Re: SPF implementation
Just my 2 cents: I don't see the ALL_TRUSTED ever in action because at my MTA level (Exim 4.5), I don't direct mail that comes from my internal network through SA. Anyone sees a reason to do so? I do recommend directing all the internal email through an anti-virus (ClamAV in my case). I thought this was redundant but was burnt when someone inadvertently brought a virus on her laptop and once inside and behind the firewall, it started to send itself to everyone. Luckily, in addition to having Clam on the server, most people also run Norton or something else on their PCs. The chances of someone inadvertently bringing in ratware that works as a virus is a lot smaller. -- Ilan Aisic Registered Linux User 8124 http://counter.li.org
Not delivering Spam with Procmail
Hi, I've setup procmail so as to not deliver mails with a Spam score of 10 or greater, as follows: #Mail that scores 10 or more is not delivered to users. :0 * ^X-Spam-Level: \*\*\*\*\*\*\*\*\*\* /var/spool/mail/spam As may be observed from the above, mails with a Spam score of 10 or greater should be delivered to a special mailbox /var/spool/mail/spam. So far, however, only one spam mail has been delivered to this mailbox. Moreover, spam that should have ended up in this mailbox (such as one with the header below) is instead still being delivered to the user mailboxes. X-Spam-Level: X-Spam-Status: Yes, score=16.2 required=5.0 I find this behaviour very odd. Does anyone know what I should do to get this to work properly? Thanks, Joe
Re: Not delivering Spam with Procmail
On Monday 08 August 2005 11:29 pm, Joe Borg wrote:
Hi,
I've setup procmail so as to not deliver mails with a Spam score of 10 or
greater, as follows:
#Mail that scores 10 or more is not delivered to users.
:0
* ^X-Spam-Level: \*\*\*\*\*\*\*\*\*\*
/var/spool/mail/spam
As may be observed from the above, mails with a Spam score of 10 or greater
should be delivered to a special mailbox /var/spool/mail/spam. So far,
however, only one spam mail has been delivered to this mailbox. Moreover,
spam that should have ended up in this mailbox (such as one with the header
below) is instead still being delivered to the user mailboxes.
X-Spam-Level:
X-Spam-Status: Yes, score=16.2 required=5.0
I find this behaviour very odd. Does anyone know what I should do to get
this to work properly?
Thanks,
Joe
Its easier not to try to count asterisks...
Sample procmailrc portion
:0
* ^X-Spam-Status:.*score=[1-9][0-9]
{
:0
/dev/null
}
-end sample
You may want to send them to other than /dev/null
but for my home machine anything that scores 10
or more is something I don't want to see.
--
_
John Andersen
pgpCdpbOv16MG.pgp
Description: signature
RE: Not delivering Spam with Procmail
-Original Message-
From: John Andersen [mailto:[EMAIL PROTECTED]
Sent: 09 August 2005 09:52
To: spamassassin-users@incubator.apache.org
Subject: Re: Not delivering Spam with Procmail
On Monday 08 August 2005 11:29 pm, Joe Borg wrote:
Hi,
I've setup procmail so as to not deliver mails with a Spam score of 10 or
greater, as follows:
#Mail that scores 10 or more is not delivered to users.
:0
* ^X-Spam-Level: \*\*\*\*\*\*\*\*\*\*
/var/spool/mail/spam
As may be observed from the above, mails with a Spam score of 10 or
greater
should be delivered to a special mailbox /var/spool/mail/spam. So far,
however, only one spam mail has been delivered to this mailbox. Moreover,
spam that should have ended up in this mailbox (such as one with the
header
below) is instead still being delivered to the user mailboxes.
X-Spam-Level:
X-Spam-Status: Yes, score=16.2 required=5.0
I find this behaviour very odd. Does anyone know what I should do to get
this to work properly?
Thanks,
Joe
Its easier not to try to count asterisks...
Sample procmailrc portion
:0
* ^X-Spam-Status:.*score=[1-9][0-9]
{
:0
/dev/null
}
-end sample
You may want to send them to other than /dev/null
but for my home machine anything that scores 10
or more is something I don't want to see.
--
_
John Andersen
Thanks for the info John. With your suggestions and, after some meddling
with the mailbox permission (procmail didn't have enough permissions to
write), it seems to be working now. Thanks again.
joe
Re: [sa-list] Re: spamd children run as root (again)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 FWIW I *don't* see this issue on FBSD 5.2.1 running SA 3.0.4 with perl 5.6.1 Craig. Justin Mason wrote: ah, good to hear -- although it would have been nice to have had that noted on bug 3900, which was still listed as awaiting confirmation... --j. Charles Sprickman writes: I've seen this problem as well, even in the latest ports version. Still runs as root. If I apply the attached patch (obtained from one of the bugzilla entries), it works properly. Running FBSD 4.11 w/perl 5.6.2 (5.8.7 had the same problem, I backed out of 5.8 since it chewed up more memory than I was comfortable with). Charles On Mon, 8 Aug 2005, Dan Mahoney, System Admin wrote: On Tue, 26 Apr 2005, Justin Mason wrote: It's specifically a problem with perl on *BSD platforms -- there's a bug open about it, but it's stalled because we don't have any developers with BSD machines ;) Anyone want a test machine where this is occurring? Where it DIDN'T occur before under 3.0.3? Contact me offlist. I've had a bugzilla report sitting in NEW status for over a month now, I think. I flagged it as security because I a) thought maybe there was some priority to that and b) actually believe it to be, but nobody has done anything with it. http://bugzilla.spamassassin.org/show_bug.cgi?idD98 -Dan at least on some platforms (MacOS X) it appears perl's setuid support substantially does not work. --j. Brandon Kuczenski writes: I've seen this question posted a couple times in the mailing list archives (from October 2004) but no resolution. The question again: I'm running SpamAssassin 3.0.2 on FreeBSD 4.10 in spamc/spamd format with the '-u spamd' flag. Problem is, all the child processes are running as root: $ ps aux | grep spam root 333 0.0 10.1 27636 25932 ?? I11Apr05 1:03.83 spamd child (perl) root 332 0.0 10.5 29020 27032 ?? I11Apr05 1:07.96 spamd child (perl) root 331 0.0 9.7 26544 24852 ?? I11Apr05 0:52.68 spamd child (perl) root 330 0.0 9.9 27152 25524 ?? I11Apr05 1:04.40 spamd child (perl) root 329 0.0 9.8 26864 25116 ?? I11Apr05 0:58.08 spamd child (perl) spamd 294 0.0 7.1 22392 18220 ?? Is 11Apr05 0:01.61 /usr/local/bin/spamd -d -c -u spamd -H /home/spamd -r /var/run/spamd.pid (perl) $ Is this intended or is it a bug? The two threads I've seen that pertain to it (both dating from Oct04) are left unresolved: http://thread.gmane.org/gmane.mail.spam.spamassassin.general/57900 http://thread.gmane.org/gmane.mail.spam.spamassassin.general/58087 The practical consequence of this (aside from the unorthodoxy -- undesired processes owned by root) is that the permissions of my ~user/.spamassassin/bayes_journal file get changed to root:spamd 0660. I wanted them to be spamd:user 0660, so that the user can run sa-learn without asking for root's help. Is that not the 'right way' to do things? Has there been a resolution to this question? If not, .. doesn't everybody have this problem? Or is it not a problem? If not, why not? -Brandon Output from gpg 298BC7D0 gpg: There is no indication that the signature belongs to the owner. 298B C7D0 -- Don't try to out-wierd me. I get stranger things than you free with my breakfast cereal. -Button seen at I-CON XVII (and subsequently purchased) Dan Mahoney Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC ICQ: 13735144 AIM: LarpGM Site: http://www.gushi.org --- --0-343817720-1123532392=:14641 Content-Type: TEXT/PLAIN; charset=US-ASCII; name=spamd-euid.patch Content-Transfer-Encoding: BASE64 Content-ID: [EMAIL PROTECTED] Content-Description: Content-Disposition: attachment; filename=spamd-euid.patch LS0tIHNwYW1kLm9sZAlXZWQgT2N0IDEzIDE2OjQ5OjU4IDIwMDQNCisrKyBz cGFtZAlUaHUgT2N0IDE0IDIwOjE1OjUzIDIwMDQNCkBAIC03MDAsNiArNzAw LDE1IEBADQogICAjIENoYW5nZSBVSUQNCiAgICQ+ID0gJHV1aWQ7ICAgICAg ICAgICAgIyBlZmZlY3RpdmUgdWlkDQogICAkPCA9ICR1dWlkOyAgICAgICAg ICAgICMgcmVhbCB1aWQuIHdlIG5vdyBjYW5ub3Qgc2V0dWlkIGFueW1vcmUN CisNCisgIGlmICggJDwgIT0gJHV1aWQgKSB7DQorICAgIHdhcm4oImluaXRp YWwgYXR0ZW1wdCB0byBjaGFuZ2UgcmVhbCB1aWQgZmFpbGVkLCB0cnlpbmcg QlNEIHdvcmthcm91bmQiKSBpZiAkb3B0eydkZWJ1Zyd9Ow0KKw0KKyAgICAk PiA9ICQ8OwkJCSMgcmV2ZXJ0IGV1aWQgdG8gcnVpZA0KKyAgICAkPCA9ICR1 dWlkOwkJCSMgY2hhbmdlIHJ1aWQgdG8gdGFyZ2V0DQorICAgICQ+ID0gJHV1 aWQ7CQkJIyBjaGFuZ2UgZXVpZCBiYWNrIHRvIHRhcmdldA0KKyAgfQ0KKw0K ICAgaWYgKCAkPiAhPSAkdXVpZCBhbmQgJD4gIT0gKCAkdXVpZCAtIDIqKjMy ICkgKSB7DQogICAgIGRpZSAiZmF0YWw6IHNldHVpZCB0byB1aWQgJHV1aWQg ZmFpbGVkXG4iOw0KICAgfQ0K --0-343817720-1123532392=:14641-- -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQFC+KlUMDDagS2VwJ4RAsYyAKCGZ3LGHHhuJOIXNdu43Hh6h07f0ACcDfjy EUJ3FDtN4kcbCy0hLeciYwc= =S3k6 -END PGP SIGNATURE-
Sa-stats 0.9
http://www.rulesemporium.com/programs/sa-stats-0.9.txt Link is now dead...is this floating around anywhere? -- Matthew Yette Senior Engineer - NOC/Operations MA Polce Consulting, Inc. [EMAIL PROTECTED] 315-838-1644 (w) 315-356-0597 (f) AIM/Yahoo: MAPolceNOC MSN: [EMAIL PROTECTED]
Whitelists
Indulge me for a moment. It has been much too long since I thanked the developers of this program. You have no idea what a difference it has made in my life. I have an old address, one that's been around for almost ten years, and spamassassin catches more than 1000 spams a day aimed directly my address. Now... onto business. I am trying to pass CNN breaking news alerts through the filters. My user_prefs contains: whitelist_from [EMAIL PROTECTED] and even whitelist_from [EMAIL PROTECTED] The problem is that they are sending mail from [EMAIL PROTECTED] and it is being flagged as spam. What is the easiest way around this? Thanks Jack
Re: Whitelists
Someone can correct me if I am wrong, but I belive you can do it like so... [EMAIL PROTECTED] Indulge me for a moment. It has been much too long since I thanked the developers of this program. You have no idea what a difference it has made in my life. I have an old address, one that's been around for almost ten years, and spamassassin catches more than 1000 spams a day aimed directly my address. Now... onto business. I am trying to pass CNN breaking news alerts through the filters. My user_prefs contains: whitelist_from [EMAIL PROTECTED] and even whitelist_from [EMAIL PROTECTED] The problem is that they are sending mail from [EMAIL PROTECTED] and it is being flagged as spam. What is the easiest way around this? Thanks Jack
Re: [sa-list] Re: spamd children run as root (again)
On Tue, 9 Aug 2005, Craig McLean wrote: I applied the patch, and it fixed things on my end. I noted in my PR that it was also odd to me that before, the children showed in ps as perl and afterwards as perl5.8.6 or something very similar. FWIW I *don't* see this issue on FBSD 5.2.1 running SA 3.0.4 with perl 5.6.1 Craig. Justin Mason wrote: ah, good to hear -- although it would have been nice to have had that noted on bug 3900, which was still listed as awaiting confirmation... --j. Charles Sprickman writes: I've seen this problem as well, even in the latest ports version. Still runs as root. If I apply the attached patch (obtained from one of the bugzilla entries), it works properly. Running FBSD 4.11 w/perl 5.6.2 (5.8.7 had the same problem, I backed out of 5.8 since it chewed up more memory than I was comfortable with). Charles On Mon, 8 Aug 2005, Dan Mahoney, System Admin wrote: On Tue, 26 Apr 2005, Justin Mason wrote: It's specifically a problem with perl on *BSD platforms -- there's a bug open about it, but it's stalled because we don't have any developers with BSD machines ;) Anyone want a test machine where this is occurring? Where it DIDN'T occur before under 3.0.3? Contact me offlist. I've had a bugzilla report sitting in NEW status for over a month now, I think. I flagged it as security because I a) thought maybe there was some priority to that and b) actually believe it to be, but nobody has done anything with it. http://bugzilla.spamassassin.org/show_bug.cgi?idD98 -Dan at least on some platforms (MacOS X) it appears perl's setuid support substantially does not work. --j. Brandon Kuczenski writes: I've seen this question posted a couple times in the mailing list archives (from October 2004) but no resolution. The question again: I'm running SpamAssassin 3.0.2 on FreeBSD 4.10 in spamc/spamd format with the '-u spamd' flag. Problem is, all the child processes are running as root: $ ps aux | grep spam root 333 0.0 10.1 27636 25932 ?? I11Apr05 1:03.83 spamd child (perl) root 332 0.0 10.5 29020 27032 ?? I11Apr05 1:07.96 spamd child (perl) root 331 0.0 9.7 26544 24852 ?? I11Apr05 0:52.68 spamd child (perl) root 330 0.0 9.9 27152 25524 ?? I11Apr05 1:04.40 spamd child (perl) root 329 0.0 9.8 26864 25116 ?? I11Apr05 0:58.08 spamd child (perl) spamd 294 0.0 7.1 22392 18220 ?? Is 11Apr05 0:01.61 /usr/local/bin/spamd -d -c -u spamd -H /home/spamd -r /var/run/spamd.pid (perl) $ Is this intended or is it a bug? The two threads I've seen that pertain to it (both dating from Oct04) are left unresolved: http://thread.gmane.org/gmane.mail.spam.spamassassin.general/57900 http://thread.gmane.org/gmane.mail.spam.spamassassin.general/58087 The practical consequence of this (aside from the unorthodoxy -- undesired processes owned by root) is that the permissions of my ~user/.spamassassin/bayes_journal file get changed to root:spamd 0660. I wanted them to be spamd:user 0660, so that the user can run sa-learn without asking for root's help. Is that not the 'right way' to do things? Has there been a resolution to this question? If not, .. doesn't everybody have this problem? Or is it not a problem? If not, why not? -Brandon Output from gpg 298BC7D0 gpg: There is no indication that the signature belongs to the owner. 298B C7D0 -- Don't try to out-wierd me. I get stranger things than you free with my breakfast cereal. -Button seen at I-CON XVII (and subsequently purchased) Dan Mahoney Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC ICQ: 13735144 AIM: LarpGM Site: http://www.gushi.org --- --0-343817720-1123532392=:14641 Content-Type: TEXT/PLAIN; charset=US-ASCII; name=spamd-euid.patch Content-Transfer-Encoding: BASE64 Content-ID: [EMAIL PROTECTED] Content-Description: Content-Disposition: attachment; filename=spamd-euid.patch LS0tIHNwYW1kLm9sZAlXZWQgT2N0IDEzIDE2OjQ5OjU4IDIwMDQNCisrKyBz cGFtZAlUaHUgT2N0IDE0IDIwOjE1OjUzIDIwMDQNCkBAIC03MDAsNiArNzAw LDE1IEBADQogICAjIENoYW5nZSBVSUQNCiAgICQ+ID0gJHV1aWQ7ICAgICAg ICAgICAgIyBlZmZlY3RpdmUgdWlkDQogICAkPCA9ICR1dWlkOyAgICAgICAg ICAgICMgcmVhbCB1aWQuIHdlIG5vdyBjYW5ub3Qgc2V0dWlkIGFueW1vcmUN CisNCisgIGlmICggJDwgIT0gJHV1aWQgKSB7DQorICAgIHdhcm4oImluaXRp YWwgYXR0ZW1wdCB0byBjaGFuZ2UgcmVhbCB1aWQgZmFpbGVkLCB0cnlpbmcg QlNEIHdvcmthcm91bmQiKSBpZiAkb3B0eydkZWJ1Zyd9Ow0KKw0KKyAgICAk PiA9ICQ8OwkJCSMgcmV2ZXJ0IGV1aWQgdG8gcnVpZA0KKyAgICAkPCA9ICR1 dWlkOwkJCSMgY2hhbmdlIHJ1aWQgdG8gdGFyZ2V0DQorICAgICQ+ID0gJHV1 aWQ7CQkJIyBjaGFuZ2UgZXVpZCBiYWNrIHRvIHRhcmdldA0KKyAgfQ0KKw0K ICAgaWYgKCAkPiAhPSAkdXVpZCBhbmQgJD4gIT0gKCAkdXVpZCAtIDIqKjMy ICkgKSB7DQogICAgIGRpZSAiZmF0YWw6IHNldHVpZCB0byB1aWQgJHV1aWQg ZmFpbGVkXG4iOw0KICAgfQ0K --0-343817720-1123532392=:14641-- Output from gpg gpg: WARNING: using insecure memory! gpg: please see
RE: Whitelists
It's also preferable to use whitelist_from_rcvd. Unless you really want to let spam from spoofed cnn.com email addresses through. Phil Phil Randal Network Engineer Herefordshire Council Hereford, UK -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: 09 August 2005 14:24 To: Jack Gostl Cc: users@spamassassin.apache.org Subject: Re: Whitelists Someone can correct me if I am wrong, but I belive you can do it like so... [EMAIL PROTECTED] Indulge me for a moment. It has been much too long since I thanked the developers of this program. You have no idea what a difference it has made in my life. I have an old address, one that's been around for almost ten years, and spamassassin catches more than 1000 spams a day aimed directly my address. Now... onto business. I am trying to pass CNN breaking news alerts through the filters. My user_prefs contains: whitelist_from [EMAIL PROTECTED] and even whitelist_from [EMAIL PROTECTED] The problem is that they are sending mail from [EMAIL PROTECTED] and it is being flagged as spam. What is the easiest way around this? Thanks Jack
Re: Not delivering Spam with Procmail
On Tue, Aug 09, 2005 at 09:29:07AM +0200, Joe Borg wrote: Hi, I've setup procmail so as to not deliver mails with a Spam score of 10 or greater, as follows: #Mail that scores 10 or more is not delivered to users. :0 * ^X-Spam-Level: \*\*\*\*\*\*\*\*\*\* /var/spool/mail/spam As may be observed from the above, mails with a Spam score of 10 or greater should be delivered to a special mailbox /var/spool/mail/spam. So far, however, only one spam mail has been delivered to this mailbox. Moreover, spam that should have ended up in this mailbox (such as one with the header below) is instead still being delivered to the user mailboxes. X-Spam-Level: X-Spam-Status: Yes, score=16.2 required=5.0 I find this behaviour very odd. Does anyone know what I should do to get this to work properly? Thanks, Joe Is this recipe in /etc/procmailrc or in each user's .procmailrc? If the former, I don't know what the problem is. If the latter, at that point procmail assumes the UID of the user. So the first user's email that creates /var/spool/mail/spam owns it and no one else can write to it. You may need to make it world-writable. You can review that stuff if you want to, but if I went for a month without finding anything salvageable, I'd change things to summarily punt anything that scores that high. I punt anything above 9.0. Cheers, -- Bob McClure, Jr. Bobcat Open Systems, Inc. [EMAIL PROTECTED] http://www.bobcatos.com God doesn't have (or need) a Plan B.
RE: [sa-list] Re: spamd children run as root (again)
I've been running spamc and spamd (3.0.4) on FreeBSD 4.10 with Perl 5.8.5 for quite a while, but using the -u vmail flag doesn't cause any problems. vmail 15329 0.0 2.9 59052 30300 ?? INsJ 5:55AM 0:03.05 /usr/local/bin/spamd -x -d -m 2 -r /var/run/spamd/spamd.pid -u vmail --socketpath=/tmp/spamd.sock -H /usr/local/mail/.spamassassin vmail 15355 0.0 5.9 64984 61072 ?? INJ 5:55AM 1:39.07 spamd child (perl5.8.5) vmail 15356 0.0 6.0 67352 63096 ?? INJ 5:55AM 0:24.58 spamd child (perl5.8.5) However, it does behave odd when using sa-learn. Sometimes (but only sometimes), it will change the owner of one of the bayes_ files or bayes.mutex to root. :-? Sander Holthaus Dan Mahoney, System Admin wrote: On Tue, 9 Aug 2005, Craig McLean wrote: I applied the patch, and it fixed things on my end. I noted in my PR that it was also odd to me that before, the children showed in ps as perl and afterwards as perl5.8.6 or something very similar. FWIW I *don't* see this issue on FBSD 5.2.1 running SA 3.0.4 with perl 5.6.1 Craig. Justin Mason wrote: ah, good to hear -- although it would have been nice to have had that noted on bug 3900, which was still listed as awaiting confirmation... --j. Charles Sprickman writes: I've seen this problem as well, even in the latest ports version. Still runs as root. If I apply the attached patch (obtained from one of the bugzilla entries), it works properly. Running FBSD 4.11 w/perl 5.6.2 (5.8.7 had the same problem, I backed out of 5.8 since it chewed up more memory than I was comfortable with). Charles On Mon, 8 Aug 2005, Dan Mahoney, System Admin wrote: On Tue, 26 Apr 2005, Justin Mason wrote: It's specifically a problem with perl on *BSD platforms -- there's a bug open about it, but it's stalled because we don't have any developers with BSD machines ;) Anyone want a test machine where this is occurring? Where it DIDN'T occur before under 3.0.3? Contact me offlist. I've had a bugzilla report sitting in NEW status for over a month now, I think. I flagged it as security because I a) thought maybe there was some priority to that and b) actually believe it to be, but nobody has done anything with it. http://bugzilla.spamassassin.org/show_bug.cgi?idD98 -Dan at least on some platforms (MacOS X) it appears perl's setuid support substantially does not work. --j. Brandon Kuczenski writes: I've seen this question posted a couple times in the mailing list archives (from October 2004) but no resolution. The question again: I'm running SpamAssassin 3.0.2 on FreeBSD 4.10 in spamc/spamd format with the '-u spamd' flag. Problem is, all the child processes are running as root: $ ps aux | grep spam root 333 0.0 10.1 27636 25932 ?? I11Apr05 1:03.83 spamd child (perl) root 332 0.0 10.5 29020 27032 ?? I11Apr05 1:07.96 spamd child (perl) root 331 0.0 9.7 26544 24852 ?? I11Apr05 0:52.68 spamd child (perl) root 330 0.0 9.9 27152 25524 ?? I11Apr05 1:04.40 spamd child (perl) root 329 0.0 9.8 26864 25116 ?? I11Apr05 0:58.08 spamd child (perl) spamd 294 0.0 7.1 22392 18220 ?? Is 11Apr05 0:01.61 /usr/local/bin/spamd -d -c -u spamd -H /home/spamd -r /var/run/spamd.pid (perl) $ Is this intended or is it a bug? The two threads I've seen that pertain to it (both dating from Oct04) are left unresolved: http://thread.gmane.org/gmane.mail.spam.spamassassin.general/579 00 http://thread.gmane.org/gmane.mail.spam.spamassassin.general/58087 The practical consequence of this (aside from the unorthodoxy -- undesired processes owned by root) is that the permissions of my ~user/.spamassassin/bayes_journal file get changed to root:spamd 0660. I wanted them to be spamd:user 0660, so that the user can run sa-learn without asking for root's help. Is that not the 'right way' to do things? Has there been a resolution to this question? If not, .. doesn't everybody have this problem? Or is it not a problem? If not, why not? -Brandon Output from gpg 298BC7D0 gpg: There is no indication that the signature belongs to the owner. 298B C7D0 -- Don't try to out-wierd me. I get stranger things than you free with my breakfast cereal. -Button seen at I-CON XVII (and subsequently purchased) Dan Mahoney Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC ICQ: 13735144 AIM: LarpGM Site: http://www.gushi.org --- --0-343817720-1123532392=:14641 Content-Type: TEXT/PLAIN; charset=US-ASCII; name=spamd-euid.patch Content-Transfer-Encoding: BASE64 Content-ID: [EMAIL PROTECTED] Content-Description: Content-Disposition: attachment; filename=spamd-euid.patch LS0tIHNwYW1kLm9sZAlXZWQgT2N0IDEzIDE2OjQ5OjU4IDIwMDQNCisrKyBz cGFtZAlUaHUgT2N0IDE0IDIwOjE1OjUzIDIwMDQNCkBAIC03MDAsNiArNzAw
Iran Nuclear spam
Anyone else been seeing a lot of these come in? The text includes a snippet about the Iran Nuclear situation and a link to a full article. The article appears to have been pinched from elsewhere, but the page includes javascript which appears to use a buffer overflow to load a .hta file. All the links end in votnews dot com - thankfully the uribl's kept this one from hitting my users. Just thought I'd throw out a warning since it's not just more political spam, there's a payload. Evan
Re: GeoCities Link-only spam
Jonathan Nichols wrote:
uri GEOCITIES /uk.geocities.com/i
describe GEOCITIESHigh amounts of spam from Geocities.
score GEOCITIES 4.0
... spamassassin --lint came out ok.
Will this work, or have I accomplished something that I wasn't actually
trying to do? ;)
A better approach:
uri GEOCITIES /\buk\.geocities\.com\b/i
A . by itself will match any single character, so ukrgeocities2com
would match. \. matches a period specifically. Not that this is
likely to show up in this case, but it's worth remembering for rule
writing in general.
Also, \b matches a word boundary. That prevents it from matching
something like geocities.commander -- again, not a likely problem in
this case, but useful for future reference.
You could even get very specific, with this:
uri GEOCITIES /^http:\/\/uk\.geocities\.com\b/i
The ^ anchors the match to the beginning of the URI, and the \/
indicates that the forward slash is part of the match, not the closing
delimiter.
Of course, if you want to match *any* Geocities URL (which I think is a
bit much for a 4-point score), you'd want something like this:
uri GEOCITIES /\.geocities\.com\b/i
or if you want to make sure it matches the domain name,
uri GEOCITIES /^http:\/\/[a-z0-9-]{1,30}\.geocities\.com\b/i
--
Kelson Vibber
SpeedGate Communications www.speed.net
Re: Iran Nuclear spam
... Anyone else been seeing a lot of these come in? The text includes a snippet about the Iran Nuclear situation and a link to a full article. The article appears to have been pinched from elsewhere, but the page includes javascript which appears to use a buffer overflow to load a .hta file. All the links end in votnews dot com - thankfully the uribl's kept this one from hitting my users. Just thought I'd throw out a warning since it's not just more political spam, there's a payload. Evan Strange spam from Leo Kuvayev - doesn't make sense. The registration is at YesNIC and the entries are all nominated at rfci already. Paul Shupak [EMAIL PROTECTED]
RE: Iran Nuclear spam
From: E. Falk [mailto:[EMAIL PROTECTED] Anyone else been seeing a lot of these come in? The text includes a snippet about the Iran Nuclear situation and a link to a full article. The article appears to have been pinched from elsewhere, but the page includes javascript which appears to use a buffer overflow to load a .hta file. All the links end in votnews dot com - thankfully the uribl's kept this one from hitting my users. Just thought I'd throw out a warning since it's not just more political spam, there's a payload. I just saw it in the SA catch account (SA caught it at 37.1 points.) Subject was about Iran/Nuclear but From: looked to be a job search -- the mismatch and SA score were enought for me so I approved the catch and didn't look further. So it's a HTA buffer overflow, disguised as a Job spam, disguised as a Political? This strategy of multi-levels of disguise is intriguing -- I have only seen it personally a few times. -- Herb Martin
Re: Iran Nuclear spam
E. Falk wrote: Anyone else been seeing a lot of these come in? The text includes a snippet about the Iran Nuclear situation and a link to a full article. The article appears to have been pinched from elsewhere, but the page includes javascript which appears to use a buffer overflow to load a .hta file. All the links end in votnews dot com - thankfully the uribl's kept this one from hitting my users. Just thought I'd throw out a warning since it's not just more political spam, there's a payload. Evan Found another one from a few days back, this time the news story was about the 14 Marines killed in Iraq. Same IP address in China, this time with the url pointing to vbnnews dot com. Obviously this site is known to the URIBL people... wonder how long it's been out there. Evan
When is Bulk Bulk
When is Bulk Bulk? The reason I ask is because I have a client who sends unsolicited e-mails to prospective clients. But he does this manually by visiting relevant web sites and then one-at-a-time, he personally e-mails these prospective clients. I don't consider this spam because it is not bulk and my client can actually tell you who he e-mailed that day and why. Still, this is a very slippery slope... what happens if he e-mails 50 such addresses that he manually spotted using a generic form letter? Would that be spam? I'm thinking yes. ...However, if these e-mails are sent one at a time and individualized to the recipient in a way that could NOT possibly be computer generated (not another I visited your web site and I think its great statements... but meaningful content that only a person with knowledge of the recipient could write)... in that case, I think he is ok, even if most of each letter came from a generic template. Maybe there are no hard simple rules... but I'd sure love some additional advice? Rob McEwen PowerView Systems [EMAIL PROTECTED]
RE: When is Bulk Bulk
Rob McEwen wrote: When is Bulk Bulk? http://www.spamlaws.com -- Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902 Hispanic Business Inc./HireDiversity.com Software Engineer
Question about addons
Anyone have a method of delivering a message to a local mailbox if it's spam and then allowing the user to forward it on if it's not a quartine system, kinda like POSTINI does it? I've got a few of my customers looking for something like that, I can run them through my SA servers, and tag spam, but they would prefer not to get the messages if at all possible. Thanks, Billy +--+ | Billy Huddleston Senior Systems Administrator | | Net-Express http://www.nxs.net | | 114 Sherway Rd. Voice: 865-691-2011 | | Knoxville, TN 37922 Fax: 865-691-9894 | | [EMAIL PROTECTED]| +--+
Re: Not delivering Spam with Procmail
From: Bob McClure Jr [EMAIL PROTECTED]
On Tue, Aug 09, 2005 at 09:29:07AM +0200, Joe Borg wrote:
Hi,
I've setup procmail so as to not deliver mails with a Spam score of 10 or
greater, as follows:
#Mail that scores 10 or more is not delivered to users.
:0
* ^X-Spam-Level: \*\*\*\*\*\*\*\*\*\*
/var/spool/mail/spam
Silliness.
As may be observed from the above, mails with a Spam score of 10 or
greater
should be delivered to a special mailbox /var/spool/mail/spam. So far,
however, only one spam mail has been delivered to this mailbox. Moreover,
spam that should have ended up in this mailbox (such as one with the
header
below) is instead still being delivered to the user mailboxes.
X-Spam-Level:
X-Spam-Status: Yes, score=16.2 required=5.0
I find this behaviour very odd. Does anyone know what I should do to get
this to work properly?
Thanks,
Joe
Is this recipe in /etc/procmailrc or in each user's .procmailrc?
If the former, I don't know what the problem is. If the latter, at
that point procmail assumes the UID of the user. So the first user's
email that creates /var/spool/mail/spam owns it and no one else can
write to it. You may need to make it world-writable.
Root should probably create it and set privileges to 666. If procmail
allows this as a destination for writing email you're happy. If not
you may have to have /var/spool/mail/spam/$USER as a destination
if $HOME/mail/spam is not acceptable.
{^_^}
DCC vs Razor2
We have been using Razor2 for some time on SA 3.0.4. I was recently reading about DCC. We have never tried it, so I was wondering about opinions as to its use. How effective is it? Should it be used with, or in place of, Razor?
Re: When is Bulk Bulk
Rob McEwen wrote: When is Bulk Bulk? The reason I ask is because I have a client who sends unsolicited e-mails to prospective clients. But he does this manually by visiting relevant web sites and then one-at-a-time, he personally e-mails these prospective clients. I don't consider this spam because it is not bulk and my client can actually tell you who he e-mailed that day and why. Your opinion may differ, but since you are asking... I think you need to consider how your definition of 'spam' matches up with the rest of the world. You seem to define spam in terms of bulk. Most aren't so limited. I personally define spam as either UCE or UBE. Either one. UCE - unsolicited commercial email UBE - unsolicited bulk email Therefore, to me, and many others, it doesn't matter how few messages there are, or how individual the message is. If it's unsolicited email of a commercial nature, it's spam. Period. However, most spam laws don't outright prohibit UCE. They prohibit forgeries, and have various opt-out requirements. However, such laws vary from state-to-state, and you better check to make sure UCE is allowed in the state your user is sending mail to. Most decent ISP terms of service prohibit both UBE and UCE. You should too. i.e.: http://www.comcast.net/terms/use.jsp Contains: transmit unsolicited bulk or commercial messages or spam. This includes, but is not limited to, unsolicited advertising, promotional materials or other solicitation material, bulk mailing of commercial advertising, chain mail, informational announcements, charity requests, and petitions for signatures; Please note that it's an OR here, not an AND. All unsolicited commercial messages are spam in comcast's eyes. And: http://site.aol.com/copyright/rules.html Prohibits spamming as: constitutes unauthorized or unsolicited advertising, junk or bulk e-mail (also known as Spamming), chain letters, any other form of unauthorized solicitation, or any form of lottery or gambling; Again, unsolicited advertising is defined as spam.
Re: DCC vs Razor2
Dr Robert Young wrote: We have been using Razor2 for some time on SA 3.0.4. I was recently reading about DCC. We have never tried it, so I was wondering about opinions as to its use. How effective is it? Should it be used with, or in place of, Razor? I use it with razor. As for efficacy, check the STATISTICS-*.txt files in the SA tarball.
Re: When is Bulk Bulk
From: [EMAIL PROTECTED]
Rob McEwen wrote:
When is Bulk Bulk?
http://www.spamlaws.com
jdow: Regardless of legal definitions I capture it as spam and
treat it as spam. If such a letter gets through it's address gets
added to my blacklist. I do not see the Internet as an advertising
medium with me forced to sit and read it or worse to business with
those who cold email me. I treat cold telephone calls the same
way. I treat junk email the same way. If they are lucky it goes
into the bin directly. If they are not lucky they get permanently
blacklisted and I refuse to do business with them. (Cold callers
also get words about crawling through the telephone and ripping
their throats out. That seems to have a funny effect on some of
the cold callers - from India I suspect. I figure I might as well
get some amusement when they've interrupted my concentration.)
{^_^}
RE: Question about addons
-Original Message- From: Billy Huddleston [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 09, 2005 12:55 PM Subject: Question about addons Anyone have a method of delivering a message to a local mailbox if it's spam and then allowing the user to forward it on if it's not a quartine system, kinda like POSTINI does it? I've got a few of my customers looking for something like that, I can run them through my SA servers, and tag spam, but they would prefer not to get the messages if at all possible. Thanks, Billy You might want to check out Maia Mailguard. It's as close to POSTINI as I've come across. http://www.renaissoft.com/projects/maia/ HTH Matt
Re: GeoCities Link-only spam
Of course, if you want to match *any* Geocities URL (which I think is a
bit much for a 4-point score), you'd want something like this:
uri GEOCITIES /\.geocities\.com\b/i
or if you want to make sure it matches the domain name,
uri GEOCITIES /^http:\/\/[a-z0-9-]{1,30}\.geocities\.com\b/i
Cool! thanks. I think that will work a lot better. :)
I got one today based on my previous feeble rule attempt. It got 4
points.. my rule was the only one that it hit.
Bloody Geocities. :|
RE: When is Bulk Bulk
Matt Kettler wrote: Therefore, to me, and many others, it doesn't matter how few messages there are, or how individual the message is. If it's unsolicited email of a commercial nature, it's spam. Period. BTW - Matt, would an e-mail asking for link exchanges between web sites be considered commercial. What about unsolicited political or non-profit e-mails? Also, regarding any major ISPs definitions of spam being any unsolicited message, I wonder how many actually enforce that? And, of the ones which do enforce it, I wonder many of these also block mail where one of their users simply forgot he subscribed to something or was just too lazy to unsubscribe and simply reported the non spam as spam. I've heard some horror stories where AOL blocked double-opt-in newsletters because of misguide complains from customers complaining about mail that they had actually opted into. Also, [EMAIL PROTECTED] referred me to the spam laws: http://www.spamlaws.com Ironically, in these two replies to my original message so far, (from Matt and Matthew) (1) one cites U.S. laws which are a VERY loose definition of spam (2) The other has a much stricter definition of spam. In fact, SpamHaus's splits the difference between these two extreme definitions. http://www.spamhaus.org/definition.html Does anyone else consider SpamHaus's definition as too weak and believe that ANY unsolicited e-mail is spam, even if a personally hand-typed note? Just an observation, if the only kind of unsolicited e-mail we ever received were personally typed solicitations and all other spam were eliminated, then there would have never been a need for SpamAssassin and 99.% of all spam would be gone. --Rob McEwen
RE: When is Bulk Bulk
Clarification of my last message: When I asked What about unsolicited political or non-profit e-mails?, please don't misunderstand me. I'm NOT saying that all political or non-profit are not spam... I was only responding to another's definition of spam as being unsolicited email of a commercial nature ...I was trying to point out that it is sometimes harder to define and/or rely upon commercial than it is to define and/or rely upon bulk as a criteria for being considered spam. --Rob McEwen PowerView Systems
Re: When is Bulk Bulk
Rob McEwen wrote: Matt Kettler wrote: Therefore, to me, and many others, it doesn't matter how few messages there are, or how individual the message is. If it's unsolicited email of a commercial nature, it's spam. Period. BTW - Matt, would an e-mail asking for link exchanges between web sites be considered commercial. What about unsolicited political or non-profit e-mails? Also, regarding any major ISPs definitions of spam being any unsolicited message, I wonder how many actually enforce that? And, of the ones which do enforce it, I wonder many of these also block mail where one of their users simply forgot he subscribed to something or was just too lazy to unsubscribe and simply reported the non spam as spam. I've heard some horror stories where AOL blocked double-opt-in newsletters because of misguide complains from customers complaining about mail that they had actually opted into. Hi, Just my two cents but if something shows up in one of my domain management email addresses that is not from our registrar or from ARIN, it gets added to my rbl and my badmailfrom list, especially web link exchange requests. I'm what you might consider a mid-sized to large ISP and I really don't need a thousand link requests a day to webmaster or dns just because we host that domain. Same goes for political and non-profit UCE's. My personal address I'm a bit more lenient on but I add hundreds of IP's a day to our RBL. Regards, Rick
Re: When is Bulk Bulk
I got an email to my postmaster account one time, at a job I was working,
from a guy in the Philipines who buys and sells domains. Just so happened
a VP at the company loved the domain name and was thrilled to buy it for
something like $150 cheap. I don't mind cold emails as much as cold calls
on my cell phone...now that is an entirely different story for me. :-)
From: [EMAIL PROTECTED]
Rob McEwen wrote:
When is Bulk Bulk?
http://www.spamlaws.com
jdow: Regardless of legal definitions I capture it as spam and
treat it as spam. If such a letter gets through it's address gets
added to my blacklist. I do not see the Internet as an advertising
medium with me forced to sit and read it or worse to business with
those who cold email me. I treat cold telephone calls the same
way. I treat junk email the same way. If they are lucky it goes
into the bin directly. If they are not lucky they get permanently
blacklisted and I refuse to do business with them. (Cold callers
also get words about crawling through the telephone and ripping
their throats out. That seems to have a funny effect on some of
the cold callers - from India I suspect. I figure I might as well
get some amusement when they've interrupted my concentration.)
{^_^}
Re: When is Bulk Bulk
Rob McEwen wrote: Does anyone else consider SpamHaus's definition as too weak and believe that ANY unsolicited e-mail is spam, even if a personally hand-typed note? I'm really curious as to how we would defined solicited e-mail. As far as bulk e-mail goes, it's fairly easy. Do I solicit the jokes my friends e-mail me? What about the chain letter that warns me about the teddy bear virus? Or the endless petitions? Or the message that asks me if I want to go catch a movie on Friday night? Personally, I worry far more about Bulk than I do about the Unsolicited. I get plenty of e-mail that is unsolicited and unwanted - often from my users. :) If it's unwanted but it is personal (or at least a forward) and I can speak directly to the person who is responsible, then it's not Spam to me. It may not be welcome, but it's not Spam. I'd even be pretty lenient on the definition of bulk, so as not to include those irritating souls who forward everything they receive to their entire address books. Of course, the only official definition of spam comes from Hormel and is not particularly useful to us. Back to your original question, Rob - Given the attitudes today towards e-mail, I'd suggest that anyone using personal unsolicited e-mails for business purposes should rethink their business plan. I wouldn't block them for it, but there are enough people who would. Evan
RE: When is Bulk Bulk
From: Rob McEwen [mailto:[EMAIL PROTECTED] Matt Kettler wrote: Therefore, to me, and many others, it doesn't matter how few messages there are, or how individual the message is. If it's unsolicited email of a commercial nature, it's spam. Period. BTW - Matt, would an e-mail asking for link exchanges between web sites be considered commercial. What about unsolicited political or non-profit e-mails? Also, regarding any major ISPs definitions of spam being any unsolicited message, I wonder how many actually enforce that? And, of the ones which do enforce it, I wonder many of these also block mail where one of their users simply forgot he subscribed to something or was just too lazy to unsubscribe and simply reported the non spam as spam. I've heard some horror stories where AOL blocked double-opt-in newsletters because of misguide complains from customers complaining about mail that they had actually opted into. Also, [EMAIL PROTECTED] referred me to the spam laws: http://www.spamlaws.com Ironically, in these two replies to my original message so far, (from Matt and Matthew) (1) one cites U.S. laws which are a VERY loose definition of spam (2) The other has a much stricter definition of spam. In fact, SpamHaus's splits the difference between these two extreme definitions. http://www.spamhaus.org/definition.html Does anyone else consider SpamHaus's definition as too weak and believe that ANY unsolicited e-mail is spam, even if a personally hand-typed note? Just an observation, if the only kind of unsolicited e-mail we ever received were personally typed solicitations and all other spam were eliminated, then there would have never been a need for SpamAssassin and 99.% of all spam would be gone. Personally, I have a very simple definition of spam: If I didn't ask for it and it comes from someone I don't know, it's spam. Email, like the telephone, is a personal communication tool. It should not be used for mass marketing (commercial, political, or otherwise). If you want my business, use billboards, television, radio, yellow pages, web search engines, etc. I don't even mind junk postal mail. But don't call me and don't email me (and please don't leave your litter on my car windshield :) ). If the only kind of unsolicited e-mail we ever received were personally typed solicitations and all other spam were eliminated, then I may not need SpamAssassin, but I would still delete the spam without opening it. Bowie
Selectively disabling bayes autolearning
Is it possible to selectively disable bayes autolearning? For example, I would like auto learning disabled for mail sent to this mailing list since all this spam discussion and forwarded spam snippets would probably pollute the bayses database (which probably thinks very highly of geocities by now ;-) I guess I could feed this mailing lists messages back into sa-learn -- forget, but I'd like something automatic. -- Steve Martin http://www.cheezmo.com/ Smart Calibration, LLC http://www.smartcalibration.com/ The Widescreen Movie Centerhttp://www.widemovies.com/ Letterboxed Movie TV Schedule http://www.widemovies.com/lbx.html
Re: Selectively disabling bayes autolearning
Steve Martin wrote: Is it possible to selectively disable bayes autolearning? For example, I would like auto learning disabled for mail sent to this mailing list since all this spam discussion and forwarded spam snippets would probably pollute the bayses database (which probably thinks very highly of geocities by now ;-) I guess I could feed this mailing lists messages back into sa-learn -- forget, but I'd like something automatic. -- Steve Martin http://www.cheezmo.com/ Smart Calibration, LLC http://www.smartcalibration.com/ The Widescreen Movie Centerhttp://www.widemovies.com/ Letterboxed Movie TV Schedule http://www.widemovies.com/lbx.html bayes_ignore_to users@spamassassin.apache.org -Jim
RE: When is Bulk Bulk
OBSERVATION: Could some of us be treating unsolicited Business-to-Consumer and unsolicited Business-To-Business the same? Should they be treated the same? If not, the perhaps some people's irritation about getting called at dinner-time for the 10th time by the same phone company be influencing their opinions here?
Manual bayes expiration in MySQL database
We're running spamassassin with a MySQL bayes database that is shared by 4 scanning servers. We had been initially using the bayes auto expire option in local.cf, but found that this occasionally caused table corruption. With auto expire turned off, everything works fine, but after a while our bayes database gets huge (~9 million records in bayes_token). Does anybody have a good tip on how to manually expire some of those records from the database? Is ut as simple as deleting all records in the bayes_token table that have an atime older than a specified time? Is there any other logic that should come into play when expiring the bayes tables? Any tips or suggestions appreciated. Thanks, Bob Pierce
Re: When is Bulk Bulk
E. Falk wrote: Rob McEwen wrote: Does anyone else consider SpamHaus's definition as too weak and believe that ANY unsolicited e-mail is spam, even if a personally hand-typed note? Hmm, how about Hi, I see you have a link on your web page to my site at XYZ. I'm moving to ABC, and would appreciate it if you would update your link. Thank you. Assume that the target does, indeed, have a link to the old location of the site in question (and that it wasn't inserted by a link spammer), and that the site really is moving to the new URL provided. Unsolicited. Potentially bulk. But is it spam? -- Kelson Vibber SpeedGate Communications www.speed.net
RE: When is Bulk Bulk
Rob McEwen [EMAIL PROTECTED] wrote on 08/09/05 12:59PM: OBSERVATION: Could some of us be treating unsolicited Business-to-Consumer and unsolicited Business-To-Business the same? Should they be treated the same? Of course we treat them the same. They all go through SpamAssassin. If the recipient thinks it is spam, it gets added and reported to SpamCop. Are you proposing some method of determining whether an email is Business-to-Consumer or Business-To-Business and treating them differently in SpamAssassin? How would you be able to do that and why would you want to? * This e-mail, including attachments, may contain information that is privileged, proprietary, non-public, confidential, trademarked, copyrighted or exempt from disclosure and is intended to be conveyed only to the designated recipients(s). If you are not an intended recipient, please delete this e-mail, including attachments, and do not disseminate, distribute or copy this communication, by e-mail or otherwise. The unauthorized use, dissemination, distribution or reproduction of this e-mail, including attachments, is prohibited and may be unlawful. We reserve the right to monitor and review the content of all messages sent to or from this e-mail address.
Re: Manual bayes expiration in MySQL database
'sa-learn --force-expire' is your friend. Just run it on one of the servers periodically. I run it once every four hours. Bob Pierce thought no one was listening and belted out: We're running spamassassin with a MySQL bayes database that is shared by 4 scanning servers. We had been initially using the bayes auto expire option in local.cf, but found that this occasionally caused table corruption. With auto expire turned off, everything works fine, but after a while our bayes database gets huge (~9 million records in bayes_token). Does anybody have a good tip on how to manually expire some of those records from the database? Is ut as simple as deleting all records in the bayes_token table that have an atime older than a specified time? Is there any other logic that should come into play when expiring the bayes tables? Any tips or suggestions appreciated. Thanks, Bob Pierce
Re: Manual bayes expiration in MySQL database
Bob Pierce wrote: We're running spamassassin with a MySQL bayes database that is shared by 4 scanning servers. We had been initially using the bayes auto expire option in local.cf, but found that this occasionally caused table corruption. Corruption? Well, that would be a bug then, can you please provide some more specifics? Open a bugzilla bug please. With auto expire turned off, everything works fine, but after a while our bayes database gets huge (~9 million records in bayes_token). Does anybody have a good tip on how to manually expire some of those records from the database? sa-learn --force-expire Is ut as simple as deleting all records in the bayes_token table that have an atime older than a specified time? Is there any other logic that should come into play when expiring the bayes tables? Any tips or suggestions appreciated. Don't expire things manually. Michael signature.asc Description: OpenPGP digital signature
RE: When is Bulk Bulk
On Tue, 9 Aug 2005, Rob McEwen wrote: If not, the perhaps some people's irritation about getting called at dinner-time for the 10th time by the same phone company be influencing their opinions here? More like being woken up at 4am for a sales pitch for sears vacuum claners from a call center in bangalore. -Dan
Re: Selectively disabling bayes autolearning
On Tuesday 09 August 2005 15:55, Steve Martin wrote: Is it possible to selectively disable bayes autolearning? For example, I would like auto learning disabled for mail sent to this mailing list since all this spam discussion and forwarded spam snippets would probably pollute the bayses database (which probably thinks very highly of geocities by now ;-) I guess I could feed this mailing lists messages back into sa-learn -- forget, but I'd like something automatic. Why are they even being inspected by SA? If running kmail, just move the filter rule that sorts this list into the SA folder to a point above the rule that calls SA to look things over. I did that as soon as I joined this list. -- Steve Martin http://www.cheezmo.com/ Smart Calibration, LLC http://www.smartcalibration.com/ The Widescreen Movie Centerhttp://www.widemovies.com/ Letterboxed Movie TV Schedule http://www.widemovies.com/lbx.html -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) 99.35% setiathome rank, not too shabby for a WV hillbilly Yahoo.com and AOL/TW attorneys please note, additions to the above message by Gene Heskett are: Copyright 2005 by Maurice Eugene Heskett, all rights reserved.
AutoWhiteList
I seem to be at a loss. I have installed SA 3.0.4 on two identical machines. Both machines are running CentOS4.1. Other software loaded would include: Sendmail 8-13.4-1 (from src rpm) Clamav 0-86 (tar file) MailScanner 4.44.1-1 (tar) MailWatch 1.0.1 (tar) phpMyAdmin 2.6.3-pl1 (tar) Webmin 1.210 (tar) Both machines run smooth, but when I was trying to figure out what is getting AutoWhite listed, I found that box2 did not have: /root/.spamassassin/auto-whitelist /root/.spamassassin/auto-whitelist.mutex box1 does have: /root/.spamassassin/auto-whitelist Box1 and Box2 are being built to replace a MailScanner system already in use. Upon review of this system, I can see I will run into issues if I cannot check what is being auto-whitelisted. I do find it strange that I installed SA the same way on both machines and have different results. I tried to uninstall SA from Box 2 by using this command: rpm -e spamassassin I am not sure if this is the best way to uninstall SA, but I do not know of another. I then reinstalled it two ways: 1. rpmbuild -tb Mail-SpamAssassin-3.0.4.tar.gz cd to /usr/src/redhat/RPMS/i386 These three files are in this directory perl-Mail-SpamAssassin-3.0.4-1.i386.rpm spamassassin-tools-3.0.4-1.i386.rpm spamassassin-3.0.4-1.i386.rpm I installed the files (first my moving the tools rpm to another directory and then moving it back and installing it separately) 2. Through untar, I cd to the Mail-SpamAssassin-3.0.4 directory and installed via the INSTALL file instructions. Both ways to install were successful, but I was still unable to see any of the files I was looking for. I would appreciate any feedback on what I am doing wrong and any other approaches I can take to resolve this problem. Casey
Re: When is Bulk Bulk
Kelson wrote: E. Falk wrote: Rob McEwen wrote: Does anyone else consider SpamHaus's definition as too weak and believe that ANY unsolicited e-mail is spam, even if a personally hand-typed note? Hmm, how about Hi, I see you have a link on your web page to my site at XYZ. I'm moving to ABC, and would appreciate it if you would update your link. Thank you. Assume that the target does, indeed, have a link to the old location of the site in question (and that it wasn't inserted by a link spammer), and that the site really is moving to the new URL provided. Unsolicited. Potentially bulk. But is it spam? Hi, Not spam by my definition as there is an existing relationship there. I linked to them. If I buy something at MM meat shops and give them my email address and they email me, that's not spam either by my definition. If they don't have an unsubscribe address or they ignore unsubscribe requests, then it's spam. If you email me at dns at axess.com or dns at aei.ca with anything but Domain related activities, it's spam. If you email me at info at axess.com or aei.ca, it may or may not be spam. Depends on if you are trying to sell me a mortgage or not :) Regards, Rick
Re: When is Bulk Bulk
Rob McEwen wrote: OBSERVATION: Could some of us be treating unsolicited Business-to-Consumer and unsolicited Business-To-Business the same? Should they be treated the same? If not, the perhaps some people's irritation about getting called at dinner-time for the 10th time by the same phone company be influencing their opinions here? My $.02 here... Why doesn't he put together a nice presentation package and mail it to them? I think I know the real reason -- it costs money. It could be argued that sending an email costs money, but hardly the cost of putting together a decent presentation on a few sheets of flashy/nice paper and mailing it to prospective customers. This is a higher cost to the sender opposed to email which the higher cost goes to the recipient (logs, administrator(s) salary, storage, backup etc...) The only business advertisements I respond to is ones that I directly asked for (either on-line or by phone) or via mail. It's easy to call, it's easy to e-mail. Sending a nice presentation via snail mail isn't (and to me it shows class and determination to gain my business.) -- Thanks, James
RE: When is Bulk Bulk
James said: My $.02 here... Why doesn't he put together a nice presentation package and mail it to them? I think I know the real reason -- it costs money. It could be argued that sending an email costs money, but hardly the cost of putting together a decent presentation on a few sheets of flashy/nice paper and mailing it to prospective customers. This is a higher cost to the sender opposed to email which the higher cost goes to the recipient (logs, administrator(s) salary, storage, backup etc...) The only business advertisements I respond to is ones that I directly asked for (either on-line or by phone) or via mail. It's easy to call, it's easy to e-mail. Sending a nice presentation via snail mail isn't (and to me it shows class and determination to gain my business.) Good points. But, **to some extent**, these SAME points can be used to elevate a hand-typed and thoughtful unsolicited e-mail to be somehow above or more respective than bulk spam. --Rob McEwen
Re: When is Bulk Bulk
Rob McEwen wrote: Matt Kettler wrote: Therefore, to me, and many others, it doesn't matter how few messages there are, or how individual the message is. If it's unsolicited email of a commercial nature, it's spam. Period. BTW - Matt, would an e-mail asking for link exchanges between web sites be considered commercial. What about unsolicited political or non-profit e-mails? Personally, I consider all of the above to be spam. At the very least, they're all unwelcome. That said, I never put up email addresses on a website without a explanation of what it's to be used for. I always use something like: If you experience technical problems with this website, email [EMAIL PROTECTED] Send resume's to [EMAIL PROTECTED] Send support requests for this product to productxyz@ Often for my own personal pages I also add things like: This address is not to be used for advertising. It is only to be used for questions regarding.. Since I've already explicitly stated what the address is to be used for any other use is intentionally violating an existing request for opt-out. In cases where I've explicitly excluded any form of advertising, it's even clearer. Therefore, if *I* got any of the above, the email is spam because there can be one of two situations: 1) If you read the website, you know your mail doesn't fit the declared purpose of the address, and you're spamming due to intentional violation of the recipient's preferences. 2) If you didn't read the website, you're scraping and sending out mass junk, and you're spamming under anyone's definition because it's UBE. In fact, SpamHaus's splits the difference between these two extreme definitions. http://www.spamhaus.org/definition.html Does anyone else consider SpamHaus's definition as too weak and believe that ANY unsolicited e-mail is spam, even if a personally hand-typed note? I don't believe the spamhaus definition is as weak as you think because your hand-typed note is also likely to spam under spamhaus's definition if it is in any way templated: - An electronic message is spam IF: (1) the recipient's personal identity and context are irrelevant because the message is equally applicable to many other potential recipients; AND (2) the recipient has not verifiably granted deliberate, explicit, and still-revocable permission for it to be sent. - Unless the content of the request for link-exchange is highly specific to my website, the request fits (1) and (2). Most link-exchange requests I've seen for EVI are plain form letters with only EVI's name and our general market mentioned. They'd equally apply to EVI as any other electronics company. While I'd generally consider a highly customized hand typed message to be spam, I'm at least sympathetic to those who are willing to grant these an exception. All that said, I think spamhaus does need a third case. All email is automatically spam if the user has already explicitly revoked permission for it to be sent.
Re: When is Bulk Bulk
Mike Wiebeld wrote: Rob McEwen [EMAIL PROTECTED] wrote on 08/09/05 12:59PM: OBSERVATION: Could some of us be treating unsolicited Business-to-Consumer and unsolicited Business-To-Business the same? Should they be treated the same? Of course we treat them the same. They all go through SpamAssassin. If the recipient thinks it is spam, it gets added and reported to SpamCop. Are these the same recipients who find it easier to report an item as spam than unsubscribe from the list they had to confirm three times that they wanted to be on? :) The problem is compounded with my users because when a person leaves the company their e-mail address (along with any subscriptions they've picked up over the years) gets forwarded on to their replacement. I get a lot of legitimate lists reported as spam that way.
RE: When is Bulk Bulk
Mike Wiebeld said: Of course we treat them the same. They all go through SpamAssassin. If the recipient thinks it is spam, it gets added and reported to SpamCop. Are you proposing some method of determining whether an email is Business-to-Consumer or Business-To-Business and treating them differently in SpamAssassin? How would you be able to do that and why would you want to? Of course I don't propose any sort of rules changes. Generally, someone's bad behavior will speak for itself in that the more egregious their spamming, the more URI RBL blacklists they will appear on. Also, use of spammer's obfuscation techniques or sending mail from a spam gang's server also speaks for itself. But I do hate the idea of someone sending out 10 unsolicited but hand-typed e-mails being treated the same as a spammer sending out 10,000 unsolicited and impersonal e-mails per day... but somehow I think that this is already taken care of in spite of what some of the more aggressive mail administrators have said today. Rob McEwen
Re: When is Bulk Bulk
Are these the same recipients who find it easier to report an item as spam than unsubscribe from the list they had to confirm three times that they wanted to be on? :) The problem is compounded with my users because when a person leaves the company their e-mail address (along with any subscriptions they've picked up over the years) gets forwarded on to their replacement. I get a lot of legitimate lists reported as spam that way. We handle it the people leaving the same way. For the replacements, if it is a list they want to be on, they should unsubscribe the old address and subscribe their own address. Other than that, they drop it in the spam folder and I look over it and unsubscribe the stuff that looks legitimate. Because I see so much of the junk, I've become fairly adept at recognizing those lists. * This e-mail, including attachments, may contain information that is privileged, proprietary, non-public, confidential, trademarked, copyrighted or exempt from disclosure and is intended to be conveyed only to the designated recipients(s). If you are not an intended recipient, please delete this e-mail, including attachments, and do not disseminate, distribute or copy this communication, by e-mail or otherwise. The unauthorized use, dissemination, distribution or reproduction of this e-mail, including attachments, is prohibited and may be unlawful. We reserve the right to monitor and review the content of all messages sent to or from this e-mail address.
RE: When is Bulk Bulk
Rob McEwen [EMAIL PROTECTED] wrote on 08/09/05 01:36PM: Of course I don't propose any sort of rules changes. Generally, someone's bad behavior will speak for itself in that the more egregious their spamming, the more URI RBL blacklists they will appear on. Also, use of spammer's obfuscation techniques or sending mail from a spam gang's server also speaks for itself. But I do hate the idea of someone sending out 10 unsolicited but hand-typed e-mails being treated the same as a spammer sending out 10,000 unsolicited and impersonal e-mails per day... but somehow I think that this is already taken care of in spite of what some of the more aggressive mail administrators have said today. I don't think you understand the situation. How is the recipient supposed to know whether it is actually a hand crafted email sent just to him or a spam run of 10,000? Because there is no way for the recipient to know, we do treat them the same. If the recipient believes it is spam by his definition, then it goes into the spam folder. Then it is sent to the Bayes system and SpamCop. The only difference you might see would be the number of complaints SpamCop would receive and whether it hit any spam trap addresses. But both types are treated exactly the same and reported exactly the same by the recipient. There is no way you can prove in your message that it is not a spam run of 10,000. * This e-mail, including attachments, may contain information that is privileged, proprietary, non-public, confidential, trademarked, copyrighted or exempt from disclosure and is intended to be conveyed only to the designated recipients(s). If you are not an intended recipient, please delete this e-mail, including attachments, and do not disseminate, distribute or copy this communication, by e-mail or otherwise. The unauthorized use, dissemination, distribution or reproduction of this e-mail, including attachments, is prohibited and may be unlawful. We reserve the right to monitor and review the content of all messages sent to or from this e-mail address.
Scott Richter settles with MS for $7 mil..
http://today.reuters.co.uk/news/NewsArticle.aspx?type=technologyNewsstoryID=2005-08-09T155406Z_01_N09617369_RTRIDST_0_TECH-TECH-MICROSOFT-SPAM-DC.XML Although on one hand, I hate to see Microsoft gaining money, I'm also greatly pleased to see Scott Richter (OptInRealBig.com) loosing it.
RE: When is Bulk Bulk
There is no way you can prove in your message that it is not a spam run of 10,000. If it wasn't personalized or very personalized, then that would be true. However, there are a number of statements and questions that are specific to your business and could not possibly have been computer generated that could potentially be in such a hand typed e-mail... to a point where it would be obvious that the message were hand-typed and impossible for it to be computer generated. Sure, I know that a few spammers have gotten pretty good at trying to make their spam look hand-typed and personalized... but they will never get anywhere near a true hand-typed e-mail that is very personalized and specific to the recipient... and THAT is the kind of unsolicited e-mail I've asked about today. --Rob McEwen
Re: Scott Richter settles with MS for $7 mil..
It's pocket change, though.
{o.o}
- Original Message -
From: Matt Kettler [EMAIL PROTECTED]
http://today.reuters.co.uk/news/NewsArticle.aspx?type=technologyNewsstoryID=2005-08-09T155406Z_01_N09617369_RTRIDST_0_TECH-TECH-MICROSOFT-SPAM-DC.XML
Although on one hand, I hate to see Microsoft gaining money, I'm also
greatly
pleased to see Scott Richter (OptInRealBig.com) loosing it.
RE: When is Bulk Bulk
-Original Message- From: Mike Wiebeld [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 09, 2005 4:49 PM To: users@spamassassin.apache.org Subject: RE: When is Bulk Bulk Rob McEwen [EMAIL PROTECTED] wrote on 08/09/05 01:36PM: Of course I don't propose any sort of rules changes. Generally, someone's bad behavior will speak for itself in that the more egregious their spamming, the more URI RBL blacklists they will appear on. Also, use of spammer's obfuscation techniques or sending mail from a spam gang's server also speaks for itself. But I do hate the idea of someone sending out 10 unsolicited but hand-typed e-mails being treated the same as a spammer sending out 10,000 unsolicited and impersonal e-mails per day... but somehow I think that this is already taken care of in spite of what some of the more aggressive mail administrators have said today. I don't think you understand the situation. How is the recipient supposed to know whether it is actually a hand crafted email sent just to him or a spam run of 10,000? Because there is no way for the recipient to know, we do treat them the same. If the recipient believes it is spam by his definition, then it goes into the spam folder. Then it is sent to the Bayes system and SpamCop. The only difference you might see would be the number of complaints SpamCop would receive and whether it hit any spam trap addresses. But both types are treated exactly the same and reported exactly the same by the recipient. There is no way you can prove in your message that it is not a spam run of 10,000. You put enough bad spam reports in spamcop and you are pretty much ignored by spamcop, you become the 'spam report' spammer. And, if you report to legit RBL services too many bad reports, same thing. Most admins won't use RBLs, URIs, or anything else that have too many false positives. (that is one of the reasons SA is so popular, low false positives) If they do, they spend all their time fighting with their own users who are not getting emails they want. Do that stuff too much and you will get fired or lose your customers.
Re: When is Bulk Bulk
From: Rob McEwen [EMAIL PROTECTED]
Does anyone else consider SpamHaus's definition as too weak and believe that
ANY unsolicited e-mail is spam, even if a personally hand-typed note?
jdow: Unsolicited commercial email from a source with which I have
never done business is spam. It does not matter if it is Mother
Theresa risen from the dead to appeal for funds for starving babies
in Nigeria, it is still spam. It is spam if Hillary Clinton's minions
send me vote for me email. It is spam if Shrub's minions send me
vote for me email. It is spam if ANY politician or charity or TV
station or business with which I have not done business or whom I
have subsequent to doing business with told them not to send me mail
does so. And UCE is spamperiod
If a local business spams me I am likely to walk in and make it
personal very loudly, too. (I've done it at least once.)
{^_^}
Re: When is Bulk Bulk
From: Rob McEwen [EMAIL PROTECTED]
Clarification of my last message:
When I asked What about unsolicited political or non-profit e-mails?,
please don't misunderstand me. I'm NOT saying that all political or
non-profit are not spam... I was only responding to another's definition
of
spam as being unsolicited email of a commercial nature
...I was trying to point out that it is sometimes harder to define and/or
rely upon commercial than it is to define and/or rely upon bulk as a
criteria for being considered spam.
--Rob McEwen
And Rob, as stated in my immediately prior rock carving, non-profit,
political, survey company, or business as a source makes not one whit
of difference. (The FTC do not call list has it wrong this way. And I
have refused to vote for politicians who call, interrupt me on MY time,
and have the temerity to ask for my vote.)
We live in a time of sound bites and limited ability to communicate.
People call it being interrupt driven. I call it shallow thinking.
When you think in sound bites you never get into critical thinking mode.
That makes it easier to sell you a bill of brown steaming material such
as emanates from the South end of a North facing fertile male bovine
as gospel truth.
Can you cut deep code while you are interrupted every 10 minutes by a
telephone call or an office visitor? What is the quality of that code?
There is a reason the ritual for approaching a real coder in her office
is so rigid. It ain't safe. The old joke goes, Shove a box of doughnuts
through the door. Then holding a chair up for shield push the door open
wider and enter if she is eating. Be done before the doughnuts run out.
Broken concentration leads to broken code, broken critical thinking,
broken contemplative thinking. It leads to shallowness in every day life.
As an old gray hair I note there is WAY more shallowness these days than
I remember from my earlier days. People who were in thought related
jobs were seldom interrupted a fraction as often as they are now.
No, the source does not matter with regards to it being spam of any kind,
email, telephone, snail mail, tracts left hanging on the door knob,
vacuuous proselytizers at the door, whatever. It's spam, Sam.
{^_^}
Re: Manual bayes expiration in MySQL database
Don't expire things manually. 1. Why not? 2. On a Bayes SQL setup with multiple servers feeding/reading the db, should one server be responsible for expiration or should each opportunistically take care of it? -- Steve
Re: Manual bayes expiration in MySQL database
Steven Stern wrote: Don't expire things manually. 1. Why not? 2. On a Bayes SQL setup with multiple servers feeding/reading the db, should one server be responsible for expiration or should each opportunistically take care of it? I'll be more specific, don't expire things by doing the SQL commands yourself. It is fine to expire manually by running sa-learn --force-expire. That will perform all of the proper actions, updating the various variables correctly. Doing it in SQL by hand is asking for trouble. The way that the system is designed only one process should be able to perform an expire at once. So, you keep auto expire on and each server can determine if they should opportunistically perform the expire. I'm having a hard time imagining how things could become corrupted. Michael signature.asc Description: OpenPGP digital signature
Re: Manual bayes expiration in MySQL database
Michael Parker wrote: Steven Stern wrote: Don't expire things manually. 1. Why not? 2. On a Bayes SQL setup with multiple servers feeding/reading the db, should one server be responsible for expiration or should each opportunistically take care of it? I'll be more specific, don't expire things by doing the SQL commands yourself. It is fine to expire manually by running sa-learn --force-expire. That will perform all of the proper actions, updating the various variables correctly. Doing it in SQL by hand is asking for trouble. The way that the system is designed only one process should be able to perform an expire at once. So, you keep auto expire on and each server can determine if they should opportunistically perform the expire. I'm having a hard time imagining how things could become corrupted. Michael I'm using sa-learn --force-expire every 4 hours on the server that hosts the database. Seems to work OK. -- Steve
Re: [sa-list] Re: spamd children run as root (again)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 all this info is useful on the bug, not on this side discussion. - --j. Craig McLean writes: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 FWIW I *don't* see this issue on FBSD 5.2.1 running SA 3.0.4 with perl 5.6.1 Craig. Justin Mason wrote: ah, good to hear -- although it would have been nice to have had that noted on bug 3900, which was still listed as awaiting confirmation... --j. Charles Sprickman writes: I've seen this problem as well, even in the latest ports version. Still runs as root. If I apply the attached patch (obtained from one of the bugzilla entries), it works properly. Running FBSD 4.11 w/perl 5.6.2 (5.8.7 had the same problem, I backed out of 5.8 since it chewed up more memory than I was comfortable with). Charles On Mon, 8 Aug 2005, Dan Mahoney, System Admin wrote: On Tue, 26 Apr 2005, Justin Mason wrote: It's specifically a problem with perl on *BSD platforms -- there's a bug open about it, but it's stalled because we don't have any developers with BSD machines ;) Anyone want a test machine where this is occurring? Where it DIDN'T occur before under 3.0.3? Contact me offlist. I've had a bugzilla report sitting in NEW status for over a month now, I think. I flagged it as security because I a) thought maybe there was some priority to that and b) actually believe it to be, but nobody has done anything with it. http://bugzilla.spamassassin.org/show_bug.cgi?idD98 -Dan at least on some platforms (MacOS X) it appears perl's setuid support substantially does not work. --j. Brandon Kuczenski writes: I've seen this question posted a couple times in the mailing list archives (from October 2004) but no resolution. The question again: I'm running SpamAssassin 3.0.2 on FreeBSD 4.10 in spamc/spamd format with the '-u spamd' flag. Problem is, all the child processes are running as root: $ ps aux | grep spam root 333 0.0 10.1 27636 25932 ?? I11Apr05 1:03.83 spamd child (perl) root 332 0.0 10.5 29020 27032 ?? I11Apr05 1:07.96 spamd child (perl) root 331 0.0 9.7 26544 24852 ?? I11Apr05 0:52.68 spamd child (perl) root 330 0.0 9.9 27152 25524 ?? I11Apr05 1:04.40 spamd child (perl) root 329 0.0 9.8 26864 25116 ?? I11Apr05 0:58.08 spamd child (perl) spamd 294 0.0 7.1 22392 18220 ?? Is 11Apr05 0:01.61 /usr/local/bin/spamd -d -c -u spamd -H /home/spamd -r /var/run/spamd.pid (perl) $ Is this intended or is it a bug? The two threads I've seen that pertain to it (both dating from Oct04) are left unresolved: http://thread.gmane.org/gmane.mail.spam.spamassassin.general/57900 http://thread.gmane.org/gmane.mail.spam.spamassassin.general/58087 The practical consequence of this (aside from the unorthodoxy -- undesired processes owned by root) is that the permissions of my ~user/.spamassassin/bayes_journal file get changed to root:spamd 0660. I wanted them to be spamd:user 0660, so that the user can run sa-learn without asking for root's help. Is that not the 'right way' to do things? Has there been a resolution to this question? If not, .. doesn't everybody have this problem? Or is it not a problem? If not, why not? -Brandon Output from gpg 298BC7D0 gpg: There is no indication that the signature belongs to the owner. 298B C7D0 -- Don't try to out-wierd me. I get stranger things than you free with my breakfast cereal. -Button seen at I-CON XVII (and subsequently purchased) Dan Mahoney Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC ICQ: 13735144 AIM: LarpGM Site: http://www.gushi.org --- --0-343817720-1123532392=:14641 Content-Type: TEXT/PLAIN; charset=US-ASCII; name=spamd-euid.patch Content-Transfer-Encoding: BASE64 Content-ID: [EMAIL PROTECTED] Content-Description: Content-Disposition: attachment; filename=spamd-euid.patch LS0tIHNwYW1kLm9sZAlXZWQgT2N0IDEzIDE2OjQ5OjU4IDIwMDQNCisrKyBz cGFtZAlUaHUgT2N0IDE0IDIwOjE1OjUzIDIwMDQNCkBAIC03MDAsNiArNzAw LDE1IEBADQogICAjIENoYW5nZSBVSUQNCiAgICQ+ID0gJHV1aWQ7ICAgICAg ICAgICAgIyBlZmZlY3RpdmUgdWlkDQogICAkPCA9ICR1dWlkOyAgICAgICAg ICAgICMgcmVhbCB1aWQuIHdlIG5vdyBjYW5ub3Qgc2V0dWlkIGFueW1vcmUN CisNCisgIGlmICggJDwgIT0gJHV1aWQgKSB7DQorICAgIHdhcm4oImluaXRp YWwgYXR0ZW1wdCB0byBjaGFuZ2UgcmVhbCB1aWQgZmFpbGVkLCB0cnlpbmcg QlNEIHdvcmthcm91bmQiKSBpZiAkb3B0eydkZWJ1Zyd9Ow0KKw0KKyAgICAk PiA9ICQ8OwkJCSMgcmV2ZXJ0IGV1aWQgdG8gcnVpZA0KKyAgICAkPCA9ICR1 dWlkOwkJCSMgY2hhbmdlIHJ1aWQgdG8gdGFyZ2V0DQorICAgICQ+ID0gJHV1 aWQ7CQkJIyBjaGFuZ2UgZXVpZCBiYWNrIHRvIHRhcmdldA0KKyAgfQ0KKw0K ICAgaWYgKCAkPiAhPSAkdXVpZCBhbmQgJD4gIT0gKCAkdXVpZCAtIDIqKjMy ICkgKSB7DQogICAgIGRpZSAiZmF0YWw6IHNldHVpZCB0byB1aWQgJHV1aWQg ZmFpbGVkXG4iOw0KICAgfQ0K --0-343817720-1123532392=:14641-- -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (FreeBSD)
Re: When is Bulk Bulk
From: E. Falk [EMAIL PROTECTED]
Rob McEwen wrote:
Does anyone else consider SpamHaus's definition as too weak and believe
that
ANY unsolicited e-mail is spam, even if a personally hand-typed note?
I'm really curious as to how we would defined solicited e-mail. As far
as bulk e-mail goes, it's fairly easy. Do I solicit the jokes my
friends e-mail me? What about the chain letter that warns me about the
teddy bear virus? Or the endless petitions? Or the message that asks me
if I want to go catch a movie on Friday night?
With friends that's social email such as lubricates and feeds a
relationship. If I sign up for messages from someone I've done
business with that is email I want. (Conversely if I say no email
and I receive something it had best be close to end of the Earth
important to me.)
Personally, I worry far more about Bulk than I do about the Unsolicited.
I get plenty of e-mail that is unsolicited and unwanted - often from my
users. :) If it's unwanted but it is personal (or at least a forward)
and I can speak directly to the person who is responsible, then it's not
Spam to me. It may not be welcome, but it's not Spam. I'd even be pretty
lenient on the definition of bulk, so as not to include those
irritating souls who forward everything they receive to their entire
address books.
Bulk schmulk - a line has to be drawn somewhere. I find it easier to
draw the line at the boundary between zero and one than to quibble
about whether it should be 1, 10, 100, 111, 333, 666, 1000, 1e9, or
Avogadro's number. I'm lazy in that regard. And I prefer to waste my
time my way. (Like commenting on this nonsense. {^_-})
{^_^}
Re: When is Bulk Bulk
From: Rob McEwen [EMAIL PROTECTED]
OBSERVATION:
Could some of us be treating unsolicited Business-to-Consumer and
unsolicited Business-To-Business the same? Should they be treated the same?
jdow: Unsolicited business to business comes in two flavors. Someone
wants to sell me his superwhizbang electricified pencil sharpener or
someone wants to purchase something from me that I have published for
sale. The former gets the brunt of my sense of humor if I bother to
do anything other than assign their address to /dev/null. The latter
get my considered attention.
If not, the perhaps some people's irritation about getting called at
dinner-time for the 10th time by the same phone company be influencing their
opinions here?
jdow: Even at work there were times I had to fight HARD to be civil
and suggest the person contact me some other time. What worked best was
if someone was already visiting Fred over there or Greg on the corner
he'd look in and see if I was interested. 10 seconds if interruption is
not the same as a blaring ring on a phone and 10 minutes or even 1
minute of hard sell.
Am I likely to think you are wasting my time? Ask that question and
act accordingly. Take your product biases or candidate biases and put
them aside. Then ask the question dispassionately.
{^_^}
Re: When is Bulk Bulk
From: Kelson [EMAIL PROTECTED]
E. Falk wrote:
Rob McEwen wrote:
Does anyone else consider SpamHaus's definition as too weak and believe
that
ANY unsolicited e-mail is spam, even if a personally hand-typed note?
Hmm, how about Hi, I see you have a link on your web page to my site at
XYZ. I'm moving to ABC, and would appreciate it if you would update
your link. Thank you.
Assume that the target does, indeed, have a link to the old location of
the site in question (and that it wasn't inserted by a link spammer),
and that the site really is moving to the new URL provided.
Unsolicited. Potentially bulk. But is it spam?
Not spam. It's somebody with whom you have a significant prior
relationship. Hi, I noticed you browsed my website by using clever
reverse lookups and skullduggery. I think you'd be interested in my
baby kimodo dragon feeder. That's spam.
{^_^}
Re: When is Bulk Bulk
From: Mike Wiebeld [EMAIL PROTECTED]
Rob McEwen [EMAIL PROTECTED] wrote on 08/09/05 12:59PM:
OBSERVATION:
Could some of us be treating unsolicited Business-to-Consumer and
unsolicited Business-To-Business the same? Should they be treated the
same?
Of course we treat them the same. They all go through SpamAssassin. If the
recipient thinks it is spam, it gets added and reported to SpamCop.
Are you proposing some method of determining whether an email is
Business-to-Consumer or Business-To-Business and treating them differently
in SpamAssassin? How would you be able to do that and why would you want to?
jdow: Use different rules and spam databases for work and home. The
email contents you WANT will be different.
{^_^}
Re: When is Bulk Bulk
From: Greg Allen [EMAIL PROTECTED]
-Original Message-
From: Mike Wiebeld [mailto:[EMAIL PROTECTED]
I don't think you understand the situation. How is the recipient
supposed to know whether it is actually a hand crafted email sent
just to him or a spam run of 10,000?
Because there is no way for the recipient to know, we do treat
them the same. If the recipient believes it is spam by his
definition, then it goes into the spam folder. Then it is sent to
the Bayes system and SpamCop.
The only difference you might see would be the number of
complaints SpamCop would receive and whether it hit any spam trap
addresses. But both types are treated exactly the same and
reported exactly the same by the recipient. There is no way you
can prove in your message that it is not a spam run of 10,000.
You put enough bad spam reports in spamcop and you are pretty much ignored
by spamcop, you become the 'spam report' spammer. And, if you report to
legit RBL services too many bad reports, same thing.
Most admins won't use RBLs, URIs, or anything else that have too many
false
positives. (that is one of the reasons SA is so popular, low false
positives) If they do, they spend all their time fighting with their own
users who are not getting emails they want. Do that stuff too much and you
will get fired or lose your customers.
I *VERY* seldom report spam to BLs. I figure what I consider to be spam
may be quite different from what somebody else considers spam. I find I
am a little more conservative in that notion than others because I find
that by the time I am ready to spam report it some other folks already
have. I may be extreme and intolerant of email spam. But I do not try to
foist my extreme position on others via anything other than persuasion.
I like BLs that adopt that sort of position as well - as long as they
do not black list whole net blocks for one address' sins.
{^_^}
Re: Scott Richter settles with MS for $7 mil..
On Tuesday 09 August 2005 18:19, jdow wrote:
It's pocket change, though.
{o.o}
Chuckle, for him maybe. To me though, its obvious I'm not wearing the
right trowsers as I rarely find more than $200 in cash in them.
Where do I find clothes with that sort of pocket change in them? :-)
[...]
--
Cheers, Gene
There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)
99.35% setiathome rank, not too shabby for a WV hillbilly
Yahoo.com and AOL/TW attorneys please note, additions to the above
message by Gene Heskett are:
Copyright 2005 by Maurice Eugene Heskett, all rights reserved.
RE: When is Bulk Bulk
At 14:56 09-08-2005, Rob McEwen wrote: Thanks for the feedback... but it looks like you e-mailed this directly to me without sending it to the spamassassin thread . Please consider re-sending this to the SA list so that other can benefit from your comment... as you probably intended! --Rob McEwen I chose to send you an unsolicited email instead of replying to the thread. :-) I am posting the comment to the SA list as you suggested. -Original Message- From: SM This is indeed a slippery slope. The emails are unsolicited. This one is too as we do not have any business relationship. :-) In business, there are times when we might email someone or even phone that person even if we have no prior relationship with the person. As it is a manual process, we are limited to number of emails we can write or calls we can make in a day. The slippery slope is where to set the threshold without hampering business. As long as the emails are not computer generated, the list is not some list the person purchased and the email is individualized, then we cannot call it bulk. If the template is to add the name of the recipient and the website only, then a lot of people might label it as spam. There may come a day when your client may find that it is easier and faster to use software to grab the information from the website and have some bulk software generate and send the emails. You may wish to bring to the attention of the client that his/her emails might be construed as spam. And you might warn the person that you will be closely monitoring email traffic and you may terminate the account if you receive any complaints. Bulk is bulk when it people start complaining. If you see hundreds of emails going out each day, you are sure to have complaints sooner or later. Regards, -sm
Re: When is Bulk Bulk
jdow wrote: Not spam. It's somebody with whom you have a significant prior relationship. Agreed. I was mainly looking to see if anyone thought it *was* spam, and if so, why... and also to see how people articulated the difference between an out-of-the-blue please update your link and a similarly unexpected please add this link. It seemed clear to me that the former was acceptable and the latter unacceptable, but I couldn't quite put my finger on why, at least within the definition as it's being framed in this discussion. Hi, I noticed you browsed my website by using clever reverse lookups and skullduggery. I think you'd be interested in my baby kimodo dragon feeder. That's spam. Hey, I've gotten that offer! Well, not really... but some of the link requests I've gotten are about as relevant. I think my favorite was the time I posted several photos on my website including one of the Ghirardelli shop in San Diego. Within two days, someone sent me a note about how they'd been to my website about chocolate, and how they really thought I should team up with *their* chocolate website, etc. Actually, I take that back. The one about targeted advertising is my favorite, out of sheer irony. -- Kelson Vibber SpeedGate Communications www.speed.net
Re: When is Bulk Bulk
From: SM [EMAIL PROTECTED]
This is indeed a slippery slope. The emails are unsolicited. This
one is too as we do not have any business relationship. :-) In
business, there are times when we might email someone or even phone
that person even if we have no prior relationship with the
person. As it is a manual process, we are limited to number of
emails we can write or calls we can make in a day. The slippery
slope is where to set the threshold without hampering business.
As long as the emails are not computer generated, the list is not
some list the person purchased and the email is individualized, then
we cannot call it bulk. If the template is to add the name of the
recipient and the website only, then a lot of people might label it
as spam. There may come a day when your client may find that it is
easier and faster to use software to grab the information from the
website and have some bulk software generate and send the emails.
You may wish to bring to the attention of the client that his/her
emails might be construed as spam. And you might warn the person
that you will be closely monitoring email traffic and you may
terminate the account if you receive any complaints.
Bulk is bulk when it people start complaining. If you see hundreds
of emails going out each day, you are sure to have complaints sooner or
later.
Worrying about bulk or not is a distraction. It's not in issue. What
will the recipients think? How are they likely to react? What makes you
think it will get through the email process with NOBODY complaining to
a blacklist or sysadmin?
{^_^}
Re: When is Bulk Bulk
From: Kelson [EMAIL PROTECTED]
jdow wrote:
Not spam. It's somebody with whom you have a significant prior
relationship.
Agreed. I was mainly looking to see if anyone thought it *was* spam,
and if so, why... and also to see how people articulated the difference
between an out-of-the-blue please update your link and a similarly
unexpected please add this link. It seemed clear to me that the
former was acceptable and the latter unacceptable, but I couldn't quite
put my finger on why, at least within the definition as it's being
framed in this discussion.
And if it's Please use this link rather than mirroring my site
material then it's my (very) bad that I should fix.
{^_-}
RE: GeoCities Link-only spam
I went with the RBL method. More than 1 way to skin a spammer. :-)
Anyways, they put themselves into my bayes with the extra points of the
china RBL. Life is good... Now I can back down on the China points some
since my bayes will more likely catch this garbage.
Content preview: myrtis
http://uk.geocities.com/Guillermo_Ratermann/?NKN7j=This_is_your_way_to_red
u
ce_the_outflow_on_tiptop_reemedies. bye :-) [...]
Content analysis details: (11.3 points, 5.0 required)
pts rule name description
--
--
1.3 DATE_IN_FUTURE_06_12 Date: is 6 to 12 hours after Received: date
5.0 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
[score: 0.]
5.0 RCVD_IN_CHINA RBL: Received via China IP china.blackholes.us
[58.33.99.179 listed in china.blackholes.us]
-Original Message-
From: Jonathan Nichols [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 09, 2005 2:36 PM
To: Kelson
Cc: SpamAssassin Users
Subject: Re: GeoCities Link-only spam
Of course, if you want to match *any* Geocities URL (which I think is a
bit much for a 4-point score), you'd want something like this:
uri GEOCITIES /\.geocities\.com\b/i
or if you want to make sure it matches the domain name,
uri GEOCITIES /^http:\/\/[a-z0-9-]{1,30}\.geocities\.com\b/i
Cool! thanks. I think that will work a lot better. :)
I got one today based on my previous feeble rule attempt. It got 4
points.. my rule was the only one that it hit.
Bloody Geocities. :|
Re: Whitelists
Hello Jack, Tuesday, August 9, 2005, 6:15:22 AM, you wrote: JG I am trying to pass CNN breaking news alerts through the filters. My JG user_prefs contains: JG whitelist_from [EMAIL PROTECTED] JG and even JG whitelist_from [EMAIL PROTECTED] JG The problem is that they are sending mail from [EMAIL PROTECTED] JG and it is being flagged as spam. What is the easiest way around this? 1) Grab the SARE whitelist config file, which uses the whitelist_from_rcvd directive rather than whitelist_from, and includes an entry for whitelist_from_rcvd [EMAIL PROTECTED] cnn.com # C.N.N. See http://www.rulesemporium.com/rules.htm#whitelist 2) If you have other important non-spam emails from CNN coming from other @*.cnn.com email addresses, send me copies with full headers, so I can add them to the file. That way others will benefit besides you (though you're more than welcome to use the sample above for your own use if you want). Bob Menschel
Re: When is Bulk Bulk
At 18:04 09-08-2005, jdow wrote: Worrying about bulk or not is a distraction. It's not in issue. What will the recipients think? How are they likely to react? What makes you think it will get through the email process with NOBODY complaining to a blacklist or sysadmin? I mentioned complaints. It is up to the admin of the sending domain to determine whether the server may be blacklisted because of such mail. The replies to this thread gives the answer as to what will the recipients think and how they might react. Regards, -sm
Re: When is Bulk Bulk
After reading through this thread, I decided to formally define my own definition of spam (since others are basically trying to do that, etc.). A) It does not matter, one way or the other, if the message is automatically generated or hand generated. If you don't want to wear your fingers down to the bone typing a message to me that I wont even accept or read, then don't type it. If I don't want the message content in the first place, then I have no sympathy for the fingers that typed it. B) It doesn't matter to me if it was 1 message or 1 million. I am as annoyed by the spam's I receive once as I am by the spams I receive over and over again. (though, see G about repetition) C) If the message has a forged sender, and it is not a joke from a known friend of mine, or a legitimate whistle blower type message for a serious issue which needs an anonymous sender to protect them from reprisals for the whistle blowing, it is spam. (for mailing lists which alter the sender information to be the list itself, I do not consider this to be a forgery) (in the case of a whistle blower, the forgery must be to make it anonymous, instead of making it seem like it came from someone else) D) If the message has obscured the recipients from the headers, for any reason or purpose other than to simplify the recipients of a formal mailing list, it is spam. (so, if the actual recipients aren't listed in the To/CC headers, then a mailing list to which that recipient belongs must be in the To/CC headers, and the message must have legitimately been sent to/through that mailing list) (For all of you people who like to send a undisclosed recipients message to all of your friends: yes, I'm calling you spammers, and I am unapologetic about it. If you don't like it, don't send me email.) E) If the message attempts to falsify any sort of prior relationship between myself and the sender, it is spam. F) If I ask you stop sending me messages, and you continue to send me messages through any means other than physical/snail mail from your lawyer to my lawyer, your continued messages are both spam and harassment. G) If you send me the same general message more than 3 times, and I did not request that you repeat the message, it becomes spam regardless of what it may have been in the first place (historical note: this is the closest definition to the original definition of spam on the net, which had more to do with volume and repetition than content). H) For this section, I shall define a new header: X-SpamOrHam (the purpose of this section is to illustrate that it is spam if the messages true purpose and content is in any way obscured and not plainly announced, but I am also announcing that I demand that such purpose/content be announced, and announced in a particular manner that suits me, as follows) If a message fails any of these criteria, or falsifies any of these answers, it is spam (or, in any of these cases, if the initial condition is true, but the header doesn't exist): 0) If the message comes from a business, and it is in any way speaking for a business, or on behalf of the products or services of a business (as opposed to being a friend of mine emailing me from their work account, about non- business matters), even if the sending business is not the same as the business being discussed, and the header field does not match: /.* business.*/i 1) If it is an advertisement, business opportunity, or other attempt to get money from me, and the content of that header field does not match: /.* advertisement.*/i 2) If it is a business announcement from a company for which I have an existing relationship for which I am the customer, and the header field does not match: /.* customer.*/i 3) If it is a business announcement from a company for which I have an existing relationship not covered by #2, and the header does not match: /.* partner.*/i 4) If it is a business announcement from a company for which I have no existing relationship, and the header does not match: /.* unsolicited.*/i 5) If it is a mailing list, which I have performed a double- opt-in (ie. a _REAL_ opt-in, not a fake opt-in), and the header field does not match: /.* confirmed-list.*/i 6) If it is a mailing list, where only a signle opt-in has been performed (ie. a fake-opt-in), and the header field does not match: /.* unconfirmed-list.*/i 7) If it is a mailing list where I have not performed any opt-in at all, and the header field does not match: /.* forced-list.*/i 8) If it is a message whose recipients come from a purchased list, and the header does not match: /.* purchased-recipient-list.*/i 9) If the message is an attempt to give me free stuff, or free money, and you do not personally know me, and the header field does not match:
spamd failded to start after upgrade to version 3.0.4
After upgrading SpamAssassin from version 2.5x to 3.0.4 I can't start spamassassin. Error [EMAIL PROTECTED] init.d]# ./spamassassin startStarting spamd: The -a option has been removed. Please look at the use_auto_whitelist config option instead. [FAILED] I verify that the -a option is removed from /etc/init.d/spamassassin and added the "use_auto_whitelist config option 1"in the /etc/mail/spamassassin/local.cf. However the problem persists. Please help. Hanh Dao ACL Pty Limited tel: +61 2 9025 4736 fax: +61 2 9252 3799 email: [EMAIL PROTECTED] internet: www.acl.edu.au This email message and any accompanying attachments may contain information that is confidential and is subject to legal privilege. If you are not the intended recipient, do not read, use, disseminate, distribute or copy this message or attachments. If you have received this message in error, please notify the sender immediately and delete this message. Any views expressed in this email and any attachments are not those of ACL, except where the sender expressly, and with authority, states them to represent ACLÂ’s views. Before opening any attachments, please check them for viruses and defects.
Re: spamd failded to start after upgrade to version 3.0.4
On Wed, Aug 10, 2005 at 12:31:50PM +1000, Hanh Dao wrote: After upgrading SpamAssassin from version 2.5x to 3.0.4 I can't start spamassassin. Error [EMAIL PROTECTED] init.d]# ./spamassassin start Starting spamd: The -a option has been removed. Please look at the use_auto_whitelist config option instead. [FAILED] I verify that the -a option is removed from /etc/init.d/spamassassin and added the use_auto_whitelist config option 1 in the /etc/mail/spamassassin/local.cf. However the problem persists. There are two places where spamd options may be specified. One is in /etc/init.d/spamassassin and the other is in /etc/sysconfig/spamassassin. Check there. Please help. Hanh Dao ACL Pty Limited tel: +61 2 9025 4736 fax: +61 2 9252 3799 email: [EMAIL PROTECTED] internet: www.acl.edu.au brainless disclaimer punted Cheers, -- Bob McClure, Jr. Bobcat Open Systems, Inc. [EMAIL PROTECTED] http://www.bobcatos.com God doesn't have (or need) a Plan B.
RE: When is Bulk Bulk
I think that it is about time for at least couple of you to take some time off and go to the beach or see a movie or something... Or, maybe you can go to the gym and paste a picture of your favorite spam king on the punching bag? :) ...back to business... jdow wrote: ...well, a lot of stuff... see earlier posts... ...and... John Rudd mentioned: (For all of you people who like to send a undisclosed recipients message to all of your friends: yes, I'm calling you spammers, and I am unapologetic about it. If you don't like it, don't send me email.) message for John Rudd, Actually it is extremely more rude, inappropriate, amateurish, and unprofessional to reveal everyone's e-mail addresses to ALL the recipients. For example, if my friend sends me a joke e-mail and he sends this to all of his other friends, I do NOT want my e-mail address so easily accessible by the others because my circle of friends may not be the exact same as his. Also, this opens up more addresses to zombie attacks where the addresses are harvested by a zombie or virus right out of a persons' e-mail client program. Also, your header fields idea is ideal, but I expect that a lot of legit mail will not follow those standards for years to come. message for jdow, Can you cut deep code while you are interrupted every 10 minutes by a telephone call or an office visitor? This is exactly why if, given the choice, I'd prefer to be cold-called with a non-bulk personalized unsolicited e-mail rather than being interrupted by a visitor or phone call. The former I can look at a time of my own choosing, the later demands my particular time that moment. Therefore, treating both as being just as evil doesn't help. Also, I know that most people hate spam... even viciously hate spam... but I don't think there is anyone in the world who hates spam as much as you... (except for, maybe, John Rudd.) I applaud both of your tenacity in your fight against spam... but do you really think that the average user is going to be soo offended by the particular message that I originally described on this thread if received only once? --Rob McEwen
Re: Selectively disabling bayes autolearning
... Is it possible to selectively disable bayes autolearning? For example, I would like auto learning disabled for mail sent to this mailing list since all this spam discussion and forwarded spam snippets would probably pollute the bayses database (which probably thinks very highly of geocities by now ;-) I guess I could feed this mailing lists messages back into sa-learn -- forget, but I'd like something automatic. -- Steve Martin http://www.cheezmo.com/ Smart Calibration, LLC http://www.smartcalibration.com/ The Widescreen Movie Centerhttp://www.widemovies.com/ Letterboxed Movie TV Schedule http://www.widemovies.com/lbx.html bayes_ignore_to users@spamassassin.apache.org bayes_ignore_from wdprs.internic.net are two examples (the documentation is there, but nearly impossible to find - I think Theo or another team member pointed out one of them a couple of months ago). Without them, BAYES autolearning can be a nightmare to people who actually discuss spam (I have a *lot* more than those two). BTW. both accept the same format, either domain, host or account with limited wildcarding. Paul Shupak [EMAIL PROTECTED]
Re: When is Bulk Bulk
... E. Falk wrote: Rob McEwen wrote: Does anyone else consider SpamHaus's definition as too weak and believe that ANY unsolicited e-mail is spam, even if a personally hand-typed note? Hmm, how about Hi, I see you have a link on your web page to my site at XYZ. I'm moving to ABC, and would appreciate it if you would update your link. Thank you. Assume that the target does, indeed, have a link to the old location of the site in question (and that it wasn't inserted by a link spammer), and that the site really is moving to the new URL provided. Unsolicited. Potentially bulk. But is it spam? -- Kelson Vibber SpeedGate Communications www.speed.net A carefully constructed case, but it probably would not be spam, because the link itself is evidence of an existing relationship (whether or not the linker had intended to create one). Normally, I count either UCE or UBE as spam - if I don't know you and didn't ask for it, then it is unsolicited and probably easily fits one category or the other (there are also obvious exceptions, like an email attempting to establish a non-commercial relationship); But if I have published a link to your site, I have created a relationship, even if I didn't intend to. There are such things as implied consent, and IANAL, but this probably falls into that situation. Paul Shupak [EMAIL PROTECTED]
Re: Testing with four spaces before Testing was Re: Rule for subjects that start with a whitespace
--On Saturday, August 06, 2005 4:18 PM -0700 jdow [EMAIL PROTECTED] wrote: By that I meant that telnet localhost pop3 followed by an retr 1 (once logged in) showed the spaces normalized to exactly one in all cases. That's interesting... I just went checking my uncaught spam folder for headers that have multiple spaces after the colon and found them only in attachments. So then I sent myself a message with leading spaces in the subject from one server to another and found them there when inspecting my Inbox from a text editor. I then looked with my mail client using IMAP and Dovecot, and when I closed the folder, Dovecot rewrote the mailbox in canonical form. Bug?
RE: When is Bulk Bulk
... Rob McEwen [EMAIL PROTECTED] wrote on 08/09/05 01:36PM: Of course I don't propose any sort of rules changes. Generally, someone's bad behavior will speak for itself in that the more egregious their spamming, the more URI RBL blacklists they will appear on. Also, use of spammer's obfuscation techniques or sending mail from a spam gang's server also speaks for itself. But I do hate the idea of someone sending out 10 unsolicited but hand-typed e-mails being treated the same as a spammer sending out 10,000 unsolicited and impersonal e-mails per day... but somehow I think that this is already taken care of in spite of what some of the more aggressive mail administrators have said today. I don't think you understand the situation. How is the recipient supposed to know whether it is actually a hand crafted email sent just to him or a spam run of 10,000? Because there is no way for the recipient to know, we do treat them the same. If the recipient believes it is spam by his definition, then it goes into the spam folder. Then it is sent to the Bayes system and SpamCop. The only difference you might see would be the number of complaints SpamCop would receive and whether it hit any spam trap addresses. But both types are treated exactly the same and reported exactly the same by the recipient. There is no way you can prove in your message that it is not a spam run of 10,000. [snipped] Technically, you are entirely wrong. I can assign a serial number to each message, include in the message a cryptographic key and the serial number, sign the message cryptographically, and then publish (e.g. on a web page) a list of serial numbers and encrypted accounts that the emails were sent to; If the key sent decodes the encrypted account associated with the serial number to the recipients account, then the fact that a single copy of that particular message is virtually assured (depending, of course on the strength of the encryption methods and keys). The length of the total list and the list itself could be signed, which would demonstrate the total number of messages sent. A PITA, certainly not worth the effort, but easy (technically) to do. You can *prove* it was 10 not 10,000 (BTW. I still consider UCE to be spam - so personally I wouldn't care - I would treat it as spam, if it were commercial). Paul Shupak [EMAIL PROTECTED]
Re: When is Bulk Bulk
On Tue, 2005-08-09 at 13:37 -0400, Rob McEwen wrote: When is Bulk Bulk? The reason I ask is because I have a client who sends unsolicited e-mails to prospective clients. But he does this manually by visiting relevant web sites and then one-at-a-time, he personally e-mails these prospective clients. I don't consider this spam because it is not bulk and my client can actually tell you who he e-mailed that day and why. Still, this is a very slippery slope... what happens if he e-mails 50 such addresses that he manually spotted using a generic form letter? Would that be spam? I'm thinking yes. ...However, if these e-mails are sent one at a time and individualized to the recipient in a way that could NOT possibly be computer generated (not another I visited your web site and I think its great statements... but meaningful content that only a person with knowledge of the recipient could write)... in that case, I think he is ok, even if most of each letter came from a generic template. Maybe there are no hard simple rules... but I'd sure love some additional advice? Spam is often called UCE - unsolicited commercial e-mail. If it's commercial, and it is unsolicited, and it's e-mail, it's spam. If you are off-loading your advertising costs onto *my* e-mail system, it's a sure-fire way to make sure I never use your product or service. Thomas
RE: When is Bulk Bulk
On Tue, 2005-08-09 at 23:06 -0400, Rob McEwen wrote: I applaud both of your tenacity in your fight against spam... but do you really think that the average user is going to be soo offended by the particular message that I originally described on this thread if received only once? Goddamn right I will. If you send me UCE and through some miracle it somehow manages to get through all the spam blocking tools I have in place, your company or organization is permanently and irrevocably doomed to never get any business from me. You're spending *my* money to advertise to me, and that seriously pisses me off. If I want your product, I will do research. If your product is the best in its class, I will buy it. If your product is spamvertised, your screwed getting me as a client. Thomas
Re: When is Bulk Bulk
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 John Rudd writes: After reading through this thread, I decided to formally define my own definition of spam (since others are basically trying to do that, etc.). BTW, before we go too far down this rabbit-hole, everyone please note that actually, the SpamAssassin project *does* have its own definition of spam: that being Unsolicited Bulk Email. http://wiki.apache.org/spamassassin/Spam We could have a very long discussion about this again, but please, let's not. it's already been done ;) - --j. -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Exmh CVS iD8DBQFC+X0IMJF5cimLx9ARArH3AKCqkZsUWWEKwChTkbQS0faAt6RjXACePbuB GPdbjcJ5I9DbJDb6YfEDD14= =abdc -END PGP SIGNATURE-
RE: When is Bulk Bulk
On Tue, 2005-08-09 at 15:59 -0400, Rob McEwen wrote: OBSERVATION: Could some of us be treating unsolicited Business-to-Consumer and unsolicited Business-To-Business the same? Should they be treated the same? If it walks like a duck and quacks like a duck, it's a duck. No matter if it's B2B or B2C. If not, the perhaps some people's irritation about getting called at dinner-time for the 10th time by the same phone company be influencing their opinions here? Nope - I own a small business and I dealt with B2B spam as often as I dealt with B2C. It's all spam, and it all ends with the same results - the spammer loses my biz forever. Thomas
RE: When is Bulk Bulk
[EMAIL PROTECTED] writes: BTW, before we go too far down this rabbit-hole, everyone please note that actually, the SpamAssassin project *does* have its own definition of spam: that being Unsolicited Bulk Email. http://wiki.apache.org/spamassassin/Spam We could have a very long discussion about this again, but please, let's not. it's already been done ;) ...which contrasts the position many on this thread have expressed. But it is worth noting that this **official** SA definition of spam is pretty much the same as SpamHaus's definition. Furthermore, on SpamHaus's page, they describe their Unsolicited Bulk Email standard as being the industry standard. (see last paragraph on http://www.spamhaus.org/definition.html ) --Rob McEwen
RE: When is Bulk Bulk
On Tue, 2005-08-09 at 16:36 -0400, Rob McEwen wrote: But I do hate the idea of someone sending out 10 unsolicited but hand-typed e-mails being treated the same as a spammer sending out 10,000 unsolicited and impersonal e-mails per day... but somehow I think that this is already taken care of in spite of what some of the more aggressive mail administrators have said today. You miss the point - UCE is UCE is UCE, no matter how nice the guy is who sends it or whether it is hand typed or not. It pushes the cost of the sender's advertising onto the victim. In pretty much any other arena this would be called theft of service and prosecutable. The reason that is not the case with spam is because of people like you who have the attitude that a little spam is OK. No, it's not. UCE is not OK, no matter what. It should be treated as theft of service. I've set up dozens of SpamAssassin servers for clients to the tune of many many thousands of dollars, and I'm a pretty small operation. Do you think they have me set these up because they like me and they want to put money in my pocket? No! It's because it costs them more to deal with spam when it hits their users inboxes than it does to deal with it at the server. Spam has cost my clients TONS of money. It's wrong, no matter how well intentioned it is. If you support a spammer then you are part of the problem. Nothing against you personally Rob - I am sure you're a nice guy. You should not support people who spam. Thomas
RE: When is Bulk Bulk
On Tue, 2005-08-09 at 16:56 -0400, Rob McEwen wrote: There is no way you can prove in your message that it is not a spam run of 10,000. If it wasn't personalized or very personalized, then that would be true. Is it unsolicited? Is it commercial? Is it e-mail? Then it's spam. Don't make me pay for your advertising. Thomas
RE: When is Bulk Bulk
On Tue, 9 Aug 2005, Thomas Cameron wrote:
Nope - I own a small business and I dealt with B2B spam as often as I
dealt with B2C. It's all spam, and it all ends with the same results -
the spammer loses my biz forever.
Real reputable companies don't _need_ to spam.
There are legitimate venues for advertising, and spam isnt one of them.
Spam is the deliberate shifting of costs of advertising onto the recipient
('postage due marketing').
If your company needs to stoop to something this unethical, then I don't
care what you're selling -- I simply am not going to listen, and you're
on my blacklist _forever_.
-Dan
RE: When is Bulk Bulk
I believe this is why services such as Yahoo email started calling it bulk instead of spam. I also call it bulk to my users for the same reason. It's much easier to define bulk than it is to define spam. Spam is in the eye of the beholder as you can even see on this list. But I must say, some people on the list appear to be giving their own personal opinion as if they are only referring to their own email inbox, without regard to users on their system. Maybe they are not really administrators of multi-user systems, I don't know. If they are administrating large systems I would have to wonder what secret lists they had developed. But if you do manage multiple users accounts, you have to provide industry standard anti-spam protection without blocking on your own definition of spam. Now if you are only talking your own email box, you can define every email except emails from your mom as spam, not much of anyone would give a hoot what you block in your own inbox. AOL went nazi with their anti-spam several years back. I think they were considering charging to email their users even. That would have proved for sure to AOL you were not spam, because you paid them! LOL Kinda like some RBLs I have seen and would never use (ie, blars crapola). -Original Message- From: Rob McEwen [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 10, 2005 12:19 AM To: users@spamassassin.apache.org Subject: RE: When is Bulk Bulk [EMAIL PROTECTED] writes: BTW, before we go too far down this rabbit-hole, everyone please note that actually, the SpamAssassin project *does* have its own definition of spam: that being Unsolicited Bulk Email. http://wiki.apache.org/spamassassin/Spam We could have a very long discussion about this again, but please, let's not. it's already been done ;) ...which contrasts the position many on this thread have expressed. But it is worth noting that this **official** SA definition of spam is pretty much the same as SpamHaus's definition. Furthermore, on SpamHaus's page, they describe their Unsolicited Bulk Email standard as being the industry standard. (see last paragraph on http://www.spamhaus.org/definition.html ) --Rob McEwen
Re: DCC vs Razor2
Dr Robert Young wrote: We have been using Razor2 for some time on SA 3.0.4. I was recently reading about DCC. We have never tried it, so I was wondering about opinions as to its use. How effective is it? Should it be used with, or in place of, Razor? SpamAssassin will use both, so there's no need to choose between the two unless network traffic is a major concern.
RE: When is Bulk Bulk
Dan mentioned: If your company needs to stoop to something this unethical Just for the record, this is a sales person for a company that I host and maintain a website for. This is not my company... but they overall a very ethical company and currently fast growing. Also, this was just one of their employees. Frankly, prior to this thread, I'd have not thought of an occasional hand-typed though unsolicited commercial e-mail as not that big of a deal... boy, was I ever wrong!! Still, I do wonder if asking Spam Assassin mail administrators about a marginal case of spam is like asking a fire marshal about lighting fireworks or asking a traffic cop about going over the speed limit by 5 mph? Also, as Greg Allen mentioned in another post on this thread, being too zealous can lead to FPs if you aren't extra careful. In fact, I recently tested one of the most popular and highly rated client-side software programs for spam filtering e-mail in outlook. It too plays the catch every spam game and I found the FP rate to be alarmingly high. --Rob McEwen
Re[2]: When is Bulk Bulk
Hello Greg, Tuesday, August 9, 2005, 9:38:03 PM, you wrote: GA But if you do manage multiple users accounts, you have to provide industry GA standard anti-spam protection without blocking on your own definition of GA spam. Now if you are only talking your own email box, you can define every GA email except emails from your mom as spam, not much of anyone would give a GA hoot what you block in your own inbox. I disagree. Administering email for a multi-chain retail company, my job is to block all unsolicited non-customer emails that do not obey our company parameters, while admitting all customer emails without exception. So, if you want, our company has defined our own definition of spam, and we apply that definition to our 200 or so email accounts. Desired email: - all actual customer email - all realistic potential customer email - all honest customer-like email, even if not potential (ie: we have no stores in Michigan, but we treat a customer from there as courteously as we would an active customer of one of our stores) - all email from governmental agencies - all email from active vendors - all email from past vendors who are honorable and honest about regaining our business - all email from potential vendors who reach us through appropriate email addresses - all email from employees - all email from past employees - all email from prospective employees - all email from NGOs that reach us through appropriate email addresses - all email from anyone else for any reason, provided that email reaches us through appropriate email addresses Note that appropriate email addresses are posted on our web site, for that purpose. Anything else is spam. Supposed potential vendors who send queries to webmaster@ or sales@ is spam. Scams are spam. All emails with misdirecting email headers is spam. There are probably more categories of spam than there are non-spam. Bob Menschel
Re: When is Bulk Bulk
From: SM [EMAIL PROTECTED]
At 18:04 09-08-2005, jdow wrote:
Worrying about bulk or not is a distraction. It's not in issue. What
will the recipients think? How are they likely to react? What makes you
think it will get through the email process with NOBODY complaining to
a blacklist or sysadmin?
I mentioned complaints. It is up to the admin of the sending domain
to determine whether the server may be blacklisted because of such
mail. The replies to this thread gives the answer as to what will
the recipients think and how they might react.
Those are the questions Mr. Businessman will have to answer before
he indulges in an email advertising campaign. The up side may be new
customers The down side is alienated former potential customers. For
a legitimate businessman the downside is important to consider.
{^_^}
Re: When is Bulk Bulk
Could some of us be treating unsolicited Business-to-Consumer and unsolicited Business-To-Business the same? Should they be treated the same? Of course we treat them the same. They all go through SpamAssassin. If the recipient thinks it is spam, it gets added and reported to SpamCop. Are you proposing some method of determining whether an email is Business-to-Consumer or Business-To-Business and treating them differently in SpamAssassin? How would you be able to do that and why would you want to? What about a business web site that has an email address of [EMAIL PROTECTED] Isn't it likely that people you have never heard of might send unsolicited emails to that address, requesting information on your products? Do you really think it would be a good idea to add all unsolicited email addresses to that account to your master RBL? Loren
Re: When is Bulk Bulk
My $.02 here... Why doesn't he put together a nice presentation package and mail it to them? I think I know the real reason -- it costs money. It could be argued that sending an email costs money, but hardly the cost of putting together a decent presentation on a few sheets of flashy/nice paper and mailing it to prospective customers. This is a higher cost to the sender Just to play devil's advocate here for a moment: what if his business is website design? What would YOU think of getting a snail mail from someone claiming to be a genius website whiz? What *I* would think (if I even opened junk paper mail, which I don't) is this guy claims to be a web whiz and he doesn't even know about email? I'm going to give this guy my business? I don't *think* so! And into the roundfile it would go. Loren
