])|p\W*r\W*(?:o|0|\(\))\W*f\W*[i|!1l]\W*[t7]|p\W*(?:o|0|\(\))\W*r\W*[t7]\W*f\W*(?:o|0|\(\))\W*[i|!1l]\W*[i|!1l]\W*(?:o|0|\(\))|(?:[5s\$]\W*(?:m|\|\\\/\|)[EMAIL
PROTECTED]|!1l]\W*[i|!1l]|(?:m|\|\\\/\|)\W*[i|!1l]\W*[c(]\W*r\W*(?:o|0|\(\)))\W*[c([EMAIL
PROTECTED]|(?:o|0|\(\))\W*(?:v|\\\/)\W*[e3]\W*r\W*[i|!1l]\W*(?:o|0|\(\))\W*(?:o|0|\(\))\W*(?:k|\|\)|(?:w|\\\/\\\/)[EMAIL
PROTECTED]|!1l]\W*[i|!1l]\W*[5s\$]\W*[t7]\W*r\W*[e3]\W*[e3]\W*[t7]|(?:m|\|\\\/\|)[EMAIL
PROTECTED](?:k|\|\)\W*[e3]\W*[t7]|(?:h|\|-\|)\W*(?:o|0|\(\))\W*[t7]\W*p\W*[i|!1l]\W*[c(]\W*(?:k|\|\)\W*[5s\$])/i
rawbody __XMStockSymb
/^[5s\$]\W*y\W*(?:m|\|\\\/\|)\W*b\W*(?:o|0|\(\))\W*[i|!1l]\W*\w{2,5}\s*$/i
rawbody __XMStockPrce
/^p\W*r\W*[i|!1l]\W*[c(]\W*[e3]\W*\d+(?:\.\w+)?\s*$/
metaXMStockSpam_05 (__XMStockSGen
__XMStockPrce __XMStockSymb)
On Sat, Apr 02, 2005 at 05:24:51PM -0500, kalin mintchev wrote:
hi all
increasingly over the last month the filter has letting spam through. some
days is ok - some like last night really bad - i got 60 spam messages. i
have spamd running - nothing has changed. it does get some of the spam
still but crap like this is getting through. and on top of it it
autolearns it as ham?! how do i add this to my bayes db if i'm on a
vpopmail machine where every user has it's own user_prefs?
crap:
Return-Path: [EMAIL PROTECTED]
Delivered-To: [EMAIL PROTECTED]
Received: (qmail 61346 invoked by uid 1008); 2 Apr 2005 21:47:46 -
Delivered-To: [EMAIL PROTECTED]
Received: (qmail 61171 invoked by uid 1008); 2 Apr 2005 21:47:40 -
Received: from unknown (HELO dnt-gw2-zagros.dnttm.ro) (193.226.88.153)
by mail.el.net with SMTP; 2 Apr 2005 21:47:40 -
Received: from ornately
(ILZS-207-772.future-online.net [69.6.2.73] (may be forged))
by silken.future-online.net (MOS 3.3.9-GR) with ESMTP id DEH05665
(AUTH ornately-05)
; Sat, 02 Apr 2005 16:43:08 -0500 (IST)
Date: Sat, 02 Apr 2005 20:39:08 -0100
From: Rena Hodge [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: This st0ck has everything going for it
Message-ID: [EMAIL PROTECTED]
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7Bit
X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on chavo.el.net
X-Spam-Level:
X-Spam-Status: No, score=-2.6 required=3.0 tests=BAYES_00 autolearn=ham
version=3.0.2
--
--
__
what's with today, today?
Email: [EMAIL PROTECTED]
PGP:http://rocky.mindphone.org/rocky_mindphone.org.gpg
signature.asc
Description: Digital signature
Re: bogus-virus-warnings-cf
From: Bob McClure Jr [EMAIL PROTECTED] Sent: Sunday, April 03, 2005 1:15 AM On Sat, Apr 02, 2005 at 05:09:40PM -0600, Chris wrote: I use RDJ to update rule sets, I only run it once a day. On the run for the 31st of March, RDJ reported: RulesDuJour Run Summary on cpollock.localdomain: The following rules had errors: Tim Jackson's (et al) bogus virus warnings was not retrieved because of: 403 from http://www.timj.co.uk/linux/bogus-virus-warnings.cf. clicking on the link and opening with Mozilla still shows a 403 - Permission Denied. Anyone else having problems getting this update? Yep, for several days now. It is repaired I can browse the site Met vriendelijke groet, Maurice Lucas TAOS-IT
RulesDuJour error updating bigevil.cf
I've been getting the following error for a couple of days. The following rules had errors: Big Evil not found (404) at http://www.rulesemporium.com/rules/bigevil.cf Big Evil was not retrieved because of: 00:16:15 ERROR 404: Not Found. from http://www.rulesemporium.com/rules/bigevil.cf. I checked rulesemporium, and sure enough the file can't be found. Anyone know what's up? Thx Pete -- Unencumbered by the thought process --1992-2000 Click and Clack presidential campaign slogan
Re: RulesDuJour error updating bigevil.cf
Hallo und guten Tag Pete, danke für die Email vom 03.04.2005 um 18:52 Pete Geenhuizen schrieb - wrote: I've been getting the following error for a couple of days. The following rules had errors: Big Evil not found (404) at http://www.rulesemporium.com/rules/bigevil.cf Big Evil was not retrieved because of: 00:16:15 ERROR 404: Not Found. from http://www.rulesemporium.com/rules/bigevil.cf. bigevel is cancelled. Read the archives. -- Viele Grüße, Kind regards, Jim Knuth [EMAIL PROTECTED] ICQ #277289867 Skype: callto://jimknuth -- Zufalls-Zitat -- Unsere Träume können wir erst dann verwirklichen, wenn wir uns entschließen, einmal daraus zu erwachen. (Josephine Baker) -- Der Text hat nichts mit dem Empfänger der Mail zu tun -- Virus free. Checked by NOD32 Version 1.1044 Update 02.04.2005
Re: RulesDuJour error updating bigevil.cf
Hi Jim, Thanks for the reply, guess I missed that. I do have 2 questions though. 1. Any idea why the rulesemporium rules page isn't very clear and still has info on how to use it with RDJ? 2. Any idea how do I go about changing RDJ and bigevil.cf over to use ws.surbl.org? Pete -- Unencumbered by the thought process --1992-2000 Click and Clack presidential campaign slogan Jim Knuth said: Hallo und guten Tag Pete, danke für die Email vom 03.04.2005 um 18:52 Pete Geenhuizen schrieb - wrote: I've been getting the following error for a couple of days. The following rules had errors: Big Evil not found (404) at http://www.rulesemporium.com/rules/bigevil.cf Big Evil was not retrieved because of: 00:16:15 ERROR 404: Not Found. from http://www.rulesemporium.com/rules/bigevil.cf. bigevel is cancelled. Read the archives. -- Viele Grüße, Kind regards, Jim Knuth [EMAIL PROTECTED] ICQ #277289867 Skype: callto://jimknuth -- Zufalls-Zitat -- Unsere Träume können wir erst dann verwirklichen, wenn wir uns entschließen, einmal daraus zu erwachen. (Josephine Baker) -- Der Text hat nichts mit dem Empfänger der Mail zu tun -- Virus free. Checked by NOD32 Version 1.1044 Update 02.04.2005
Re: RulesDuJour error updating bigevil.cf
Hallo und guten Abend Pete, danke für die Email vom 03.04.2005 um 19:34 Pete Geenhuizen schrieb - wrote: Hi Jim, Thanks for the reply, guess I missed that. I do have 2 questions though. Sorry, I don`t know. What say Matt Kettler? ;) -- Viele Grüße, Kind regards, Jim Knuth [EMAIL PROTECTED] ICQ #277289867 Skype: callto://jimknuth -- Zufalls-Zitat -- Parasiten machen etwa 0.01% unseres Körpergewichtes aus. -- Der Text hat nichts mit dem Empfänger der Mail zu tun -- Virus free. Checked by NOD32 Version 1.1044 Update 02.04.2005
Re: sa-learn question
At 01:35 AM 4/3/2005, Roman Serbski wrote: There are some spam messages being not blocked by SA so as far as I understood I can teach Bayes to learn them? But is it worth to feed sa-learn with junk messages that already have headers modified? Yes, that's fine.. sa-learn is smart enough to undo any changes that the spamassassin configuration made.
Re: RulesDuJour error updating bigevil.cf
Pete Geenhuizen wrote: Hi Jim, Thanks for the reply, guess I missed that. I do have 2 questions though. 1. Any idea why the rulesemporium rules page isn't very clear and still has info on how to use it with RDJ? 2. Any idea how do I go about changing RDJ and bigevil.cf over to use ws.surbl.org? Pete Version of SpamAssassin? 3.0.x includes it, but I'm guessing you aren't using the 3.0.x series. -- Thanks, JamesDR smime.p7s Description: S/MIME Cryptographic Signature
