Re[3]: [SARE] obfu.cf, specific.cf updated
header.cf and specific.cf files updated. Other than correcting version numbers and dates (used next version number, 5/27 as date), the only changes are moving two rules from header0 to header1. Anyone who does manual updates and has this morning's versions in place can leave them there. If you use header0 and NOT header1, then you'll remove two rules that hit ham this month if you update header0. Also updated obfu1.cf file -- two rules added, several enhanced. Bob Menschel Thursday, May 26, 2005, 5:39:05 PM, I wrote: RM> Hello Joe, RM> Thursday, May 26, 2005, 7:37:55 AM, you wrote: JZ>> Can someone get the file specific information straight for JZ>> those of us who download manually? ... RM> Sure, someone could. Apparently not me. :-) RM> Anyone got a good secretary available? RM> Bob Menschel
Re[4]: Is Bayes Really Necessary?
Hello List, Thursday, May 26, 2005, 11:01:23 PM, you wrote: LMU> P.S. I know the account says "List Mail User", but why is this the only LMU> mailing list that almost uniformly references me that way? Though, I do LMU> get called by the sobriquet "Administrative User" when I use accounts LMU> which are labeled like that. Maybe, it just this list's user base is LMU> ingrained in using the header label instead of the signature!? Anyway, LMU> I kind of like the "LMU" :) Don't know. Me, I kind of like responding to the list. :-) LMU>A quick check of the last couple of days shows 72.96% at BAYES_00 LMU> and 10% at BAYES_99 and 11.29% at BAYES_50. I suspect the results are less LMU> extreme for you, but maybe not (that would be good to hear). Note: I have LMU> a lot of MTA level rejection, pre-filtering before SA that takes out most LMU> of the remaining spam and almost all mailing lists are set to use the LMU> "bayes_ignore_to" directive - so my results posted above are highly skewed LMU> by all these factors (e.g. > 40% of valid email does not run through bayes, LMU> and things like nightly server reports generated internally do - I don't LMU> even trust my own firewall machines' reports). Interesting stats. Last month's ham (110,735): th - 00 - 110173 = 99.5% th - 01 - 4 th - 05 - 191 th - 20 - 164 th - 30 - 0 th - 40 - 144 th - 44 - 1 th - 50 - 6 th - 60 - 20 th - 80 - 8 th - 95 - 1 th - 99 - 23 = 0.02% Last month's spam: (79,749): ts - 00 - 16346 = 20.5% ts - 01 - 1 ts - 05 - 877= 1.1% ts - 20 - 1283 = 1.6% ts - 30 - 2 ts - 40 - 1607 = 2.0% ts - 44 - 8 ts - 50 - 415 ts - 60 - 3588 = 4.5% ts - 80 - 3695 = 4.6% ts - 95 - 2596 = 3.3% ts - 99 - 49331 = 61.9% Obviously Bayes does a whole lot better with ham than it does with spam here. Many of the spam that hit BAYES_00 are outscatter. I've identified at least 3,000 of those during the last month's work on the new obfu rules. Now that those obfu rules are in place, I suspect those percentages will shift nicely, but we'll probably continue to get 10% of spam at Bayes_00. Yes, you're right -- we do have a lot of other tricks in use here to get them flagged as spam. :-) I hadn't realized that as many as 23 ham had hit BAYES_99. I would have guessed it was only 5 or 6. We do have a lot of negative scoring rules which pulled those down as well. All of them were valid ham marketing emails from the likes of United Airlines and Staples, which are now covered by SARE's whitelist.cf. We did have 15 FPs during this period of time, none of which will repeat because of whitelist.cf Bob Menschel
Custom Black list question
I have a custom black list with rules like : blacklist_from [EMAIL PROTECTED] How can one make sure these rules are picked up by spamassassin as these emails are still getting through Spamassassin running on Freebsd.
Re: Re[2]: Is Bayes Really Necessary?
>... > >Hello List, > >Thursday, May 26, 2005, 10:05:26 AM, you wrote: > >LMU> Though nobody seems to have said it exactly this way: It seems >LMU> to be becoming very obvious that the people who say the have problems >LMU> with Bayes are those who support a diverse group of users (e.g. ISPs >LMU> and email providers) and those who find it works well, even with >autolearning >LMU> are those with either small numbers of users or users who are mostly of >LMU> a very specific categorization type (e.g. medical, legal, technical, or >LMU> just about any homogenous group). > >Sorry -- major email server here, serving several hundred domains, >well over 1k users, all types from techical experts to business people >to newspaper reporters to retailers to pharmacists to people with >professions of various ages. Site-wide Bayes. Everyone has access to >sa-learn via IMAP. Works marvelously. > >Bob Menschel > Bob, I have actually many times specifically noted that you have said it works for you. I did not mean to imply that it doesn't always work in a heterogenous environment, just that all the people who say it doesn't work seem to fit that category (i.e. for some subset of people like yourself, there may be problems of some sort). Other people at large sites have also reported very good results and some of them also seem to be ISPs or email providers. For the other group, homogenous environments, there seems to be uniform agreement that it does work (now someone will speak up and point out a counter-example). I have notice a few time when you've posted scores, that you have a "BAYES_80" where I take the posted message, run "-D -t" and get a "BAYES_99", which might mean it does still work, and quite well - but not as `extremely' well as in other environments (80%+ of all email that hits SA on my servers ends up as either BAYES_00 or as BAYES_99 -- the rare exception I usually look at (they are mostly coming to my own accounts or are tagged as spam by other rules anyway), and they are either personal contacts, stock pumps or 419s -- mostly email from my "marketing" family members, whose writing style seems to be quite similar to some spam; I sure that I will eventually refuse some mail from my father, he often hits BAYES_80 and he mails from a MSN account - if it weren't for AWL, it already would have happened:-). A quick check of the last couple of days shows 72.96% at BAYES_00 and 10% at BAYES_99 and 11.29% at BAYES_50. I suspect the results are less extreme for you, but maybe not (that would be good to hear). Note: I have a lot of MTA level rejection, pre-filtering before SA that takes out most of the remaining spam and almost all mailing lists are set to use the "bayes_ignore_to" directive - so my results posted above are highly skewed by all these factors (e.g. > 40% of valid email does not run through bayes, and things like nightly server reports generated internally do - I don't even trust my own firewall machines' reports). Finally, you seem to have done a good job of `training' your users to use sa-learn, which is probably itself more valuable than any tweaking a sysadmin could do alone. I'd also bet dollars to donuts, that your have more modifications to a "stock" install than I do (e.g. SARE rules, etc.) and probably far more than most people with BAYES problems. Paul Shupak [EMAIL PROTECTED] P.S. I know the account says "List Mail User", but why is this the only mailing list that almost uniformly references me that way? Though, I do get called by the sobriquet "Administrative User" when I use accounts which are labeled like that. Maybe, it just this list's user base is ingrained in using the header label instead of the signature!? Anyway, I kind of like the "LMU" :)
Re: Locating the Source of a Hit in the Message Content
At 05:56 PM 5/26/2005, David wrote: I'm new to SpamAssassin, and I've been running some tests. I've been using the get_report() method to get a report of the rules that were triggered by a message. Is there a method that can identify where in the content the rule was triggered (e.g. a line number, or a regular expression with which I can locate it, or ?) No. Sa doesn't keep track of that in the general case, although if you want you can do one of two things: 1) run spamassassin with "-D rulesrun=255" which debugs all the rule running. 2) If you're really perplexed look at the rule that matched (grep RULE_NAME /usr/share/spamassassin/*). Most SA rules are regexes and you can apply the regex from the rule directly to the message.
Re: Comparison of SA and commercial solutions
On Thu, 26 May 2005, jdow wrote:
> From: "Kevin Peuhkurinen" <[EMAIL PROTECTED]>
[snip..]
> > putting me on hold for another 30+ minutes while they try to track down
> > a second level support person.
>
> That's 30 minutes
>
> > On the other hand, I had a question about SpamAssassin the other day
> > that I couldn't figure out so I posted to this list. Within two hours
> > one of the developers had responded. You just can't buy that kind of
> > support.
>
> 2 hours is better than an hour and a half?
>
> {O,o} (Yes, I know that you were free to do other stuff while "on
> hold" with SpamAssassin. The numbers just sort of tickled me.)
Yes, but don't forget, while Kevin was "on hold" waiting for his
SA support message -he- got to pick the music that he listened to
rather than being forced to listen to the commercial vender's 'elevator
muzak' and ads, makes the price all the easier to take. ;)
--
Dave Funk University of Iowa
College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_adminIowa City, IA 52242-1527
#include
Better is not better, 'standard' is better. B{
Re: spamassassin --lint
On Thu, 26 May 2005, Tim Macrina wrote:
> Hi Matt,
> looked in every user_prefs file on my system and I could find any
> reference to those lines.
>
> On 5/26/05, Matt Kettler <[EMAIL PROTECTED]> wrote:
> > Tim Macrina wrote:
> > > THis may be a dumb question but were can I find those lines? I looked
> > > in /etc/mail/spamassassin/local.cf and I can't locate those entires.
> >
> > Try ~/.spamassassin/user_prefs
Tim,
try the command:
spamassassin --lint -D
(toss on the debug option). It will print out a whole bunch of
stuff, but somewhere in there it should tell you exactly which
directories it's taking config files from. For example, the relevant
snippet of output from my system looks like:
[snip..]
debug: PATH included '/sbin', keeping.
debug: Final PATH set to:
/usr/sbin:/opt/softbench/bin:/usr/bin:/usr/ccs/bin:/sbin
debug: ignore: using a test message to lint rules
debug: using "/usr/local/opt/perl-5.6.1/share/spamassassin" for default rules
dir
debug: using "/etc/mail/spamassassin" for site rules dir
debug: using "/home/root/.spamassassin" for user state dir
debug: using "/home/root/.spamassassin/user_prefs" for user prefs file
debug: bayes: 25382 tie-ing to DB file R/O
/etc/mail/spamassassin/bayes/bayes_toks
[snip..]
Now take each of those 'using "/bla/bla" for ha dir' lines and search in
there for your offending stuff.
for example, to find out where the rule "NO_REAL_NAME" came from, I could
do:
grep NO_REAL_NAME /usr/local/opt/perl-5.6.1/share/spamassassin/*.cf
grep NO_REAL_NAME /etc/mail/spamassassin/*.cf
grep NO_REAL_NAME /home/root/.spamassassin/*.cf
grep NO_REAL_NAME /home/root/.spamassassin/user_prefs
and in one of those places I'll be sure to find that rule.
Note that a particular rule or config command can exist in more
than one place. In that case, the last one that SA loads overrules
the earlier ones.
Dave
--
Dave Funk University of Iowa
College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_adminIowa City, IA 52242-1527
#include
Better is not better, 'standard' is better. B{
Re: Comparison of SA and commercial solutions
From: "Kevin Peuhkurinen" <[EMAIL PROTECTED]>
> If that's not bad enough, I find most support from proprietary software
> vendors to be the pits. We have Mcafee's Enterprise Anti-Virus suite
> with a support contract. However, I hate calling them because I tend
> to have to wait 30+ minutes on hold just to speak to a first level
That's 30 minutes
> support person who knows less about the product than I do who forces me
> to walk through all the steps I've already done before giving up and
Let's say that's 30 minutes of step walking
> putting me on hold for another 30+ minutes while they try to track down
> a second level support person.
That's 30 minutes
> On the other hand, I had a question about SpamAssassin the other day
> that I couldn't figure out so I posted to this list. Within two hours
> one of the developers had responded. You just can't buy that kind of
> support.
2 hours is better than an hour and a half?
{O,o} (Yes, I know that you were free to do other stuff while "on
hold" with SpamAssassin. The numbers just sort of tickled me.)
Re: spamassassin --lint
> looked in every user_prefs file on my system and I could find any
> reference to those lines.
If you're running 'spamassassin --lint' as root, I guess you should look
in /root/.spamassassin/user_prefs as well.
The user_prefs ONLY are evaluated of the user running spamassassin. No
need to look in any other users files...
...guenther
> On 5/26/05, Matt Kettler <[EMAIL PROTECTED]> wrote:
> > Tim Macrina wrote:
> > > THis may be a dumb question but were can I find those lines? I looked
> > > in /etc/mail/spamassassin/local.cf and I can't locate those entires.
> >
> > Try ~/.spamassassin/user_prefs
--
char *t="[EMAIL PROTECTED]";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: spamassassin --lint
Hi Matt, looked in every user_prefs file on my system and I could find any reference to those lines. On 5/26/05, Matt Kettler <[EMAIL PROTECTED]> wrote: > Tim Macrina wrote: > > THis may be a dumb question but were can I find those lines? I looked > > in /etc/mail/spamassassin/local.cf and I can't locate those entires. > > Try ~/.spamassassin/user_prefs >
Re: spamassassin --lint
Tim Macrina wrote: > THis may be a dumb question but were can I find those lines? I looked > in /etc/mail/spamassassin/local.cf and I can't locate those entires. Try ~/.spamassassin/user_prefs
Re: spamassassin --lint
THis may be a dumb question but were can I find those lines? I looked in /etc/mail/spamassassin/local.cf and I can't locate those entires. On 5/26/05, Matt Kettler <[EMAIL PROTECTED]> wrote: > Tim Macrina wrote: > > If I run spamassassin --lint I get the following messages. Can anyone tell > > me what they mean and how to fix them? Thank you > > > > config: SpamAssassin failed to parse line, skiping: detailed_phrase_score 1 > > config: SpamAssassin failed to parse line, skiping: spam_level_stars 1 > > config: SpamAssassin failed to parse line, skiping: defang_mime 1 > > > > > > Delete those lines from your config file, they're all from very old versions > of > spamassassin and no longer exist. > > detailed_phrase_score is from the old static phrase list code that dissapeared > when bayes was added in spamassassin 2.50. (Bayes is a dynamic trainable > version > of this concept so anything from the old phrases code instantly obsolete) > > defang_mime was superseded by report_safe when 2.50 was released. > > spam_level_stars got replaced by add_header when SA 2.60 was released. > > > >
Re: spamassassin --lint
Tim Macrina wrote: > If I run spamassassin --lint I get the following messages. Can anyone tell me > what they mean and how to fix them? Thank you > > config: SpamAssassin failed to parse line, skiping: detailed_phrase_score 1 > config: SpamAssassin failed to parse line, skiping: spam_level_stars 1 > config: SpamAssassin failed to parse line, skiping: defang_mime 1 > > Delete those lines from your config file, they're all from very old versions of spamassassin and no longer exist. detailed_phrase_score is from the old static phrase list code that dissapeared when bayes was added in spamassassin 2.50. (Bayes is a dynamic trainable version of this concept so anything from the old phrases code instantly obsolete) defang_mime was superseded by report_safe when 2.50 was released. spam_level_stars got replaced by add_header when SA 2.60 was released.
spamassassin --lint
If I run spamassassin --lint I get the following messages. Can anyone tell me what they mean and how to fix them? Thank you config: SpamAssassin failed to parse line, skiping: detailed_phrase_score 1 config: SpamAssassin failed to parse line, skiping: spam_level_stars 1 config: SpamAssassin failed to parse line, skiping: defang_mime 1
Re: OTC stock spam
Hello , Thursday, May 26, 2005, 6:54:57 AM, you wrote: q> Guys, q> I just can't seem to lick this problem. Any ideas? One idea: http://wiki.apache.org/spamassassin/DoYouWantMySpam The way many of us would help would be to take your email, the full email, the unadulterated uncut unmodified uncutandpasted email, and run SA against it on our system. We can then tell you how/why our system flags it as spam, and you can adopt some of those methods. Can't do that from your example. Bob Menschel
Re[2]: [SARE] Whitelist.cf updated
Hello Jeff, Wednesday, May 25, 2005, 10:42:57 PM, you wrote: JC> On Wednesday, May 25, 2005, 9:19:43 PM, Robert Menschel wrote: >> Just a quick note that the SARE whitelist rules file has been updated. >> Documentation at http://www.rulesemporium.com/rules.htm#whitelist >> Bob Menschel JC> A couple questions: JC> 1. Are these envelope senders or URI domains? Envelope senders. Whitelist runs against the From address and the first trusted Received header recording which external system the email comes from to reach your system. JC> 2. Would they be appropriate to whitelist (i.e. exclude from JC> listing) in SURBLs? Unlikely, since the web sites mentioned in the emails are rarely the same as the From address or routing server. However, the primary web sites within those emails might be good candidates for the SURBL whitelist. Bob Menschel
Re: Message that conitinually gets bypassed
Hello Alan, Thursday, May 26, 2005, 9:20:51 AM, you wrote: AF> I have this message that continually gets by Spam Assassin. The headers AF> have no indication that SA has even touched it. I will post the headers AF> below, as well as the message. Unfortunately, you posted the text, and you posted the headers, but you didn't post the message. Your text says, > visit our Website and there's no link anywhere for the sucker to use. We are missing some very important information, and can't debug your problem properly without it. If you had sent the message as a message, attached (forward as attachment), I'd be able to save your message to my system, run SA against them, and do an analysis. I can't do that the way you cut and pasted the message. See the just updated http://wiki.apache.org/spamassassin/DoYouWantMySpam for some other ideas. Bob Menschel
Re[2]: [SARE] obfu.cf, specific.cf updated
Hello Joe, Thursday, May 26, 2005, 7:37:55 AM, you wrote: JZ> Can someone get the file specific information straight for JZ> those of us who download manually? ... Sure, someone could. Apparently not me. :-) Anyone got a good secretary available? Bob Menschel
Re[2]: Is Bayes Really Necessary?
Hello List, Thursday, May 26, 2005, 10:05:26 AM, you wrote: LMU>Though nobody seems to have said it exactly this way: It seems LMU> to be becoming very obvious that the people who say the have problems LMU> with Bayes are those who support a diverse group of users (e.g. ISPs LMU> and email providers) and those who find it works well, even with autolearning LMU> are those with either small numbers of users or users who are mostly of LMU> a very specific categorization type (e.g. medical, legal, technical, or LMU> just about any homogenous group). Sorry -- major email server here, serving several hundred domains, well over 1k users, all types from techical experts to business people to newspaper reporters to retailers to pharmacists to people with professions of various ages. Site-wide Bayes. Everyone has access to sa-learn via IMAP. Works marvelously. Bob Menschel
Re[2]: Adjusting the AWL value
Hello Chris, Thursday, May 26, 2005, 1:19:19 PM, you wrote: >>Cricket bats are, I'm told, another favorite in some parts of >>the world for dealing with recalcitrant users. CS> All second fiddle to being a 6 foot, 230 lb ex-boxer, martial CS> artist, and avid ice hockey player. You cheat. CS> If that don't make them nervous, I use my power phrase: CS> "I don't think I can recover your work now." Me, I find the best tonic is a pause, followed by a long, deep, sigh. Pause again, then "I think you better talk to Kevin." When the technician known for being able to fix almost everything sends someone to the manager who authorizes a complete reformat and rebuild of their disk drives ... Bob Menschel
Re: Expiry issues, SPF, Trusted path and more
Ben Wylie wrote: > > Now that I have got my trusted networks sorted out, may I ask this question > again? > > = > Secondly it appears that even when it has all the information to do the spf > check, it can't find the module. I thought i had installed it, and when i go > to f:\perl\bin and run "ppm install Mail-SPF-Query" it says: > > > F:\Perl\bin>ppm install Mail-SPF-Query > Version 1.6 of 'Mail-SPF-Query' is already installed. > Remove it, or use 'verify --upgrade Mail-SPF-Query' > I'm not sure why it's not spitting out the message, but 1.6 won't cut it. To quote the source code of SPF.pm: "Mail::SPF::Query 1.996 or later required, this is $Mail::SPF::Query::VERSION\n" That message should appear right above the debug line you do get: debug: SPF: cannot load or create Mail::SPF::Query module
Re: Is Bayes Really Necessary?
Jake Colman wrote: >>"CS" == Chris Santerre <[EMAIL PROTECTED]> writes: > >CS> If you are using SA 3.x, support is already included. You simply have >CS> to create the config file, restart spamd, and *poof* way less spam. > >CS> Net::Dns is required. I forget which version. I forget a lot of >CS> stuff. What was the question? > > Chris, > > Now I'm confused. The usage page on the site says to create a simple .cf > file containing a number of lines. Is that it? If I have that .cf file in > my /etc/mail/spamassassin directory it will all simply work? > ...Jake > Jake, that "simple cf file" *should* already included by default with SA 3.0.x. You really shouldn't have to create a config file, or do anything at all to get URIBL's going. http://www.surbl.org/ mentions suggestions about adding rules, but most of the surbl lists are already built into SA 3.0. The only one that's missing is the JP list, which came on-line to late to make it into the 3.0 release. Add it if you want, but do so AFTER you get the built-in ones going. If the URIBLs aren't going, check these two things: 1) check to make sure you have /etc/mail/spamassassin/init.pre. Some distribution packages left this file out when they converted the tarball (oops) Without the init.pre, the plugin for URIBL's doesn't get loaded. It should have this statement in it to support URIBLs: loadplugin Mail::SpamAssassin::Plugin::URIDNSBL > Yes, I have Net::DNS since I am already doing all the other net checks. > 2) Just because your copy of Net::DNS works for RBLs does not mean it will work for the URIBLs. You need a higher version of Net::DNS to support URIBLs than you need for normal net checks. Check spamassassin --lint -D to see if it's complaining about the version of Net::DNS.
RE: Expiry issues, SPF, Trusted path and more
Thanks Matt and Theo for your helpful replies. I have now disabled the auto expiry, so it won't happen during the scanning of a message. I can then trigger it to do this at a time during the night when it doesn't matter so much. I have also sorted out my trusted path, and now where ever the emails come from, the correct servers are trusted. It seems to have made the SA checks quite a bit faster, probably because lookups are not done on trusted ips. Now that I have got my trusted networks sorted out, may I ask this question again? = Secondly it appears that even when it has all the information to do the spf check, it can't find the module. I thought i had installed it, and when i go to f:\perl\bin and run "ppm install Mail-SPF-Query" it says: F:\Perl\bin>ppm install Mail-SPF-Query Version 1.6 of 'Mail-SPF-Query' is already installed. Remove it, or use 'verify --upgrade Mail-SPF-Query' In the debug log it says: debug: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC debug: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH(0x25f02ac) Here is the part where it says it can't load the module: debug: X-Envelope-From header found after 1 or more Received lines, cannot trust envelope-from debug: Return-Path header found after 1 or more Received lines, cannot trust envelope-from debug: Running tests for priority: 0 debug: running header regexp tests; score so far=0 debug: registering glue method for check_for_spf_fail (Mail::SpamAssassin::Plugin::SPF=HASH(0x25f019c)) debug: SPF: relayed through one or more trusted relays, cannot use header-based Envelope-From, skipping debug: registering glue method for check_for_spf_pass (Mail::SpamAssassin::Plugin::SPF=HASH(0x25f019c)) debug: all '*From' addrs: [EMAIL PROTECTED] debug: all '*To' addrs: [EMAIL PROTECTED] debug: registering glue method for check_hashcash_value (Mail::SpamAssassin::Plugin::Hashcash=HASH(0x25df0c8)) debug: registering glue method for check_for_spf_helo_fail (Mail::SpamAssassin::Plugin::SPF=HASH(0x25f019c)) debug: SPF: checking HELO (helo=tcfcu.com, ip=82.237.116.13) debug: SPF: trimmed HELO down to 'tcfcu.com' debug: SPF: cannot load or create Mail::SPF::Query module debug: registering glue method for check_for_spf_helo_pass (Mail::SpamAssassin::Plugin::SPF=HASH(0x25f019c)) debug: registering glue method for check_hashcash_double_spend (Mail::SpamAssassin::Plugin::Hashcash=HASH(0x25df0c8)) debug: registering glue method for check_for_spf_softfail (Mail::SpamAssassin::Plugin::SPF=HASH(0x25f019c)) debug: registering glue method for check_for_spf_helo_softfail (Mail::SpamAssassin::Plugin::SPF=HASH(0x25f019c)) === Should the SPF module work on a windows system? It seems to claim it is installed. Having ranted on about how to get SPF working, how do i disable SPF if i don't get it working, so it doesn't do the unnecessary preparation work? Thanks for your help, Ben
Re: Is Bayes Really Necessary?
> "CS" == Chris Santerre <[EMAIL PROTECTED]> writes: >> I already use RDJ and the automatic updater. How do I use URIBL? I >> looked at the usage page and I undersyand that I need to create a .cf >> file but how does it access the lists? CS> If you are using SA 3.x, support is already included. You simply have CS> to create the config file, restart spamd, and *poof* way less spam. CS> Net::Dns is required. I forget which version. I forget a lot of CS> stuff. What was the question? Chris, Now I'm confused. The usage page on the site says to create a simple .cf file containing a number of lines. Is that it? If I have that .cf file in my /etc/mail/spamassassin directory it will all simply work? Yes, I have Net::DNS since I am already doing all the other net checks. ...Jake -- Jake Colman Sr. Applications Developer Principia Partners LLC Harborside Financial Center 1001 Plaza Two Jersey City, NJ 07311 (201) 209-2467 www.principiapartners.com
Fwd: Re: Adjusting the AWL value
Title: Fwd: Re: Adjusting the AWL value Since we are getting off the subject of Adjusting the AWL value. Maybe I could use one or more of these to extricate certain parts of ones body from another part of the body: http://www.globalsecurity.org/military/systems/munitions/gbu-28e.htm Seriously enough fun and let us get back to the subject of helping this poor fellow. Frank Return-Path: <[EMAIL PROTECTED]> Delivered-To: [EMAIL PROTECTED] X-Spam-Status: No, hits=-2.6 required=8.0 Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@spamassassin.apache.org X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests=FORGED_RCVD_HELO,SPF_HELO_PASS,SPF_PASS X-Spam-Check-By: apache.org Message-ID: <[EMAIL PROTECTED]> Date: Thu, 26 May 2005 15:54:22 -0400 From: Matt Kettler <[EMAIL PROTECTED]> X-Accept-Language: en-us, en To: Jim Maul <[EMAIL PROTECTED]> CC: Chris Santerre <[EMAIL PROTECTED]>, users@spamassassin.apache.org Subject: Re: Adjusting the AWL value X-Enigmail-Version: 0.91.0.0 X-Greylist: Sender succeded SMTP AUTH authentication, not delayed by milter-greylist-2.0b2 (xanadu.evi-inc.com [192.168.50.2]); Thu, 26 May 2005 15:54:22 -0400 (EDT) X-EVI-MailScanner-Information: Please contact the EVI IT dept for more information X-EVI-MailScanner: Found to be clean X-EVI-MailScanner-SpamCheck: not spam, SpamAssassin (score=-4.901, required 5, BAYES_00 -4.90, INFO_GREYLIST_NOTDELAYED -0.00) X-Virus-Checked: Checked Jim Maul wrote: > > Hey, do you know any commands to remove things from other peoples' ASS? > > Maybe something like --remove-stick-from ? My boss really needs this! > > No, usually the only thing you can try on someone else is --remove-head-from-ass. However, this will fail on some systems depending on how that person has the security permissions set for their ass. It also depends on how far the head is implanted. If it's implanted too far the entire ass becomes inaccessible and extraction requires major surgery. I usually find that a 72", 17 lb digging bar (aka landscape bar) is the tool of choice for this kind of surgery. http://www.mytscstore.com/detail.asp?pcID=1&paID=1013&sonID=606&page=1&productID=1808
Re: Comparison of SA and commercial solutions
Martyn Drake wrote: Aecio F. Neto wrote: Is there any *good* and *trustable* comparison between SA and other commercial solutions? I looked into a few dedicated commercial spam appliances, but most (but not all) of which used a customised version of SpamAssassin as part of their detection process anyway. MessageLabs was outrageously expensive, and we didn't particularly want to have mail going through third-party servers. In the end it was far better to do it myself with SpamAssassin, RDJ, limited RBL and a few other tweaks, and that's how it's been so far. Regards, Martyn As far as ease of setup? When I first started with SA I was more of the doze admin than the Linux admin. I read the directions, and could figure out stuff for myself. If their box/software goes titsup (like anything tends to do) are they going to be there that second to fix it? I'd guess no. So you would be either left wide open, or block business. And yes, you could do a really expensive clustering etc with their equipment/sw but what does this bring you? The black box. You plug it in, hope it works, and if it doesn't you are at the mercy of 'them' (men in the black suits ;-D ) So from ease of install (started at 2.5) from the get go, if you read the directions, and some of the how-tos out there. SA is the way to go. Like a poster said earlier, 2hrs if cpan is slow and you are on your feet running. If they pay you per hour of $21, this anti-spam solution, at the get-go, cost them hw + $42. Not too shabby for something as complex, yet, effective as spamassassin (complex in that it does a lot in trying to catch spam.) I only spend about 1/2 hr a day checking logs, and the spam folder (all spam is dropped there) for FP's, nary a FP per half year ends up there. Stay with SA. Get good hw for what they want to spend the money on -- Or a company car ;-D -- Thanks, JamesDR smime.p7s Description: S/MIME Cryptographic Signature
Locating the Source of a Hit in the Message Content
Hi, I'm new to SpamAssassin, and I've been running some tests. I've been using the get_report() method to get a report of the rules that were triggered by a message. Is there a method that can identify where in the content the rule was triggered (e.g. a line number, or a regular expression with which I can locate it, or ?) Thanks!
Re: Adjusting the AWL value
Matt Kettler wrote: Jim Maul wrote: Hey, do you know any commands to remove things from other peoples' ASS? Maybe something like --remove-stick-from ? My boss really needs this! No, usually the only thing you can try on someone else is --remove-head-from-ass. However, this will fail on some systems depending on how that person has the security permissions set for their ass. It also depends on how far the head is implanted. If it's implanted too far the entire ass becomes inaccessible and extraction requires major surgery. I usually find that a 72", 17 lb digging bar (aka landscape bar) is the tool of choice for this kind of surgery. http://www.mytscstore.com/detail.asp?pcID=1&paID=1013&sonID=606&page=1&productID=1808 That does look quite effective for that task. There are several important things to remember about CRI (Cranial Rectal Inversion). As you become more familiar with CRI, you will see that it ... (1) Reduces and/or distorts all powers of observation in the CRI sufferer. Warning messages will be especially difficult to convey. (2) Reduces the intelligibility of their speech -- in some cases you may need to become telepathic. (3) Leads to an increase in speech volume (but without clarity) -- probably as a partial compensation for (2). (4) Upsets most people near the affected induhvidual as it appears to be quite uncomfortable. (5) Paradoxically, it might not actually _be_ as uncomfortable as it looks -- evidenced by the fact that so few affected induhviduals seek treatment for their debilitating condition. (6) In many cases (even after effective treatment), it may reoccur and eventually evolve into a more severe form, CCRI (Chronic Cranial Rectal Inversion). -- Martin
Re: RulesDuJour Best Practices
Jason Marshall wrote: Yes! You should be able to add these directly to the config file in the same way you are (I believe) currently adding them to the built-in registry. Thanks, Chris, do they just get added to the bottom, or do they need to be contained in some kind of $variable="" declaration? Just add them to the bottom (copy and paste should work) Nope, it looks for specifically named files. Cool, thanks. signature.asc Description: OpenPGP digital signature
Re: Adjusting the AWL value [ot larting]
Matt Kettler wrote: Dimitri Yioulos wrote: Matt, Isn't the landscape bar required in every sysadmin's tool kit? Dimitri Every sysadmin requires some form of LART in his toolkit. Not all sysadmins require a head extraction tool, although they are quite handy. Many tools, such as the landscape bar, can serve both purposes. However, if you already have a LART, the digging bar can be used as a special-purpose tool for head extractions. For example I prefer a wooden object for most general purpose LARTing, as I find the hollow sounds it makes when striking a head quite pleasing. Wooden baseball bats are my LART of choice. Sometimes I use the digging bar as a LART, but usually only in circumstances where previous applications of wood have failed to produce the desired results. The landscape bar is also an excellent tool for LARTing by intimidation. Due to it's large size, black color, and pointy end its presence is more intimidating to the general user than a bat. Once in a rare while I use the bar for less severe problems as merely walking up to someone while carrying a landscape bar will usually have the same effect as a few light blows with the bat. Its a bit expensive, but man does this thing intimidate. And 144 shots before reloading should allow for multiple targets no problems.. http://www.backyardartillery.com/machinegun/ -Jim
Re: RulesDuJour Best Practices
Yes! You should be able to add these directly to the config file in the same way you are (I believe) currently adding them to the built-in registry. Thanks, Chris, do they just get added to the bottom, or do they need to be contained in some kind of $variable="" declaration? Nope, it looks for specifically named files. Cool, thanks. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- | Jason Marshall, [EMAIL PROTECTED] Spots InterConnect, Inc. Calgary, AB | =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Re: Adjusting the AWL value [ot larting]
Dimitri Yioulos wrote: > > > Matt, > > Isn't the landscape bar required in every sysadmin's tool kit? > > Dimitri > Every sysadmin requires some form of LART in his toolkit. Not all sysadmins require a head extraction tool, although they are quite handy. Many tools, such as the landscape bar, can serve both purposes. However, if you already have a LART, the digging bar can be used as a special-purpose tool for head extractions. For example I prefer a wooden object for most general purpose LARTing, as I find the hollow sounds it makes when striking a head quite pleasing. Wooden baseball bats are my LART of choice. Sometimes I use the digging bar as a LART, but usually only in circumstances where previous applications of wood have failed to produce the desired results. The landscape bar is also an excellent tool for LARTing by intimidation. Due to it's large size, black color, and pointy end its presence is more intimidating to the general user than a bat. Once in a rare while I use the bar for less severe problems as merely walking up to someone while carrying a landscape bar will usually have the same effect as a few light blows with the bat.
Re: Is Bayes Really Necessary?
On Thu, 26 May 2005, Thomas Cameron wrote:
> On Thu, 2005-05-26 at 10:08 -0400, Jake Colman wrote:
> > Given the rather complete set of rules that ship with SA and which can
> > expanded with SARE, does bayes learning really help? Won't the rules catch
> > pretty much everything anyway?
>
> I have used SA with Bayes and it took quite a bit of administrative
> overhead. It worked amazingly well, though.
>
> I now run SA with DCC, Razor, Pyzor and network checks and without Bayes
> and it still Just Works(TM). Seriously - I have customers who slather
You could make the argument that Razor, Pyzor, etc perform a similar
function to Bayes (analyze a message, generate some kind of 'collapsed'
representation, compare it with a database of known messages
and come up with a "spammyness" value).
As spammers are constantly mutating and adapting, having a dynamic,
adaptive component of SA is a must to avoid the "saw-tooth" effect.
(a fresh SA install works great, gradually loses effectiveness until a
new update install, and so on).
Bayes has the advantage that it's local, no network overhead, can be
trained to 'know' your specific kinds of messages.
Bayes has the disadvantage that it's your local responsibility to
see that it's trained properly.
--
Dave Funk University of Iowa
College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_adminIowa City, IA 52242-1527
#include
Better is not better, 'standard' is better. B{
Re: RulesDuJour Best Practices
Jason Marshall wrote: When a new rules_du_jour is released, it downloads it, and i have to manually add the "Personal Rule" snippets to the script again. Is there a way to put those in the /etc/rulesdujour/config file so that they don't need to be re-added all the time? Yes! You should be able to add these directly to the config file in the same way you are (I believe) currently adding them to the built-in registry. Also, is the /etc/rulesdujour directory similar to /etc/mail/spamassassin whereby it will read all the files in that directory rather than just a specifically-named one? Nope, it looks for specifically named files. Chris signature.asc Description: OpenPGP digital signature
Re: [sa-list] Spamcop reporting
On Thu, 26 May 2005, Thomas Zehetbauer wrote: Hi, I have just started reporting spam and I wonder if SpamCop really expects it's users to confirm every submission in the web interface? Yes, they do. This is to ensure a minimum of false positives. By default, I only report things that do NOT hit my usual scores (i.e. I report false negatives). You can report anonymously, but they tend to count less (although they are counted, ISPs do not get a detailed writeup of the incident as they get with a "full" report), the ISP just gets a "summary note" on a daily basis that says how many spams are coming from them. -Dan -- "SOY BOMB!" -The Chest of the nameless streaker of the 1998 Grammy Awards' Bob Dylan Performance. Dan Mahoney Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC ICQ: 13735144 AIM: LarpGM Site: http://www.gushi.org ---
user_prefs migration script
Hey all, I was migrating over to SQL, and I've written a script that allows users to migrate their prefs into (and out of) a SQL database, including some command line switches for root to be able to migrate all users in at once. My code's not the cleanest in the world, but I'm trying. I wrote it as a stub so my existing tools to edit prefs files would still work. I don't know if I've duplicated any effort here, but would anyone be interested in such a script? Should I submit it as a bug report or just provide a link? Do I need to sign away anything if I wanted to "contribute" it to the actual SA base? Please let me know. -Dan Mahoney (www.gushi.org/updateprefs.pl) -- "A mother can be an inspiration to her little son, change his thoughts, his mind, his life, just with her gentle hum." -No Doubt, "Different People", from "Tragic Kingdom" Dan Mahoney Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC ICQ: 13735144 AIM: LarpGM Site: http://www.gushi.org ---
Re: Adjusting the AWL value
Matt Kettler wrote: Jim Maul wrote: Hey, do you know any commands to remove things from other peoples' ASS? Maybe something like --remove-stick-from ? My boss really needs this! No, usually the only thing you can try on someone else is --remove-head-from-ass. However, this will fail on some systems depending on how that person has the security permissions set for their ass. It also depends on how far the head is implanted. If it's implanted too far the entire ass becomes inaccessible and extraction requires major surgery. I usually find that a 72", 17 lb digging bar (aka landscape bar) is the tool of choice for this kind of surgery. http://www.mytscstore.com/detail.asp?pcID=1&paID=1013&sonID=606&page=1&productID=1808 Ah major surgery! A plexirectimy is what is needed! What is a plexirectimy? Cut a hole where your belly button is and replace it with a piece of plexiglass, so you can see when your head is up there! 8* -Doc (Not a Real surgeon just plays one on the Internet)
Re: Adjusting the AWL value
On Thursday May 26 2005 4:19 pm, Chris Santerre wrote: > >-Original Message- > >From: David Brodbeck [mailto:[EMAIL PROTECTED] > >Sent: Thursday, May 26, 2005 4:05 PM > >To: users@spamassassin.apache.org > >Subject: Re: Adjusting the AWL value > > > >Dimitri Yioulos wrote: > >> Isn't the landscape bar required in every sysadmin's tool kit? > > > >A 3.5 foot length of "sucker rod" is also acceptable. (See the Linux > >syslogd(8) manpage, 'SECURITY THREATS' section, for details: > >http://www.die.net/doc/linux/man/man8/syslogd.8.html) > > > >Cricket bats are, I'm told, another favorite in some parts of > >the world > >for dealing with recalcitrant users. > > All second fiddle to being a 6 foot, 230 lb ex-boxer, martial artist, and > avid ice hockey player. > > If that don't make them nervous, I use my power phrase: > "I don't think I can recover your work now." > A tactic (among others) used to great effect by "The Bastard Operator From Hell" (see http://bofh.ntk.net/Bastard.html). > If that don't work, I begin to dance. My rythmic motions put them into a > sedated trance. Thankfully we don't get to this level very often. > > --Chris
RE: Adjusting the AWL value
>-Original Message- >From: David Brodbeck [mailto:[EMAIL PROTECTED] >Sent: Thursday, May 26, 2005 4:05 PM >To: users@spamassassin.apache.org >Subject: Re: Adjusting the AWL value > > >Dimitri Yioulos wrote: >> Isn't the landscape bar required in every sysadmin's tool kit? > >A 3.5 foot length of "sucker rod" is also acceptable. (See the Linux >syslogd(8) manpage, 'SECURITY THREATS' section, for details: >http://www.die.net/doc/linux/man/man8/syslogd.8.html) > >Cricket bats are, I'm told, another favorite in some parts of >the world >for dealing with recalcitrant users. All second fiddle to being a 6 foot, 230 lb ex-boxer, martial artist, and avid ice hockey player. If that don't make them nervous, I use my power phrase: "I don't think I can recover your work now." If that don't work, I begin to dance. My rythmic motions put them into a sedated trance. Thankfully we don't get to this level very often. --Chris
Re: Adjusting the AWL value
Dimitri Yioulos wrote: Isn't the landscape bar required in every sysadmin's tool kit? A 3.5 foot length of "sucker rod" is also acceptable. (See the Linux syslogd(8) manpage, 'SECURITY THREATS' section, for details: http://www.die.net/doc/linux/man/man8/syslogd.8.html) Cricket bats are, I'm told, another favorite in some parts of the world for dealing with recalcitrant users.
Re: Adjusting the AWL value
On Thursday May 26 2005 3:54 pm, Matt Kettler wrote: > Jim Maul wrote: > > Hey, do you know any commands to remove things from other peoples' ASS? > > > > Maybe something like --remove-stick-from ? My boss really needs this! > > No, usually the only thing you can try on someone else is > --remove-head-from-ass. However, this will fail on some systems depending > on how that person has the security permissions set for their ass. > > It also depends on how far the head is implanted. If it's implanted too far > the entire ass becomes inaccessible and extraction requires major surgery. > I usually find that a 72", 17 lb digging bar (aka landscape bar) is the > tool of choice for this kind of surgery. > > > http://www.mytscstore.com/detail.asp?pcID=1&paID=1013&sonID=606&page=1&prod >uctID=1808 Matt, Isn't the landscape bar required in every sysadmin's tool kit? Dimitri
Re: Adjusting the AWL value
Jim Maul wrote: > > Hey, do you know any commands to remove things from other peoples' ASS? > > Maybe something like --remove-stick-from ? My boss really needs this! > > No, usually the only thing you can try on someone else is --remove-head-from-ass. However, this will fail on some systems depending on how that person has the security permissions set for their ass. It also depends on how far the head is implanted. If it's implanted too far the entire ass becomes inaccessible and extraction requires major surgery. I usually find that a 72", 17 lb digging bar (aka landscape bar) is the tool of choice for this kind of surgery. http://www.mytscstore.com/detail.asp?pcID=1&paID=1013&sonID=606&page=1&productID=1808
RE: Is Bayes Really Necessary?
On Thu, 2005-05-26 at 10:42 -0400, Chris Santerre wrote: > For site wide, I'm pretty much against it. I know people will argue that > point. I'm obviously biased towards SARE rules updated with RDJ. And the use > of URIBL.com lists. But these allow a general users, or a sitewide install > to "set and forget". Which is what we strive for, so SA can be more widley > excepted. > > I have a 99% filter rate without bayes. And I'm proud of that. I've been testing URIBL and SURBL against just reversing the hostnames and looking it up on SBL-XBL, and I can say that URIBL and SURBL don't catch nearly the number of spams. I get close to a 99% filter rate just checking the links alone.
Re: Adjusting the AWL value
Chris Santerre wrote: -Original Message- From: guenther [mailto:[EMAIL PROTECTED] Sent: Thursday, May 26, 2005 2:52 PM To: Craig Jackson Cc: users@spamassassin.apache.org Subject: Re: Adjusting the AWL value On Thu, 2005-05-26 at 12:55 -0500, Craig Jackson wrote: Hi, I'd like to change/reset-to-zero the autowhite list value for a sender. I read the man page (Mail::Spamassassin::Autowhitelist) but don't comprehend the syntax. Can someone give me a hint? Rather than Mail::Spamassassin::Autowhitelist you likely want 'man spamassassin'. :) See --remove-from-whitelist and --remove-addr-from-whitelist options. You can provide the email address alone or feed it the respective mail. HTH Remember, most of us call it A.S.S now, instead of AWL. Average Scoring System. To remove someone from your ASS, you simply use the commands listed by guenther above. Hey, do you know any commands to remove things from other peoples' ASS? Maybe something like --remove-stick-from ? My boss really needs this! IMHO, these commands should be updated to keep continuity with the idea that the ASS is not just white. I recommend: --remove-from-my-ass and --remove-addr-from-ass That should work perfectly. --Chris -Jim
Re: Is Bayes Really Necessary?
Chris Santerre wrote: -Original Message- From: Jake Colman [mailto:[EMAIL PROTECTED] Sent: Thursday, May 26, 2005 2:54 PM To: users@spamassassin.apache.org Subject: Re: Is Bayes Really Necessary? "CS" == Chris Santerre <[EMAIL PROTECTED]> writes: >> -Original Message- >> From: Jake Colman [mailto:[EMAIL PROTECTED] >> Sent: Thursday, May 26, 2005 10:09 AM >> To: users@spamassassin.apache.org >> Subject: Is Bayes Really Necessary? >> >> >> >> Given the rather complete set of rules that ship with SA and which can >> expanded with SARE, does bayes learning really help? Won't >> the rules catch >> pretty much everything anyway? CS> Oh my favorite subject!!! :) CS> NO! Bayes is not necessary. IMHO, for personal use, it is incredible. But I CS> feel the care of it is more difficult then your average user would care to CS> keep up. CS> For site wide, I'm pretty much against it. I know people will argue that CS> point. I'm obviously biased towards SARE rules updated with RDJ. And the use CS> of URIBL.com lists. But these allow a general users, or a sitewide install CS> to "set and forget". Which is what we strive for, so SA can be more widley CS> excepted. CS> I have a 99% filter rate without bayes. And I'm proud of that. CS> Chris Santerre CS> System Admin and SARE/URIBL Ninja CS> http://www.rulesemporium.com CS> http://www.uribl.com I already use RDJ and the automatic updater. How do I use URIBL? I looked at the usage page and I undersyand that I need to create a .cf file but how does it access the lists? If you are using SA 3.x, support is already included. You simply have to create the config file, restart spamd, and *poof* way less spam. Net::Dns is required. I forget which version. I forget a lot of stuff. What was the question? --Chris Gotta stop smokin the green ;) -Jim
RE: Adjusting the AWL value
>-Original Message- >From: guenther [mailto:[EMAIL PROTECTED] >Sent: Thursday, May 26, 2005 2:52 PM >To: Craig Jackson >Cc: users@spamassassin.apache.org >Subject: Re: Adjusting the AWL value > > >On Thu, 2005-05-26 at 12:55 -0500, Craig Jackson wrote: >> Hi, >> I'd like to change/reset-to-zero the autowhite list value >for a sender. >> I read the man page (Mail::Spamassassin::Autowhitelist) but don't >> comprehend the syntax. >> >> Can someone give me a hint? > >Rather than Mail::Spamassassin::Autowhitelist you likely want 'man >spamassassin'. :) > >See --remove-from-whitelist and --remove-addr-from-whitelist options. >You can provide the email address alone or feed it the respective mail. > >HTH Remember, most of us call it A.S.S now, instead of AWL. Average Scoring System. To remove someone from your ASS, you simply use the commands listed by guenther above. IMHO, these commands should be updated to keep continuity with the idea that the ASS is not just white. I recommend: --remove-from-my-ass and --remove-addr-from-ass That should work perfectly. --Chris
RE: Is Bayes Really Necessary?
>-Original Message- >From: Jake Colman [mailto:[EMAIL PROTECTED] >Sent: Thursday, May 26, 2005 2:54 PM >To: users@spamassassin.apache.org >Subject: Re: Is Bayes Really Necessary? > > >> "CS" == Chris Santerre <[EMAIL PROTECTED]> writes: > > >> -Original Message- > >> From: Jake Colman [mailto:[EMAIL PROTECTED] > >> Sent: Thursday, May 26, 2005 10:09 AM > >> To: users@spamassassin.apache.org > >> Subject: Is Bayes Really Necessary? > >> > >> > >> > >> Given the rather complete set of rules that ship with SA >and which can > >> expanded with SARE, does bayes learning really help? Won't > >> the rules catch > >> pretty much everything anyway? > > CS> Oh my favorite subject!!! :) > > CS> NO! Bayes is not necessary. IMHO, for personal use, it >is incredible. But I > CS> feel the care of it is more difficult then your average >user would care to > CS> keep up. > > CS> For site wide, I'm pretty much against it. I know >people will argue that > CS> point. I'm obviously biased towards SARE rules updated >with RDJ. And the use > CS> of URIBL.com lists. But these allow a general users, or >a sitewide install > CS> to "set and forget". Which is what we strive for, so SA >can be more widley > CS> excepted. > > CS> I have a 99% filter rate without bayes. And I'm proud of that. > > CS> Chris Santerre > CS> System Admin and SARE/URIBL Ninja > CS> http://www.rulesemporium.com > CS> http://www.uribl.com > >I already use RDJ and the automatic updater. How do I use >URIBL? I looked >at the usage page and I undersyand that I need to create a .cf >file but how >does it access the lists? If you are using SA 3.x, support is already included. You simply have to create the config file, restart spamd, and *poof* way less spam. Net::Dns is required. I forget which version. I forget a lot of stuff. What was the question? --Chris
Manpage change suggestion
guenther wrote: > On Thu, 2005-05-26 at 12:55 -0500, Craig Jackson wrote: > >>Hi, >>I'd like to change/reset-to-zero the autowhite list value for a sender. >>I read the man page (Mail::Spamassassin::Autowhitelist) but don't >>comprehend the syntax. >> >>Can someone give me a hint? > > > Rather than Mail::Spamassassin::Autowhitelist you likely want 'man > spamassassin'. :) > This points out a rather important point. For the new user there's no easy way to tell the difference between manpages that are documenting how to use SA, such as man Mail::SpamAssassin::Conf, and ones that are documenting how to program SA via perl, such as man Mail::Spamassassin::Autowhitelist. Perhaps in the Name or Synopsis section we should indicate that a particular manpage is perl programing information. Or, alternatively change things so that all the programming documentation is in man Mail::SpamAssassin::* and all the user config information is in man spamassassin.* (ie: make the current man Mail::SpamAssassin::Conf into man spamassassin.conf, and make the Mail::SpamAssassin::Conf page document the functionality implemented by Conf.pm)
RulesDuJour Best Practices
I confess, I've been using RDJ for at least a year now without really having any idea what i'm doing. It downloads the new rules as it should, and spamassassin uses them, but I have some SARE rules that require the "Personal Rule" snippet to be added to the rules_du_jour script. When a new rules_du_jour is released, it downloads it, and i have to manually add the "Personal Rule" snippets to the script again. Is there a way to put those in the /etc/rulesdujour/config file so that they don't need to be re-added all the time? Also, is the /etc/rulesdujour directory similar to /etc/mail/spamassassin whereby it will read all the files in that directory rather than just a specifically-named one? Thanks... Hopefully some of this makes sense... =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- | Jason Marshall, [EMAIL PROTECTED] Spots InterConnect, Inc. Calgary, AB | =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Re: Is Bayes Really Necessary?
> "CS" == Chris Santerre <[EMAIL PROTECTED]> writes: >> -Original Message- >> From: Jake Colman [mailto:[EMAIL PROTECTED] >> Sent: Thursday, May 26, 2005 10:09 AM >> To: users@spamassassin.apache.org >> Subject: Is Bayes Really Necessary? >> >> >> >> Given the rather complete set of rules that ship with SA and which can >> expanded with SARE, does bayes learning really help? Won't >> the rules catch >> pretty much everything anyway? CS> Oh my favorite subject!!! :) CS> NO! Bayes is not necessary. IMHO, for personal use, it is incredible. But I CS> feel the care of it is more difficult then your average user would care to CS> keep up. CS> For site wide, I'm pretty much against it. I know people will argue that CS> point. I'm obviously biased towards SARE rules updated with RDJ. And the use CS> of URIBL.com lists. But these allow a general users, or a sitewide install CS> to "set and forget". Which is what we strive for, so SA can be more widley CS> excepted. CS> I have a 99% filter rate without bayes. And I'm proud of that. CS> Chris Santerre CS> System Admin and SARE/URIBL Ninja CS> http://www.rulesemporium.com CS> http://www.uribl.com I already use RDJ and the automatic updater. How do I use URIBL? I looked at the usage page and I undersyand that I need to create a .cf file but how does it access the lists? -- Jake Colman Sr. Applications Developer Principia Partners LLC Harborside Financial Center 1001 Plaza Two Jersey City, NJ 07311 (201) 209-2467 www.principiapartners.com
Re: Adjusting the AWL value
On Thu, 2005-05-26 at 12:55 -0500, Craig Jackson wrote:
> Hi,
> I'd like to change/reset-to-zero the autowhite list value for a sender.
> I read the man page (Mail::Spamassassin::Autowhitelist) but don't
> comprehend the syntax.
>
> Can someone give me a hint?
Rather than Mail::Spamassassin::Autowhitelist you likely want 'man
spamassassin'. :)
See --remove-from-whitelist and --remove-addr-from-whitelist options.
You can provide the email address alone or feed it the respective mail.
HTH
...guenther
--
char *t="[EMAIL PROTECTED]";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: Comparison of SA and commercial solutions
On Thu, May 26, 2005 at 10:30:21AM -0400, Chris Santerre wrote: [...] > >My intention was to have some external opinion - magazine, > >site review, you name it - saying that when summing up > >cost/benefit of SA comparing to other things out there, it is > >best by far (this is my opinion). > > > >Regards. > > Understood, and very good effort by you to educate them. Mostly all the > reviews slam the cost benefit of SA with the "Pay an employee to support > it." line of crap. I actually took the time to do a cost analysis myself, because I got tired of being dragged into Dog & Pony shows from anti-spam vendors who tell upper management they offer solutions "with 0 false positives" (IOW, all spam is quarantined in a folder where users can still get it - certainly not what we mean by FPs) and "we stop spam before it hits your mailserver" (IOW, we sell a service and you point MX records to us, rather than installing our widget on your border). Hope this approach can be useful to others in the same boat. If I had let them spend $250,000 per year for a couple of years and *then* implemented SA and MIMEDefang, I'd get an award for reducing costs. I just avoided the costs, which doesn't excite the bean counters. :) Here is the list of the stats I keep track of in some reporting scripts, monthly: * Inbound email, total * Inbound email flagged as SPAM * Email not flagged * Drops due to virus content * Inbound email discarded (if it gets more than 10 points, we just drop the mail silently) * Amount of times sendmail discovered an SMTP RCPT Flood * Amount of rejected spam, comprised of: - sendmail anti-spam rules, such as domain not existing, relay attempt, etc. - host in the SBL or XBL - other MIMEDefang tests that cause rejections - HELO validity SPF failures, etc. - no such user - pre-greeting traffic (THANK YOU SENDMAIL!) * Number of calls to our Helpdesk reporting an FP, or a problem with a partner trying to send mail due to their SPF or other mail config problems that I see as "spammy" * Amount of time I spend supporting this install, at our business unit chargeback rate (if your bean counters don't use this info, divide admins' salaries by the amount of time to get your rate...) * Hardware cost (we depreciate over 5 years, so I use this to calculate the "cost" of the servers per month) We also have a customized filter using MIMEDefang that takes any MS executable and yanks it out of the email and quarantines it for 24 hours, until we get new Clam and McAfee signatures. We found that we get a lot of valid executables via email (engineering software updates, etc.) so full out rejections wouldn't work. The temp. quarantine is great (the attachment is replaced with a URL that will be valid in 24 hours) and has completely eliminated Email-based worm and virus outbreaks (/me knocks on wood...). We found we were getting the worms/viruses via email through our Asian locations as much as 12 hours before we had DAT udpates. While we were fighting a worm that was spreading so rapidly we took email offline we got a note from McAfee saying "hey you probably won't get infected with this, but there is a new DAT you may want to apply soon that will catch it. Uh, thanks McAfee We made a way for our Helpdesk to manually "publish" a file from the quarantine so its URL is valid if the user confirmed that he knew the sender, he was expecting the file, and that he had contacted the sender and confirmed the file he received was the one actually sent. I only describe this because we track the amount of files actually downloaded after the quarantine as well as the amount of calls (and percentage of executables) that need to be published immediately (mostly due to emergency patches from vendors). This gives us some numbers so we can say "this did not disrupt users significantly or disrupt business". Here are my stats for the monthly report I give to management. They *really* like that I tell them cost per user. Since I know the Total Cost - hardware, time, software fees (none here!) - and I know users, I can break it down the same way as my competition (vendors). Here was some info from my April report: Inbound Mail: 562051 Spam [Flagged]:31228 Ham: 530823 Dropped(>10pts): 113983 Blocked: 1200801 Total non virus SMTP attempts: 2438886 Viruses:3530 SMTP RCPT Floods:772 Quarantined Exe:1414 Downloaded Exe after Quarantine: 101 Early Quarantine releases: 5 FP Reports:3 And the numbers managers like: Percent of Exes actually downloaded: 7.14% Percent of Exes needed immediately: 0.35% Percent of spam BLOCKED instead of accepted:89.21% Percent of mail dropped due to spam: 6.06% Percent of mail blocked: 63.86% Percent Viruses: 0.19% Percent Flagged Spam: 1.66% Percent Ham: 28.23% FP Percent:
RE: ideas on why this rule isn't working?
Where can I get the SARE rule for this? -Original Message- From: Loren Wilton [mailto:[EMAIL PROTECTED] Sent: Thursday, May 26, 2005 12:33 PM To: users@spamassassin.apache.org Subject: Re: ideas on why this rule isn't working? > Any ideas on why this isn't working? Thanks! header ZXS_SEXUALLY_EXPLICIT Subject =~ /\bsexually-explicit/i describe ZXS_SEXUALLY_EXPLICIT bad...bad...bad... score ZXS_SEXUALLY_EXPLICIT 10 Looks good to me. Did you remember to restart spamd after you put this in a rules file somewhere? Actually you will eventually want to add a number of minor variations to that rule. Leave the dash out, put spaces each side of the dash, spell explicit with et, two x's in sex, etc. Or grab the SARE rule that has already been reworked a half dozen times as these little clever twists have been found. Loren =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Confidentiality Notice If the information in this electronic communication relates to an individual pupil, it is a confidential pupil record under Minnesota Law and may not be reviewed, distributed, or copied by any person other than the individual(s) to whom it is addressed. This electronic communication is intended solely for the use of the individual(s) to whom it is addressed. If you are not the intended recipient, any further review, dissemination, distribution, or copying of this electronic communication or any attachment thereto is strictly prohibited. If you have received an electronic communication in error, you should immediately return it to the sender and delete it from your system.
RE: ideas on why this rule isn't working?
I have an 80_customsex.cf file that I created. I did run --lint and restart spamd. The other rules I have in that file have hit on spam messages. -Original Message- From: Matt Kettler [mailto:[EMAIL PROTECTED] Sent: Thursday, May 26, 2005 12:12 PM To: Johnson, S Cc: users@spamassassin.apache.org Subject: Re: ideas on why this rule isn't working? Johnson, S wrote: > I have to admit... Some people are actually trying to help me keep bad > material out of our school district. They are attaching a > "sexually-explicit: text text text" in the subject line. So I thought > that I'd write a rule to catch that and re-route the mail to the > blackhole. Any ideas on why this isn't working? Thanks! > > > > header ZXS_SEXUALLY_EXPLICIT Subject =~ /\bsexually-explicit/i > > describe ZXS_SEXUALLY_EXPLICIT bad...bad...bad... > > score ZXS_SEXUALLY_EXPLICIT 10 Where did you add the rule? Do you use spamd? Did you restart spamd? Have you run spamassassin --lint to check for syntax errors? =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Confidentiality Notice If the information in this electronic communication relates to an individual pupil, it is a confidential pupil record under Minnesota Law and may not be reviewed, distributed, or copied by any person other than the individual(s) to whom it is addressed. This electronic communication is intended solely for the use of the individual(s) to whom it is addressed. If you are not the intended recipient, any further review, dissemination, distribution, or copying of this electronic communication or any attachment thereto is strictly prohibited. If you have received an electronic communication in error, you should immediately return it to the sender and delete it from your system.
Adjusting the AWL value
Hi, I'd like to change/reset-to-zero the autowhite list value for a sender. I read the man page (Mail::Spamassassin::Autowhitelist) but don't comprehend the syntax. Can someone give me a hint? Thanks, Craig Jackson
Re: Is Bayes Really Necessary?
On Thursday May 26 2005 1:13 pm, Loren Wilton wrote: > > Given the rather complete set of rules that ship with SA and which can > > expanded with SARE, does bayes learning really help? Won't the rules > > catch > > > pretty much everything anyway? > > Um, maybe, maybe not. > > Bayes *necessary*? No, especially if you run net tests. > Bayes *highly desirable*? Yup. An additional 4 points can really help > when a new spam shows up that you don't have a lot of rules for. > > Loren Loren's point well taken. I think it's the use of bayes in conjunction with other rules that tends to work best. At least, that's my experience. Dimitri
Re: ideas on why this rule isn't working?
> No, it's not... I wonder why this is? I'm on SA 3.0.1 as well. That rule may not have been in 3.0.1, if I recall correctly. It started as a SARE rule and moved over at some point. Maybe that was 0.1, maybe 0.2. Not very long ago though. Loren
RE: ideas on why this rule isn't working?
No, it's not... I wonder why this is? I'm on SA 3.0.1 as well. -Original Message- From: Kevin Peuhkurinen [mailto:[EMAIL PROTECTED] Sent: Thursday, May 26, 2005 12:06 PM Cc: users@spamassassin.apache.org Subject: Re: ideas on why this rule isn't working? Johnson, S wrote: > I have to admit... Some people are actually trying to help me keep bad > material out of our school district. They are attaching a > "sexually-explicit: text text text" in the subject line. So I thought > that I'd write a rule to catch that and re-route the mail to the > blackhole. Any ideas on why this isn't working? Thanks! > > header ZXS_SEXUALLY_EXPLICIT Subject =~ /\bsexually-explicit/i > > describe ZXS_SEXUALLY_EXPLICIT bad...bad...bad... > > score ZXS_SEXUALLY_EXPLICIT 10 > > Sorry, but I have no idea why this doesn't work for you. I copied and pasted the rule into a test.cf file and tried it out and it worked fine. My only guess is that the spam may have multiple subject lines or is in some way encoding the subject in a way that SA cannot easily decode. In any case, SA already has a rule that would catch this subject plus obfuscations of it, "SUBJECT_SEXUAL". Is this rule hitting the emails in question? =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Confidentiality Notice If the information in this electronic communication relates to an individual pupil, it is a confidential pupil record under Minnesota Law and may not be reviewed, distributed, or copied by any person other than the individual(s) to whom it is addressed. This electronic communication is intended solely for the use of the individual(s) to whom it is addressed. If you are not the intended recipient, any further review, dissemination, distribution, or copying of this electronic communication or any attachment thereto is strictly prohibited. If you have received an electronic communication in error, you should immediately return it to the sender and delete it from your system.
Re: ideas on why this rule isn't working?
> Any ideas on why this isn't working? Thanks! header ZXS_SEXUALLY_EXPLICIT Subject =~ /\bsexually-explicit/i describe ZXS_SEXUALLY_EXPLICIT bad...bad...bad... score ZXS_SEXUALLY_EXPLICIT 10 Looks good to me. Did you remember to restart spamd after you put this in a rules file somewhere? Actually you will eventually want to add a number of minor variations to that rule. Leave the dash out, put spaces each side of the dash, spell explicit with et, two x's in sex, etc. Or grab the SARE rule that has already been reworked a half dozen times as these little clever twists have been found. Loren
Re: Message that conitinually gets bypassed
> I have this message that continually gets by Spam Assassin. The headers > have no indication that SA has even touched it. I will post the headers > below, as well as the message. Which version of SA? How are you feeding it? Procmail? Something else? I don't see anything obvious at a real quick glance. Maybe this message has a really big attachment and goes over the 250K limit? Loren
Re: Is Bayes Really Necessary?
> Given the rather complete set of rules that ship with SA and which can > expanded with SARE, does bayes learning really help? Won't the rules catch > pretty much everything anyway? Um, maybe, maybe not. Bayes *necessary*? No, especially if you run net tests. Bayes *highly desirable*? Yup. An additional 4 points can really help when a new spam shows up that you don't have a lot of rules for. Loren
Re: ideas on why this rule isn't working?
Johnson, S wrote: > I have to admit… Some people are actually trying to help me keep bad > material out of our school district. They are attaching a > “sexually-explicit: text text text” in the subject line. So I thought > that I’d write a rule to catch that and re-route the mail to the > blackhole. Any ideas on why this isn’t working? Thanks! > > > > header ZXS_SEXUALLY_EXPLICIT Subject =~ /\bsexually-explicit/i > > describe ZXS_SEXUALLY_EXPLICIT bad...bad...bad... > > score ZXS_SEXUALLY_EXPLICIT 10 Where did you add the rule? Do you use spamd? Did you restart spamd? Have you run spamassassin --lint to check for syntax errors?
Re: ideas on why this rule isn't working?
Johnson, S wrote: I have to admit… Some people are actually trying to help me keep bad material out of our school district. They are attaching a “sexually-explicit: text text text” in the subject line. So I thought that I’d write a rule to catch that and re-route the mail to the blackhole. Any ideas on why this isn’t working? Thanks! header ZXS_SEXUALLY_EXPLICIT Subject =~ /\bsexually-explicit/i describe ZXS_SEXUALLY_EXPLICIT bad...bad...bad... score ZXS_SEXUALLY_EXPLICIT 10 Sorry, but I have no idea why this doesn't work for you. I copied and pasted the rule into a test.cf file and tried it out and it worked fine. My only guess is that the spam may have multiple subject lines or is in some way encoding the subject in a way that SA cannot easily decode. In any case, SA already has a rule that would catch this subject plus obfuscations of it, "SUBJECT_SEXUAL". Is this rule hitting the emails in question?
Re: Is Bayes Really Necessary?
Though nobody seems to have said it exactly this way: It seems to be becoming very obvious that the people who say the have problems with Bayes are those who support a diverse group of users (e.g. ISPs and email providers) and those who find it works well, even with autolearning are those with either small numbers of users or users who are mostly of a very specific categorization type (e.g. medical, legal, technical, or just about any homogenous group). Despite the oft repeated cleam spammers are dumb, not all are; And the "Bayes poison" we all see added to spam must work for some group, and I would guess that it is exactly those users who have the diverse user bases and have primarily "personal conversational" content in lots of the email running through their systems. For me, the few times I see Bayes give apparent wrong answers is in email from friends and family, and never from clients or technical contacts. (and it is certainly worse that many members of my family have spent their entire careers in marketing - they often get Bayes_80 corse when writing me). This lends support to the notion that the added text does indeed match some types of common communication. If my supposition is correct, the question then becomes: Can using personal (i.e. per user) Bayes overcome the problems which some users/sites see? I'm not sure how to test this - certainly I couldn't myself, but maybe some of the other members of this list are able to and could try. Even if it does work, the resource load may be too high to be reasonable for many large sites. Paul Shupak [EMAIL PROTECTED]
Re: Comparison of SA and commercial solutions
On 5/26/2005 10:30 AM, Chris Santerre wrote: > Understood, and very good effort by you to educate them. Mostly all the > reviews slam the cost benefit of SA with the "Pay an employee to > support it." line of crap. Every filtering system requires admin time, and if the reviews don't say as much then they're junk. There is a critical difference with SA, however, which is that the admins need to be proficient at stuff like CPAN, Perl, etc., while some of the packaged offerings provide simple click-the-button GUI, and those can have significantly lower salary associations. -- Eric A. Hallhttp://www.ehsco.com/ Internet Core Protocols http://www.oreilly.com/catalog/coreprot/
Re: Is Bayes Really Necessary?
On 5/26/2005 10:08 AM, Jake Colman wrote: > Given the rather complete set of rules that ship with SA and which can > expanded with SARE, does bayes learning really help? Won't the rules catch > pretty much everything anyway? The base SA install is insufficient, but if you tweak the scores and add some additional tests, you can get by without bayes just fine. I use a select set of RBLs, Razor, rulesets from rulesemporium, and my own LDAP-based weighting plugin, and my highest spam only gets an average of one spam per day, and even those are over the 5.0 threshold (so they are auto-filed into the Junk Email folder). Bayes is great for per-user stuff, but unless you are willing to manage the per-user databases (which I'm not), it is easier to just tweak the system scores and rules. Less management overhead, less CPU, etc. -- Eric A. Hallhttp://www.ehsco.com/ Internet Core Protocols http://www.oreilly.com/catalog/coreprot/
Re: Mail Failure
Tim Jackson wrote: No, it's *not* normal in the slightest. Why on earth are they the registrant of the domain? They are making trouble for themselves (and their customers) if they are making themselves the Registrant of customer domains. (As you can see in this case). Technical contact, sure. Billing contact, quite possibly. Nameservers? Sure. Registrant? No. That's highly unusual and I'm not quite sure why you (or anyone else) are even accepting someone else being the owner of your domain. I agree fully. If your hosting provider insists on being the registrant of your domain, run. Run far away. A friend of mine got burned this way by a hosting company. Their reliability was poor so he switched providers, and they held on to "his" domain name out of spite. He never did get it back from them.
Re: Comparison of SA and commercial solutions
I can only speak from the perspective of a small (but growing, thank you) shop. I was committed to using Linux and FOSS from the get, anyway, but as a start-up, commercial solutions to a great many of our needs were out of reach, price-wise. Our email solution was sendmail-spamassassin-rdj-clamav-mailscanner-mailwatch-synonym (last is an email archiver). The results have been an unparalled success, and I'm by no means an expert in any one of the pieces involved. The spamassassin piece has worked flawlessly for us. I second previous posts - SA is cost-effective, easy-to-manage, and well-supported via the list. Dimitri > On 5/26/05 9:15 AM, "Kevin Peuhkurinen" <[EMAIL PROTECTED]> > > wrote: > > aecioneto wrote: > >> I post such inquiry to the list because some prospects of mine very > >> often tend to compare feature-by-feature (nonse, IMHO) and - thanks to > >> MS culture - have doubts about a solution with no helpdesk phone at the > >> "other side of the box". > > > > Forgive this little rant, but support for SA is far superior to the > > support most companies offer. For instance, I've got NetIQ's Webtrends > > Log Analyzer installed. I didn't buy a support contract because the > > cost was about $1000 a year and at the time NetIQ had a web based > > knowledge base that seemed useful enough. Recently I've had a minor > > but annoying problem with Webtrends and I've discovered that NetIQ no > > longer makes their web knowledge base available to non-support contract > > holders. So now I have the option of either living with this one > > irritating issue or paying an outrageous sum of money for a contract. > > > > If that's not bad enough, I find most support from proprietary software > > vendors to be the pits. We have Mcafee's Enterprise Anti-Virus suite > > with a support contract. However, I hate calling them because I tend > > to have to wait 30+ minutes on hold just to speak to a first level > > support person who knows less about the product than I do who forces me > > to walk through all the steps I've already done before giving up and > > putting me on hold for another 30+ minutes while they try to track down > > a second level support person. > > > > On the other hand, I had a question about SpamAssassin the other day > > that I couldn't figure out so I posted to this list. Within two hours > > one of the developers had responded. You just can't buy that kind of > > support.
Re: Comparison of SA and commercial solutions
And when in doubt go to Linux world. Last year everyone was pushing the antispam solution which was just a fancy SA implementation on their hardware, overpriced and pushed back with the exact same support that you are getting here. I think it's because even their support people are in this room (reading anyways). One of the reps last year explained the benefit of upgrading my SA solution to their canned version for $1k for 10 users, 8k for unlimited (per server). We process email for 100+ domains with an average of 150k emails per day across 4 servers. So in recap I can pay $32k for the same thing that I get now for the cost of 4 Dell 4700 workstations (since we would have to provide those anyways. They also claim an ROI. But I can't see that either. If you are unable to install SA yourself then you're probably better off with a canned solution or hiring a contractor who specializes in the field (which will still run you less than $8k). Most contractors who know SA should be able to have you running in 2 hours, assume they have to build the machine and CPAN is slow that day. Everything else is just ramblings. We'll see what their pushing at Linux world this year... Gary Smith On 5/26/05 9:15 AM, "Kevin Peuhkurinen" <[EMAIL PROTECTED]> wrote: > aecioneto wrote: > >> I post such inquiry to the list because some prospects of mine very often >> tend to compare feature-by-feature (nonse, IMHO) and - thanks to MS culture - >> have doubts about a solution with no helpdesk phone at the "other side of the >> box". >> >> >> > Forgive this little rant, but support for SA is far superior to the > support most companies offer. For instance, I've got NetIQ's Webtrends > Log Analyzer installed. I didn't buy a support contract because the > cost was about $1000 a year and at the time NetIQ had a web based > knowledge base that seemed useful enough. Recently I've had a minor > but annoying problem with Webtrends and I've discovered that NetIQ no > longer makes their web knowledge base available to non-support contract > holders. So now I have the option of either living with this one > irritating issue or paying an outrageous sum of money for a contract. > > If that's not bad enough, I find most support from proprietary software > vendors to be the pits. We have Mcafee's Enterprise Anti-Virus suite > with a support contract. However, I hate calling them because I tend > to have to wait 30+ minutes on hold just to speak to a first level > support person who knows less about the product than I do who forces me > to walk through all the steps I've already done before giving up and > putting me on hold for another 30+ minutes while they try to track down > a second level support person. > > On the other hand, I had a question about SpamAssassin the other day > that I couldn't figure out so I posted to this list. Within two hours > one of the developers had responded. You just can't buy that kind of > support. >
ideas on why this rule isn't working?
I have to admit… Some people are actually trying to help me keep bad material out of our school district. They are attaching a “sexually-explicit: text text text” in the subject line. So I thought that I’d write a rule to catch that and re-route the mail to the blackhole. Any ideas on why this isn’t working? Thanks! header ZXS_SEXUALLY_EXPLICIT Subject =~ /\bsexually-explicit/i describe ZXS_SEXUALLY_EXPLICIT bad...bad...bad... score ZXS_SEXUALLY_EXPLICIT 10 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Confidentiality Notice If the information in this electronic communication relates to an individual pupil, it is a confidential pupil record under Minnesota Law and may not be reviewed, distributed, or copied by any person other than the individual(s) to whom it is addressed. This electronic communication is intended solely for the use of the individual(s) to whom it is addressed. If you are not the intended recipient, any further review, dissemination, distribution, or copying of this electronic communication or any attachment thereto is strictly prohibited. If you have received an electronic communication in error, you should immediately return it to the sender and delete it from your system.
Message that conitinually gets bypassed
I have this message that continually gets by Spam Assassin. The headers have no indication that SA has even touched it. I will post the headers below, as well as the message. I get various messages all of which have the basic same body content. If I forward this message to myself, it clearly tags it as spam the second time. So I am wondering if spammers have found a way around SA? I have SA running with Postfix on a linux machine, which then forwards the filtered mail to an exchange server. Thanks in advance. Alan Fullmer Alan at xnote dot com www.xnote.com --- Below is the message --- Dear Homeowner, You have been pre-approved for a $402,000 Home Loan at a 3.45% Fixed Rate. This offer is being extended to you unconditionally and your credit is in no way a factor. To take Advantage of this Limited Time opportunity all we ask is that you visit our Website and complete the 1 minute post Approval Form. Enter Here Sincerely, Esteban Tanner Regional CEO -- BELOW ARE THE HEADERS -- Microsoft Mail Internet Headers Version 2.0 Received: from buh.accessdata.com ([192.168.0.5]) by adata.accessdata.com with Microsoft SMTPSVC(6.0.3790.1830); Thu, 26 May 2005 03:29:31 -0600 Received: from mx1.morningstar.com (unknown [221.207.13.94]) by buh.accessdata.com (Postfix) with ESMTP id 77B55A0644; Thu, 26 May 2005 03:27:36 -0600 (MDT) From: "Chris" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Subject: Attention Date: Thu, 26 May 2005 04:27:39 -0600 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="225126436318696341" X-Mailer: Microsoft Office Outlook, Build 11.0.5510 Thread-Index: AcT9+CUlRgRKMiKZSj+BjT+PHEf8rQ== X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Message-Id: <[EMAIL PROTECTED]> Return-Path: [EMAIL PROTECTED] X-OriginalArrivalTime: 26 May 2005 09:29:31.0031 (UTC) FILETIME=[6B8DCA70:01C561D5] --225126436318696341 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit --225126436318696341 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable; --225126436318696341--
Re: Comparison of SA and commercial solutions
aecioneto wrote: I post such inquiry to the list because some prospects of mine very often tend to compare feature-by-feature (nonse, IMHO) and - thanks to MS culture - have doubts about a solution with no helpdesk phone at the "other side of the box". Forgive this little rant, but support for SA is far superior to the support most companies offer. For instance, I've got NetIQ's Webtrends Log Analyzer installed. I didn't buy a support contract because the cost was about $1000 a year and at the time NetIQ had a web based knowledge base that seemed useful enough. Recently I've had a minor but annoying problem with Webtrends and I've discovered that NetIQ no longer makes their web knowledge base available to non-support contract holders. So now I have the option of either living with this one irritating issue or paying an outrageous sum of money for a contract. If that's not bad enough, I find most support from proprietary software vendors to be the pits. We have Mcafee's Enterprise Anti-Virus suite with a support contract. However, I hate calling them because I tend to have to wait 30+ minutes on hold just to speak to a first level support person who knows less about the product than I do who forces me to walk through all the steps I've already done before giving up and putting me on hold for another 30+ minutes while they try to track down a second level support person. On the other hand, I had a question about SpamAssassin the other day that I couldn't figure out so I posted to this list. Within two hours one of the developers had responded. You just can't buy that kind of support.
Re: Is Bayes Really Necessary?
Matt Kettler wrote:
jdow wrote:
One way to keep Bayes from running is to never train it.
{^_^}
You'd also disable autolearning. By default SA will eventually autolearn enough
email to being using bayes. (and often these pure auto-learn only DBs end up
with very bad results.)
Often is the keyword here. I guess im the exception to that norm ;)
But then again, i altered my autolearn thresholds to -0.1 ham/12.0 spam.
I believe this is key to correctly use autolearning. (i dont mean
these numbers specifically, just the concept).
-Jim
RE: SA marked message as ham
Because you don't have any rules enabled that hit it. I suggest turning on URIBL tests. I have them scored highly and a low threshold to flag spam as that is ok with my setup. I don't know whether the how high the default scores would take this. Three lists got: http://p.w8k.jumptothehighestpoint.com/ySqe/ X-Spam-Flag: YES X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on server X-Spam-Spammy: 0.999-4--0h-51s--0d--decrease, 0.997-2--0h-15s--2d--gget X-Spam-Hammy: 0.006-5--9h-0s--9d--H*r:8.13.4, 0.025-1856--4686h-300s--0d--Sent X-Spam-Report: * 0.7 DATE_IN_PAST_12_24 Date: is 12 to 24 hours before Received: date * 0.5 BAYES_50 BODY: Bayesian spam probability is 40 to 60% * [score: 0.5297] * 2.7 URIBL_SBL Contains an URL listed in the SBL blocklist * [URIs: jumptothehighestpoint.com] * 4.0 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist * [URIs: jumptothehighestpoint.com] * 4.0 URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist * [URIs: jumptothehighestpoint.com] X-Spam-Status: Yes, score=11.9 required=2.4 bayes=0.5297 tests=BAYES_50, DATE_IN_PAST_12_24,URIBL_OB_SURBL,URIBL_SBL,URIBL_WS_SURBL autolearn=disabled version=3.0.2 X-Spam-Level: *** Ben
Re: Is Bayes Really Necessary?
jdow wrote:
> One way to keep Bayes from running is to never train it.
> {^_^}
You'd also disable autolearning. By default SA will eventually autolearn enough
email to being using bayes. (and often these pure auto-learn only DBs end up
with very bad results.)
Re: SA marked message as ham
Tim Macrina wrote: > I'm pretty new to SA but my local.cf has the following entries > > skip_rbl_checks 0 > use_razor20 > use_dcc 0 > use_pyzor 0 > > I believe this means that I am not using any of the checks. Are these > features that need to be installed? Are there others I should > use in addition/instead of? > Thanks Actually, that only means that razor, dcc and pyzor are disabled. All three are add-on packages that need separate installation, and you'd have to set those to 1 instead of 0. The "skip_rbl_checks" would only turn off normal RBLs if set to 1. However, none of this tells you anything about URI blacklists. For that you need to have a relatively recent version of Net::DNS installed. Try running spamassassin --lint -D and see if it complains about DNS being unavailable, or too old to support URIBLs. Also make sure you have an init.pre file in your /etc/mail/spamassassin. The normal tarball will install this, but several distribution packages screwed up and left this important file out. If it's missing, download the tarball from the spamassassin website and copy init.pre out of it.
RE: SA marked message as ham
I'm pretty new to SA but my local.cf has the following entries skip_rbl_checks 0 use_razor2 0 use_dcc 0 use_pyzor 0 I believe this means that I am not using any of the checks. Are these features that need to be installed? Are there others I should use in addition/instead of? Thanks -Original Message- From: Matt Kettler [mailto:[EMAIL PROTECTED] Sent: Thursday, May 26, 2005 11:08 AM To: Tim Macrina Cc: users@spamassassin.apache.org Subject: Re: SA marked message as ham Tim Macrina wrote: > Can anyone explain to me as to why this message was marked as ham. > Thank you Because it didn't hit any rules. No hits = ham, and by default, autolearn as ham (IMO this is a bad thing, but the default SA ruleset doesn't have enough negative-scoring rules to use a negative learning threshold.) > X-Spam-Status: No, score=0.0 required=5.0 tests=none autolearn=ham > version=3.0.3 Do you run with network checks enabled? in particular that message should have hit a bunch of SURBLs, URIBL.com lists, and razor. Also, the source IP 220.160.189.10 is in XBL (via CBL). Of course, both of these hits could have been added after you got the message, but it's worth checking if your setup is using network tests.
Re: Is Bayes Really Necessary?
One way to keep Bayes from running is to never train it.
{^_^}
- Original Message -
From: "Kristopher Austin" <[EMAIL PROTECTED]>
We have found Bayes to be more trouble than it's worth. We were
frequently running into problems keeping the database stable and fresh.
We have a site-wide install so that just made it all the more
problematic.
It definitely depends on your situation. I don't think anyone can make
a blanket statement one way or the other.
We have had great success without Bayes and the amount of admin time
necessary to keep SA running has dropped significantly.
Kris
-Original Message-
From: Jake Colman [mailto:[EMAIL PROTECTED]
Sent: Thursday, May 26, 2005 9:09 AM
To: users@spamassassin.apache.org
Subject: Is Bayes Really Necessary?
Given the rather complete set of rules that ship with SA and which can
expanded with SARE, does bayes learning really help? Won't the rules
catch
pretty much everything anyway?
--
Jake Colman
Re: Is Bayes Really Necessary?
* Jim Maul <[EMAIL PROTECTED]>: > I have been running sitewide bayes since the beginning without much > maintenance at all. It has autolearned every message itself and its > dead on balls accurate. I've trained maybe 20 message total manually so > i dont see how running bayes could actually cause more work for an admin > unless its been trained poorly and they have to correct it. I also train it manually with all the spam that slips through (and some ham as well, to keep the balance). -- Ralf Hildebrandt (i.A. des IT-Zentrums) [EMAIL PROTECTED] Charite - Universitätsmedizin BerlinTel. +49 (0)30-450 570-155 Gemeinsame Einrichtung von FU- und HU-BerlinFax. +49 (0)30-450 570-962 IT-Zentrum Standort CBF send no mail to [EMAIL PROTECTED]
Re: Comparison of SA and commercial solutions
Aecio F. Neto wrote: Is there any *good* and *trustable* comparison between SA and other commercial solutions? I looked into a few dedicated commercial spam appliances, but most (but not all) of which used a customised version of SpamAssassin as part of their detection process anyway. MessageLabs was outrageously expensive, and we didn't particularly want to have mail going through third-party servers. In the end it was far better to do it myself with SpamAssassin, RDJ, limited RBL and a few other tweaks, and that's how it's been so far. Regards, Martyn -- Martyn Drake http://www.drake.org.uk http://www.imdb.com/name/nm1279160/
Re: SA marked message as ham
Tim Macrina wrote: > Can anyone explain to me as to why this message was marked as ham. > Thank you Because it didn't hit any rules. No hits = ham, and by default, autolearn as ham (IMO this is a bad thing, but the default SA ruleset doesn't have enough negative-scoring rules to use a negative learning threshold.) > X-Spam-Status: No, score=0.0 required=5.0 tests=none autolearn=ham > version=3.0.3 Do you run with network checks enabled? in particular that message should have hit a bunch of SURBLs, URIBL.com lists, and razor. Also, the source IP 220.160.189.10 is in XBL (via CBL). Of course, both of these hits could have been added after you got the message, but it's worth checking if your setup is using network tests.
Re: Is Bayes Really Necessary?
Ralf Hildebrandt wrote: * Kristopher Austin <[EMAIL PROTECTED]>: We have found Bayes to be more trouble than it's worth. We were frequently running into problems keeping the database stable and fresh. We have a site-wide install so that just made it all the more problematic. We also have a site-wide install with Bayes (15.000 Users). Where is the problem with "keeping the database stable and fresh"? Never crashed here. I have been running sitewide bayes since the beginning without much maintenance at all. It has autolearned every message itself and its dead on balls accurate. I've trained maybe 20 message total manually so i dont see how running bayes could actually cause more work for an admin unless its been trained poorly and they have to correct it. Even then its probably just easier to delete it and start over. I tag spam at 5.0 and have bayes BAYES_99 at 5.4. This one rule alone is enough to mark spam and i havent had any false positives because of it yet. -Jim
Re: Is Bayes Really Necessary?
Joe Zitnik wrote: Bayes definitely helps, but auto-learn can cause problems. Perhaps a better question would be, "Is autolearn really neccessary?" I think the problems mostly come from accidentally autolearning spam as ham, which is easy with the default threshold. Autolearning messages as spam at a reasonable threshold should be okay. -- Keith C. Ivey <[EMAIL PROTECTED]> Washington, DC
Re: Is Bayes Really Necessary?
I have autolearn off. I have been burned by it twice.>>> <[EMAIL PROTECTED]> 5/26/2005 10:33 AM >>> On Thu, 26 May 2005, Joe Zitnik wrote:> I think points can be made for both sides of the argument. The thing> that makes bayes different, is that a well trained bayes database is> specific to your environment. If you're a law firm, your learned ham is> going to be heavy in legalese, medical related org, heavy in that> terminology. Because spam and ham is learned specific to your> environment, it can make a big difference.>> >>> Jake Colman <[EMAIL PROTECTED]> 5/26/2005 10:08 AM > Given the rather complete set of rules that ship with SA and which can> expanded with SARE, does bayes learning really help? Won't the rules> catch> pretty much everything anyway?Bayes definitely helps, but auto-learn can cause problems. Perhaps abetter question would be, "Is autolearn really neccessary?"James Smallacombe PlantageNet, Inc. CEO and Janitor[EMAIL PROTECTED] http://3.am=
Re: [SARE] obfu.cf, specific.cf updated
Can someone get the file specific information straight for those of us who download manually? Example: specific shows Last update 2005-5-26, but if you open the file, its modified date is # Modified: 2005-03-26, header is the same way, last update is 2005-05-21, but modified day in the file is # Modified: 2005-03-21, until you read down to the revision history, which shows the correct date. obfu is the only one correct in both places. I always look at the modified date in the file to see if there have been changes, rather than the Last update on the page, because the I have seen big discrepancies between the two.>>> Robert Menschel <[EMAIL PROTECTED]> 5/26/2005 2:03 AM >>> Just a quick note that the SARE specific.cf and obfu.cf rules fileshave been updated.Documentation at http://www.rulesemporium.com/rules.htm#specific andhttp://www.rulesemporium.com/rules.htm#obfuUpdates to specific.cf are minor.Updates to obfu.cf include 36 new rules, including several for hrefobfuscation and table obfuscation,Bob Menschel
Re: Is Bayes Really Necessary?
On Thu, 26 May 2005, Joe Zitnik wrote: > I think points can be made for both sides of the argument. The thing > that makes bayes different, is that a well trained bayes database is > specific to your environment. If you're a law firm, your learned ham is > going to be heavy in legalese, medical related org, heavy in that > terminology. Because spam and ham is learned specific to your > environment, it can make a big difference. > > >>> Jake Colman <[EMAIL PROTECTED]> 5/26/2005 10:08 AM >>> > > Given the rather complete set of rules that ship with SA and which can > expanded with SARE, does bayes learning really help? Won't the rules > catch > pretty much everything anyway? Bayes definitely helps, but auto-learn can cause problems. Perhaps a better question would be, "Is autolearn really neccessary?" James Smallacombe PlantageNet, Inc. CEO and Janitor [EMAIL PROTECTED] http://3.am =
RE: Is Bayes Really Necessary?
>-Original Message- >From: Jake Colman [mailto:[EMAIL PROTECTED] >Sent: Thursday, May 26, 2005 10:09 AM >To: users@spamassassin.apache.org >Subject: Is Bayes Really Necessary? > > > >Given the rather complete set of rules that ship with SA and which can >expanded with SARE, does bayes learning really help? Won't >the rules catch >pretty much everything anyway? Oh my favorite subject!!! :) NO! Bayes is not necessary. IMHO, for personal use, it is incredible. But I feel the care of it is more difficult then your average user would care to keep up. For site wide, I'm pretty much against it. I know people will argue that point. I'm obviously biased towards SARE rules updated with RDJ. And the use of URIBL.com lists. But these allow a general users, or a sitewide install to "set and forget". Which is what we strive for, so SA can be more widley excepted. I have a 99% filter rate without bayes. And I'm proud of that. Chris Santerre System Admin and SARE/URIBL Ninja http://www.rulesemporium.com http://www.uribl.com
Re: Procmail Recipe Problem
Jake Colman <[EMAIL PROTECTED]> wrote on 05/25/2005 10:12:08 PM: [snip] > How can I limit the number of sendmails anyway? My server gets very > overloaded in those circumstances. In general, what happens if there are > more sendmails than there are spamd processes? > You can try confCONNECTION_RATE_THROTTLE or confMAX_DAEMON_CHILDREN. I believe that if sendmail doesn't get a response from your milter that calls spamd within the timeout period you specifed when defining the milter that it will bypass it, unless you told it to fail. Andy
SA marked message as ham
Can anyone explain to me as to why this message was marked as ham. Thank you Return-Path: <[EMAIL PROTECTED]> Received: from 4praise.com ([220.160.189.10]) by mail2.qmlhost.com (8.13.4/8.13.4) with SMTP id j4Q5SHOl030285 for <[EMAIL PROTECTED]>; Thu, 26 May 2005 01:28:27 -0400 Message-ID: <[EMAIL PROTECTED]> Date: Wed, 25 May 2005 22:01:29 +0700 Reply-To: "kelly westbrook" <[EMAIL PROTECTED]> From: "kelly westbrook" <[EMAIL PROTECTED]> User-Agent: Pine.SGI.4.10 X-Accept-Language: en-us MIME-Version: 1.0 To: "Stanton Amato" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> Subject: It is an easy and legitimate way to decrease your expenses on quality medicines. Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV 0.84rc2/894/Wed May 25 08:53:16 2005 on mail2.qmlhost.com X-Virus-Status: Clean X-Spam-Checker-Version: SpamAssassin 3.0.3 (2005-04-27) on mail2.qmlhost.com X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=none autolearn=ham version=3.0.3 X-UIDL: %S5!!VMZ"!^Z$!!l%V!! From: kelly westbrook [EMAIL PROTECTED] Sent: Wednesday, May 25, 2005 11:01 AM To: Stanton Amato Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: It is an easy and legitimate way to decrease your expenses on quality medicines. Thank you all for providing such wonderful quality items on your site. I have reduced my expenses on medicines by half. The convenient services gave me a lot of time with modest efforts. I'd like to share my experience with others. -- Joe O. in OH It is quicker. It is easier. It is a great convenience. It is such a great choice for me and it is less hassle to shop for medicines at your store. Thank you for providing this innovative way to acquire my medical needs.. -Jane D. in NM With a wide variety of legally prescribed remedies on pain, stress, man's care, sleeping disorder, male organ erecting problems, obesity and elevated cholesterol to choose from, our company provides customers an easy access. http://p.w8k.jumptothehighestpoint.com/ySqe/ Gget started and browse this pharrn-site for quality items. in rfering with success the silence and quiet prescribed by every n herurse around on earsa curious place.' I in should have been chary of discussing my 9 that way, business to London. I 2 did not
Re: Is Bayes Really Necessary?
I think points can be made for both sides of the argument. The thing that makes bayes different, is that a well trained bayes database is specific to your environment. If you're a law firm, your learned ham is going to be heavy in legalese, medical related org, heavy in that terminology. Because spam and ham is learned specific to your environment, it can make a big difference.>>> Jake Colman <[EMAIL PROTECTED]> 5/26/2005 10:08 AM >>> Given the rather complete set of rules that ship with SA and which canexpanded with SARE, does bayes learning really help? Won't the rules catchpretty much everything anyway?-- Jake ColmanSr. Applications DeveloperPrincipia Partners LLCHarborside Financial Center1001 Plaza TwoJersey City, NJ 07311(201) 209-2467www.principiapartners.com
Re: Is Bayes Really Necessary?
* Kristopher Austin <[EMAIL PROTECTED]>: > We have found Bayes to be more trouble than it's worth. We were > frequently running into problems keeping the database stable and fresh. > We have a site-wide install so that just made it all the more > problematic. We also have a site-wide install with Bayes (15.000 Users). Where is the problem with "keeping the database stable and fresh"? Never crashed here. -- Ralf Hildebrandt (i.A. des IT-Zentrums) [EMAIL PROTECTED] Charite - Universitätsmedizin BerlinTel. +49 (0)30-450 570-155 Gemeinsame Einrichtung von FU- und HU-BerlinFax. +49 (0)30-450 570-962 IT-Zentrum Standort CBF send no mail to [EMAIL PROTECTED]
Re: Is Bayes Really Necessary?
On Thu, 2005-05-26 at 10:08 -0400, Jake Colman wrote: > Given the rather complete set of rules that ship with SA and which can > expanded with SARE, does bayes learning really help? Won't the rules catch > pretty much everything anyway? I have used SA with Bayes and it took quite a bit of administrative overhead. It worked amazingly well, though. I now run SA with DCC, Razor, Pyzor and network checks and without Bayes and it still Just Works(TM). Seriously - I have customers who slather their e-mail addresses all over Usenet, message boards, on their web pages, etc. They might as well put a big sign up that says SPAM ME PLEASE!!! But they don't get any spam - SA and spamass-milter rejects all of it. It is really amazing - I've got clients who went from hundreds of spams per day down to one or two that slip through per week. Of course, when one gets through, my phone rings! I guess my experience is that either way, SA Just Works(TM). Cheers, Thomas
Re: Comparison of SA and commercial solutions - OT
On Thursday May 26 2005 10:30 am, Chris Santerre wrote: > >-Original Message- > >From: aecioneto [mailto:[EMAIL PROTECTED] > >Sent: Wednesday, May 25, 2005 8:36 PM > >To: users > >Subject: Re: Comparison of SA and commercial solutions > > > > > >Loren and Chris, > >thanks for your replies. > >I am aware of SA, I have been using it from a very long time > >ago - having it well trained and updated - as best as I can. > > > >I understand about all issues you both mentioned about a raw > >SA and other solutions out there. > > > >I post such inquiry to the list because some prospects of mine > >very often tend to compare feature-by-feature (nonse, IMHO) > >and - thanks to MS culture - have doubts about a solution with > >no helpdesk phone at the "other side of the box". > > > >My intention was to have some external opinion - magazine, > >site review, you name it - saying that when summing up > >cost/benefit of SA comparing to other things out there, it is > >best by far (this is my opinion). > > > >Regards. > > Understood, and very good effort by you to educate them. Mostly all the > reviews slam the cost benefit of SA with the "Pay an employee to support > it." line of crap. > > With RDJ and URIBL setup, there isn't much to have to mess with at all. > Once setup, it just works. I'm also stuck in the MS culture. You simply > need to tell them, "Look, it cost snothing but my time. Let me install it, > and try it. You don't have much to lose. It can't hurt to try it before > spending money." > > Filter one bosses email, but not another. See which one votes for SA ;) > > If I can admin my SA box, in the incredible short amount of time I have, > then even a drunken monkey with A.D.D. could do it. > > --Chris (Freakin last episode of "LOST" told us nothing) But it was enough to bring you back next season! :-)
RE: Comparison of SA and commercial solutions
>-Original Message- >From: aecioneto [mailto:[EMAIL PROTECTED] >Sent: Wednesday, May 25, 2005 8:36 PM >To: users >Subject: Re: Comparison of SA and commercial solutions > > >Loren and Chris, >thanks for your replies. >I am aware of SA, I have been using it from a very long time >ago - having it well trained and updated - as best as I can. > >I understand about all issues you both mentioned about a raw >SA and other solutions out there. > >I post such inquiry to the list because some prospects of mine >very often tend to compare feature-by-feature (nonse, IMHO) >and - thanks to MS culture - have doubts about a solution with >no helpdesk phone at the "other side of the box". > >My intention was to have some external opinion - magazine, >site review, you name it - saying that when summing up >cost/benefit of SA comparing to other things out there, it is >best by far (this is my opinion). > >Regards. Understood, and very good effort by you to educate them. Mostly all the reviews slam the cost benefit of SA with the "Pay an employee to support it." line of crap. With RDJ and URIBL setup, there isn't much to have to mess with at all. Once setup, it just works. I'm also stuck in the MS culture. You simply need to tell them, "Look, it cost snothing but my time. Let me install it, and try it. You don't have much to lose. It can't hurt to try it before spending money." Filter one bosses email, but not another. See which one votes for SA ;) If I can admin my SA box, in the incredible short amount of time I have, then even a drunken monkey with A.D.D. could do it. --Chris (Freakin last episode of "LOST" told us nothing)
RE: Is Bayes Really Necessary?
We have found Bayes to be more trouble than it's worth. We were frequently running into problems keeping the database stable and fresh. We have a site-wide install so that just made it all the more problematic. It definitely depends on your situation. I don't think anyone can make a blanket statement one way or the other. We have had great success without Bayes and the amount of admin time necessary to keep SA running has dropped significantly. Kris -Original Message- From: Jake Colman [mailto:[EMAIL PROTECTED] Sent: Thursday, May 26, 2005 9:09 AM To: users@spamassassin.apache.org Subject: Is Bayes Really Necessary? Given the rather complete set of rules that ship with SA and which can expanded with SARE, does bayes learning really help? Won't the rules catch pretty much everything anyway? -- Jake Colman Sr. Applications Developer Principia Partners LLC Harborside Financial Center 1001 Plaza Two Jersey City, NJ 07311 (201) 209-2467 www.principiapartners.com
RE: Is Bayes Really Necessary?
Yes, BAYES is an integral part of SA! It's like a constantly changing rule (without the need to tweak the rule ever so slightly for nuances in the "new" mail. There are mails that don't trip any standard rules, but are caught by bayes alone. Steven -Original Message- From: Jake Colman [mailto:[EMAIL PROTECTED] Sent: Thursday, May 26, 2005 7:09 AM To: users@spamassassin.apache.org Subject: Is Bayes Really Necessary? Given the rather complete set of rules that ship with SA and which can expanded with SARE, does bayes learning really help? Won't the rules catch pretty much everything anyway? -- Jake Colman Sr. Applications Developer Principia Partners LLC Harborside Financial Center 1001 Plaza Two Jersey City, NJ 07311 (201) 209-2467 www.principiapartners.com
Is Bayes Really Necessary?
Given the rather complete set of rules that ship with SA and which can expanded with SARE, does bayes learning really help? Won't the rules catch pretty much everything anyway? -- Jake Colman Sr. Applications Developer Principia Partners LLC Harborside Financial Center 1001 Plaza Two Jersey City, NJ 07311 (201) 209-2467 www.principiapartners.com
Re: MISSING_SUBJECT always firing
At 09:56 AM 5/26/2005, Shawn R. Beairsto wrote: Hi everyone, I'm running SA 3.02 for a few weeks now together with amavisd-new-20030616 and it seems that MISSING_SUBJECT is firing on every mail even if there is a Subject: header and it's not empty. Has anyone experienced this problem or have an idea whats going on? I've googled around some, but not found much. That sounds like SA is getting garbled input and thinks the headers end earlier than they do, and thus interprets some of the headers as being part of the body. Check for an extra end-of-line in the headers. You can also use a rule like this to confirm this is happening: body L_BODY_SUB /\bSubject\:/i score L_BODY_SUB-0.01 describe L_BODY_SUB body contains subject line Of course, that WILL match any bounce message, but it shouldn't match most normal messages.
Re: OTC stock spam
On Thursday, May 26, 2005, 6:54:57 AM, wrote: > Guys, > I just can't seem to lick this problem. Any ideas? How about a rule to score "My Pool Leaks, Inc." in message texts? Jeff C. -- Jeff Chan mailto:[EMAIL PROTECTED] http://www.surbl.org/
MISSING_SUBJECT always firing
Hi everyone, I'm running SA 3.02 for a few weeks now together with amavisd-new-20030616 and it seems that MISSING_SUBJECT is firing on every mail even if there is a Subject: header and it's not empty. Has anyone experienced this problem or have an idea whats going on? I've googled around some, but not found much. -- Shawn Beairsto Network Administrator Data Kinetics Ltd. http://www.dkl.com
