Re: When rules run amok....

[Justin Mason]

haha. 

NUMBER[0-255]
s/NUM/randomdigit/g
- 3BER[0-255]

oops!

the errors are harmless AFAIK.

--j.

jdow writes:
 I received this from a fellow on another list. It took some puzzling
 until I figured out what went wrong. He has yet to get back to me with
 whether or not there was a score on the message or not. But I think
 SA should guard itself if this leads to a message escaping getting
 marked.
 
 ===8---
 Joanne, you're wise to the world of spammers, have you ever seen anything 
 like this:
 
 Character in 'C' format wrapped in pack 
 at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Util.pm line 711, 
 GEN145 line 50. 
 Feb 21 20:38:08 cpollock last message repeated 2 times
 Feb 21 20:38:08 cpollock spamd[28011]: Argument BE isn't numeric in pack 
 at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Util.pm line 711, 
 GEN145 line 50. 
 Feb 21 20:38:08 cpollock spamd[28011]: Argument 1BE isn't numeric in pack 
 at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Util.pm line 711, 
 GEN145 line 50. 
 
 Here are the headers that are causing this:
 
 X-Apparently-To: [EMAIL PROTECTED] via 
 1-801.457.4483BER[0-255].1BER[0-255].1_(801) (457) (4483)BER[0-255].1_(801) 
 (457) (4483)BER[0-255]; Wed, 22 Feb 2006 08:29:56 +0600
  X-Originating-IP: [1 801 
 457-4483BER[0-255].1BER[0-255].1_801_457_4483BER[0-255].1BER[0-255]]
  Received: from 1_801.457.4483BER[0-255].1_801.457.4483BER[0-255].1 (801) 
 457-4483BER[0-255].1-801.457.4483BER[0-255]  (HELO c-1 801 457 
 4483BER[0-255].1_(801)_457_4483BER[0-255].1 (801) 
 457-4483BER[0-255].1_(801) (457) 
 (4483)BER[0-255].client.comcast.net-MUNGED) (1.801.457.4483BER[0-255].1 
 801_457_4483BER[0-255].1 801 457 4483BER[0-255].1 801 457 4483BER[0-255]) 
   by mta186.mail.re6.yahoo.com with SMTP; Wed, 22 Feb 2006 06:35:56 +0400
 
 This seems like an attempt to make SA crap out or something.  Looks almost 
 like a phone number. Your thoughts?
 ===8---
 
 pause here and see if you can figure it out.
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 OK, here is the thought I had. Yes, that is a phone number, for the Salt
 lake City area. It was sent by a spam generator that had a nice rule for
 putting in numbers for IP addresses using $NUMBER[0-255]. But it also has
 a rule $NUM for putting in a telephone number. Guess which rule hit first.
 
 {^_-}

AWL question

[Jon Essen-Moller]

Hi, I'm using SA 3.01 on a RedHat 8 box.

Sometimes spam points are added and the logs refer to the AWL list.:

---

X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on mail.local
X-Spam-Level: 
X-Spam-Status: Yes, score=0.4 required=0.2 tests=AWL autolearn=ham 
version=3.0.1
X-Spam-Report: 
*  0.4 AWL AWL: From: address is in the auto white-list

--
Shouldn't addresses in the AWL result in points being subtracted?

Does anyone know what could be wrong?

/jon

Re: AWL question

[Magnus Holmgren]

Jon Essen-Moller skrev:
 Shouldn't addresses in the AWL result in points being subtracted?

Käre Jon,

This is probably the most frequently asked question of them all. AWL
adds or subtracts points towards the previous average score of the
sender. See http://wiki.apache.org/spamassassin/AwlWrongWay.

-- 
Magnus Holmgren



signature.asc
Description: OpenPGP digital signature

'Amazon Customer' and others - scoring

[Tom Brown]

Does anyone have a good rule set to stop the Amazon Customer - 983A-987 
type emails? Also getting a few of the Starbucks ones through - I have 
managed to stop some by tweaking Bayes but they are only just getting 
scored high enough - Anyone know any good rules for these?


thanks

Re: AWL question

[Magnus Holmgren]

Jon Essen-Moller skrev:
 Hej Magnus,
 
 Tack för snabbt svar. Följfråga dock. Vet du ifall sa-learn --ham
 $file påverkar awl  poängsättning?
 
Please stick to English on the list. No, sa-learn only updates the bayes
database. It doesn't affect awl.

-- 
Magnus Holmgren



signature.asc
Description: OpenPGP digital signature

Bayes Advise and Question ?

[Vahric MUHTARYAN]

Hi Everybody , 



I red some articules about bayes and something is not clear
for me and I need spamassassin people advises 



Im using spamassassin rules ,
some SARE rules , razor and Im happy with spam detection . First I think
that I should disable autolearning and manuelly train bayes but after some read
I saw that some commercial products said that bayes must train min 2 week also
default spamassassin manner is 200 ham 200 spam messages. Before , I think that setting ham and
spam too low and train spamassassin only with spam mails which is not detected
by spamassassin ... is it right idea ? but I saw that I have to train with ham
and spams together because same words can past on spam mails or on ham mails
 What do you advise ? Should I train bayes manuelly or automaticly with
giving long time for trust bayes ! 



My system spam score threshold is
4.5 then its seems to be bayes_auto_learn_threshold_spam must
be setted to 4.5 right ? and if I set it to 4.5 then what will be the header
and body % for working ?! 



And I guess if system didnt
catch 3 header 3 body requriment then I have to train system manully right ? 



Anybody using Journal for bayes
learning , its solving about file locking , I think locking is not issue
for who is using database enviroment right ? 



Which way we have to choose for
using bayes_learning, database or file ? We are handling more then 500,000 mail
day ! 



Thanks 

Vahric 

RE: Bayes Advise and Question ?

[Bowie Bailey]

Vahric MUHTARYAN wrote:
 
 I red some articules about bayes and something is not clear for me
 and I need spamassassin people advises 
 
 I’m using spamassassin rules , some SARE rules , razor and I’m happy
 with spam detection . First I think that I should disable
 autolearning and manuelly train bayes 

Quite a few people will tell you that this is the best method, but
if you do manual training, you have to keep training it.  You are never
finished with the training because the spams keep changing.

 but after some read I saw that
 some commercial products said that bayes must train min 2 week also
 default spamassassin manner is 200 ham 200 spam messages.  Before , I
 think that setting ham and spam too low and train spamassassin only
 with spam mails which is not detected by spamassassin ... is it right
 idea ?

No, you have to train with both spam and ham so that Bayes can learn to
tell the difference.

  but I saw that I have to train with ham and spams together
 because same words can past on spam mails or on ham mails  What
 do you advise ? Should I train bayes manuelly or automaticly with
 giving long time for trust bayes !  

That is debatable.  I would suggest that you train it manually with
every email that comes through your system for a while.  Once you get to
200 ham and 200 spam and it starts working for you, you can switch to
either automatic learning, or continue manual learning with just the
messages that are scored wrong.
 
 My system spam score threshold is 4.5 then it’s seems to be
 “bayes_auto_learn_threshold_spam” must be setted to 4.5 right ? and
 if I set it to 4.5 then what will be the header and body % for
 working ?!   

No, those are two separate settings.

The spam threshold (required_hits) is the number of points needed before
SpamAssassin will mark a message as spam.

Bayes_auto_learn_threshold_spam is the number of points needed before
Bayes will learn a message as spam.  This should be higher than your
required hits to avoid learning false positives as spam.  Unless you
have a reason to distrust the default setting, I wouldn't change it.

Bayes_auto_learn_threshold_nonspam is the maximum score for a message
that Bayes learns as ham (or nonspam).  This defaults to 0.1, but some
people suggest that you should drop it to 0 or even -0.1 to avoid
learning false negatives.

 And I guess if system didn’t catch 3 header 3 body requriment then I
 have to train system manully right ? 

Right.

 Anybody using Journal for bayes learning , it’s solving about file
 locking , I think locking is not issue for who is using database
 enviroment right ?  

I don't think locking is an issue if you are using mysql or another DB
to hold the bayes database.  But then, I'm not using a database myself,
so I'm probably not the right person to answer this question.

 Which way we have to choose for using bayes_learning, database or
 file ? We are handling more then 500,000 mail day ! 

Database is probably the way to go for that volume.  I didn't set it up
that way because I don't have nearly that volume and I didn't want to go
through the hassle of setting it up.

-- 
Bowie

RE: Bayes Advise and Question ?

[Vahric MUHTARYAN]

Thank you sir :) 

-Original Message-
From: Bowie Bailey [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, February 22, 2006 4:35 PM
To: users@spamassassin.apache.org
Subject: RE: Bayes Advise and Question ? 

Vahric MUHTARYAN wrote:
 
 I red some articules about bayes and something is not clear for me
 and I need spamassassin people advises 
 
 I'm using spamassassin rules , some SARE rules , razor and I'm happy
 with spam detection . First I think that I should disable
 autolearning and manuelly train bayes 

Quite a few people will tell you that this is the best method, but
if you do manual training, you have to keep training it.  You are never
finished with the training because the spams keep changing.

 but after some read I saw that
 some commercial products said that bayes must train min 2 week also
 default spamassassin manner is 200 ham 200 spam messages.  Before , I
 think that setting ham and spam too low and train spamassassin only
 with spam mails which is not detected by spamassassin ... is it right
 idea ?

No, you have to train with both spam and ham so that Bayes can learn to
tell the difference.

  but I saw that I have to train with ham and spams together
 because same words can past on spam mails or on ham mails  What
 do you advise ? Should I train bayes manuelly or automaticly with
 giving long time for trust bayes !  

That is debatable.  I would suggest that you train it manually with
every email that comes through your system for a while.  Once you get to
200 ham and 200 spam and it starts working for you, you can switch to
either automatic learning, or continue manual learning with just the
messages that are scored wrong.
 
 My system spam score threshold is 4.5 then it's seems to be
 bayes_auto_learn_threshold_spam must be setted to 4.5 right ? and
 if I set it to 4.5 then what will be the header and body % for
 working ?!   

No, those are two separate settings.

The spam threshold (required_hits) is the number of points needed before
SpamAssassin will mark a message as spam.

Bayes_auto_learn_threshold_spam is the number of points needed before
Bayes will learn a message as spam.  This should be higher than your
required hits to avoid learning false positives as spam.  Unless you
have a reason to distrust the default setting, I wouldn't change it.

Bayes_auto_learn_threshold_nonspam is the maximum score for a message
that Bayes learns as ham (or nonspam).  This defaults to 0.1, but some
people suggest that you should drop it to 0 or even -0.1 to avoid
learning false negatives.

 And I guess if system didn't catch 3 header 3 body requriment then I
 have to train system manully right ? 

Right.

 Anybody using Journal for bayes learning , it's solving about file
 locking , I think locking is not issue for who is using database
 enviroment right ?  

I don't think locking is an issue if you are using mysql or another DB
to hold the bayes database.  But then, I'm not using a database myself,
so I'm probably not the right person to answer this question.

 Which way we have to choose for using bayes_learning, database or
 file ? We are handling more then 500,000 mail day ! 

Database is probably the way to go for that volume.  I didn't set it up
that way because I don't have nearly that volume and I didn't want to go
through the hassle of setting it up.

-- 
Bowie

RE: Own HAM Rule doesn't work

[Chris Santerre]

Title: RE: Own HAM Rule doesn't work







 -Original Message-
 From: Muenz, Michael [mailto:[EMAIL PROTECTED]]
 Sent: Wednesday, February 22, 2006 3:57 AM
 To: users@spamassassin.apache.org
 Subject: Re: Own HAM Rule doesn't work
 
 
 Hi,
 
  maybe the rule is missing the  which encloses the to entry.
  at least this fits [EMAIL PROTECTED]:
  echo [EMAIL PROTECTED]| perl -ne 'print if m/\.be\$/i'
 
 damn right! Thank you very much (also mouss) for your help!
 What a stupid mistake ... 


Negative!!


What a brilliant discovery! ;) 


--Chris 

RE: Pling pling, many exclamations, and Yahoo!

[Chris Santerre]

Title: RE: Pling pling, many exclamations, and Yahoo!







 -Original Message-
 From: Philip Prindeville [mailto:[EMAIL PROTECTED]]
 Sent: Tuesday, February 21, 2006 9:45 PM
 To: users@spamassassin.apache.org
 Subject: Pling pling, many exclamations, and Yahoo!
 
 
 I was noticing that every time that someone forwards me an
 article from yahoo! news that it scores high on the
 MANY_EXCLAMATIONS and PLING_PLING tests.
 
 Unfortunately Yahoo! also changed the policy about generating
 the MAIL FROM: line. It used to be that of the person sending
 to you. Now it's some long unique id:
 
 mail-to-friend.geytimbvgyztcmrrfyyc4nrqhaydsmjqgaxdmnbsg43c4m
 [EMAIL PROTECTED]
 
 That can't be whitelisted... Grrr...
 
 Is it reasonable to ask if these two tests above can be made to
 *not* count bangs associated with names that have a bang as part
 of their trademark? I.e. CinemaNow! and Yahoo! etc...
 
 -Philip


Why not just right a meta rule so that if the email hits PLING PLING, or MANY_EXCLAMATIONS, and has @returns.bulk.yahoo.com in it, you simply reduce the score by the amount in PLING PLING, or MANY_EXCLAMATIONS?

Even if a spammer fakes this, all it does is remove the PLING PLING or MANY_EXCLAMATIONS scores. No biggy. 


--Chris 

sa-learn

[Payal Rathod]

Hi,
I am not sure if spam learning is really taking place. I have,
# ll /var/bayes/
total 14548
-rwxrwxrwx  1 spamd spamd89616 Feb 21 20:49 bayes_journal
-rwxrwxrwx  1 root  root  10567680 Feb 21 20:43 bayes_seen
-rwxrwxrwx  1 spamd spamd  5304320 Feb 21 20:43 bayes_toks

I used sa-learn to learn 107 message like,
Learned from 107 message(s) (365 message(s) examined).

# ll /var/bayes/
total 14456
-rwxrwxrwx  1 root  root  10567680 Feb 21 20:50 bayes_seen
-rwxrwxrwx  1 spamd spamd  5304320 Feb 21 20:50 bayes_toks

The size of bayes_seen  bayes_toks is still the same and bayes_journal 
is gone. Is this unusual? Why are the sizes still the same especially 
when I learned around 107 more new spams?

With warm regards,
-Payal

Re: sa-learn

[Theo Van Dinter]

On Wed, Feb 22, 2006 at 10:50:19AM -0500, Payal Rathod wrote:
 The size of bayes_seen  bayes_toks is still the same and bayes_journal 
 is gone. Is this unusual? Why are the sizes still the same especially 
 when I learned around 107 more new spams?

This is normal.  Here's a post I made about it last month:

http://article.gmane.org/gmane.mail.spam.spamassassin.general/76672

as long as the data seen via sa-learn --dump magic changes, you're
all set.

-- 
Randomly Generated Tagline:
I can shoot the manager while I'm at it ... kind of like a bonus.
  - Shawshank Redemption


pgpK7IOkiU9Lv.pgp
Description: PGP signature

Re: sa-learn

[Payal Rathod]

On Wed, Feb 22, 2006 at 10:54:45AM -0500, Theo Van Dinter wrote:
 This is normal.  Here's a post I made about it last month:
 
 http://article.gmane.org/gmane.mail.spam.spamassassin.general/76672
 
 as long as the data seen via sa-learn --dump magic changes, you're
 all set.

Thanks for the very fast response.
sa-learn --dump magic changes all the time.
I have,
0.000  0  42960  0  non-token data: nspam
0.000  0  86243  0  non-token data: nham

Is it ok if I don't learn anymore hams for a while?
I have,
auto_learn 1
bayes_auto_learn 1

Is it OK?
With warm regards,
-Payal

Re: sa-learn

[Theo Van Dinter]

On Wed, Feb 22, 2006 at 11:00:00AM -0500, Payal Rathod wrote:
 0.000  0  42960  0  non-token data: nspam
 0.000  0  86243  0  non-token data: nham
 
 Is it ok if I don't learn anymore hams for a while?
 I have,
 auto_learn 1
 bayes_auto_learn 1
 
 Is it OK?

I think that would be fine.  I'd say you should definitely continue
learning any ham mails that get a Bayes score over 70%, but otherwise
auto-learning will probably take care of things for you.

-- 
Randomly Generated Tagline:
Expect the worst, it's the least you can do.


pgpd8Ckc4XMQx.pgp
Description: PGP signature

Re: sa-learn

[Payal Rathod]

On Wed, Feb 22, 2006 at 11:12:49AM -0500, Theo Van Dinter wrote:
 I think that would be fine.  I'd say you should definitely continue
 learning any ham mails that get a Bayes score over 70%, but otherwise
 auto-learning will probably take care of things for you.

How would I know  which mails have bayes score of over 70% ?
One thing I alway don't understand, how do I know scores of mails which 
are below my required_hits?
I use,
http://www.gbnet.net/~jrg/qmail/ifspamh

With warm regards,
-Payal

Re: sa-learn

[Theo Van Dinter]

On Wed, Feb 22, 2006 at 11:19:55AM -0500, Payal Rathod wrote:
 How would I know  which mails have bayes score of over 70% ?

Usually you would see a X-Spam-Status header which would include a
BAYES_## rule hit.

 One thing I alway don't understand, how do I know scores of mails which 
 are below my required_hits?
 I use,
 http://www.gbnet.net/~jrg/qmail/ifspamh

I have no idea how that program works so I have no input for you about
how it operates.  It may not put in a Status header by default.

-- 
Randomly Generated Tagline:
Any day can be the beginning of a new year.


pgpbLG9GgQpcJ.pgp
Description: PGP signature

Re: sa-learn

[Payal Rathod]

On Wed, Feb 22, 2006 at 11:24:11AM -0500, Theo Van Dinter wrote:
 Usually you would see a X-Spam-Status header which would include a
 BAYES_## rule hit.

I cannot see such a header.

 I have no idea how that program works so I have no input for you about
 how it operates.  It may not put in a Status header by default.

It just forwards the spam mail to a mailbox.
The real checking is done by spamc I guess.
How can I make spamc add that header even to clean messages?
With warm regards,
-Payal

Re: sa-learn

[Jim Maul]

Payal Rathod wrote:

On Wed, Feb 22, 2006 at 11:24:11AM -0500, Theo Van Dinter wrote:

Usually you would see a X-Spam-Status header which would include a
BAYES_## rule hit.


I cannot see such a header.


I have no idea how that program works so I have no input for you about
how it operates.  It may not put in a Status header by default.


It just forwards the spam mail to a mailbox.
The real checking is done by spamc I guess.
How can I make spamc add that header even to clean messages?
With warm regards,
-Payal




how about man spamc?

-Jim

Re: sa-learn

[Theo Van Dinter]

On Wed, Feb 22, 2006 at 11:32:28AM -0500, Payal Rathod wrote:
 It just forwards the spam mail to a mailbox.
 The real checking is done by spamc I guess.
 How can I make spamc add that header even to clean messages?

spamc leaves markup to spamd, which would add in that header if you
configured it to do so (the default).  If spamc is being called in such
a way that it simply returns a yes/no, etc, you'd have to change how
spamc is called.

-- 
Randomly Generated Tagline:
PET ROCKS
 Probably the only pet easier to move than a turtle. Be careful not to let
 your pet rock out of its box while you are driving the car. It's simply too
 easy for them to cause an accident by slipping under your gas or brake pedal.
 - https://www.moversguide.com/mgservice/SimpleJsp?pid=13


pgpr7xQpBkvyM.pgp
Description: PGP signature

SpamAssassin large-scale users willing to comment?

[Justin Mason]

Hey all --

Apache SpamAssassin has won DataMation Product of the Year in the
anti-spam category *again* this year -- for the second year running!
(yay!)

One thing that would be really cool would be some comments from our
customers, for the press surrounding this.

If you, or someone you know, would be willing to talk to a reporter about
how SpamAssassin has helped eliminate spam in your organization, that'd be
great.  (A non-technical organisation would be even better btw.)

Anyone interested?  Please reply here, or if you'd prefer to follow up
confidentially for whatever reason, to [EMAIL PROTECTED].

--j.

Re: Pling pling, many exclamations, and Yahoo!

[Philip Prindeville]

Chris Santerre wrote:

  From: Philip Prindeville [mailto:[EMAIL PROTECTED]

  Sent: Tuesday, February 21, 2006 9:45 PM
  To: users@spamassassin.apache.org
  Subject: Pling pling, many exclamations, and Yahoo!
 
 
  I was noticing that every time that someone forwards me an
  article from yahoo! news that it scores high on the
  MANY_EXCLAMATIONS and PLING_PLING tests.
 
  Unfortunately Yahoo! also changed the policy about generating
  the MAIL FROM: line.  It used to be that of the person sending
  to you.  Now it's some long unique id:
 
  mail-to-friend.geytimbvgyztcmrrfyyc4nrqhaydsmjqgaxdmnbsg43c4m
  [EMAIL PROTECTED]
 
  That can't be whitelisted...  Grrr...
 
  Is it reasonable to ask if these two tests above can be made to
  *not* count bangs associated with names that have a bang as part
  of their trademark?  I.e. CinemaNow! and Yahoo! etc...
 
  -Philip

 Why not just right a meta rule so that if the email hits PLING PLING,
 or MANY_EXCLAMATIONS, and has @returns.bulk.yahoo.com in it, you
 simply reduce the score by the amount in PLING PLING, or
 MANY_EXCLAMATIONS?

 Even if a spammer fakes this, all it does is remove the PLING PLING or
 MANY_EXCLAMATIONS scores. No biggy.

 --Chris


Because I suspect that Yahoo! might end up rotating through the format of
the sending address to stop spammers from borrowing it...  So they will use
one format, and then change it after a while, and then use the new one for
a bit, then change it again...

-Philip

RE: Pling pling, many exclamations, and Yahoo!

[Matthew.van.Eerde]

Philip Prindeville wrote:
 Unfortunately Yahoo! also changed the policy about generating
 the MAIL FROM: line.  It used to be that of the person sending
 to you.  Now it's some long unique id:
 
 [EMAIL PROTECTED]

Good for Yahoo.  And about time, too.

CNN's Clickability send-to-friend tool still uses the visitor's email as MAIL 
FROM:, which breaks SPF.

-- 
Matthew.van.Eerde (at) hbinc.com   805.964.4554 x902
Hispanic Business Inc./HireDiversity.com   Software Engineer

RE: SpamAssassin large-scale users willing to comment?

[Chris Santerre]

Title: RE: SpamAssassin large-scale users willing to comment?







 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
 Sent: Wednesday, February 22, 2006 1:00 PM
 To: users@spamassassin.apache.org
 Subject: SpamAssassin large-scale users willing to comment?
 
 
 Hey all --
 
 Apache SpamAssassin has won DataMation Product of the Year in the
 anti-spam category *again* this year -- for the second year running!
 (yay!)
 
 One thing that would be really cool would be some comments from our
 customers, for the press surrounding this.
 
 If you, or someone you know, would be willing to talk to a 
 reporter about
 how SpamAssassin has helped eliminate spam in your 
 organization, that'd be
 great. (A non-technical organisation would be even better btw.)
 
 Anyone interested? Please reply here, or if you'd prefer to follow up
 confidentially for whatever reason, to [EMAIL PROTECTED].
 
 --j.


My company isn't technology based, and uses it. But that might be a little skewed if I do commentary :) 


Chris Santerre
SysAdmin and SARE/URIBL ninja
http://www.uribl.com
http://www.rulesemporium.com

Re: SpamAssassin large-scale users willing to comment?

[Michele Neylon:: Blacknight.ie]

Chris Santerre wrote:
 
 
 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
 Sent: Wednesday, February 22, 2006 1:00 PM
 To: users@spamassassin.apache.org
 Subject: SpamAssassin large-scale users willing to comment?


 Hey all --

 Apache SpamAssassin has won DataMation Product of the Year in the
 anti-spam category *again* this year -- for the second year running!
 (yay!)

 One thing that would be really cool would be some comments from our
 customers, for the press surrounding this.

 If you, or someone you know, would be willing to talk to a
 reporter about
 how SpamAssassin has helped eliminate spam in your
 organization, that'd be
 great.  (A non-technical organisation would be even better btw.)

 Anyone interested?  Please reply here, or if you'd prefer to follow up
 confidentially for whatever reason, to [EMAIL PROTECTED].


 
Justin - we're technical, but I'd be more than happy to talk to reporters :)

Michele

-- 
Mr Michele Neylon
Blacknight Solutions
Quality Business Hosting  Colocation
http://www.blacknight.ie/
Tel. 1850 927 280
Intl. +353 (0) 59  9183072
Direct Dial: +353 (0)59 9183090
Fax. +353 (0) 59  9164239

RE: SpamAssassin large-scale users willing to comment?

[Kristopher Austin]

We're a university.  I'm not sure if we are as big as you're looking for
(around 2100 mailboxes), but I'd be willing to talk to a reporter.

Kris

 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
 Sent: Wednesday, February 22, 2006 12:00 PM
 To: users@SpamAssassin.apache.org
 Subject: SpamAssassin large-scale users willing to comment?
 
 Hey all --
 
 Apache SpamAssassin has won DataMation Product of the Year in the
 anti-spam category *again* this year -- for the second year running!
 (yay!)
 
 One thing that would be really cool would be some comments from our
 customers, for the press surrounding this.
 
 If you, or someone you know, would be willing to talk to a reporter
about
 how SpamAssassin has helped eliminate spam in your organization,
that'd be
 great.  (A non-technical organisation would be even better btw.)
 
 Anyone interested?  Please reply here, or if you'd prefer to follow up
 confidentially for whatever reason, to [EMAIL PROTECTED].
 
 --j.

Unsubsribe

[Mads Ipsen]

Sorry to bother about this, but couldn't seem to find the answer. How do I
unsubscribe from this list?

// Mads

Re: SpamAssassin large-scale users willing to comment?

[Brad Bell]

Justin,

I am a local ISP that uses SpamAssassin to filter mail for our users.
We have about 1 mail users, my daily mail volume is nearly 1,000,000 
messages (of which most are blocked of course).

I have in past been quoted in the news, but it is interesting how most of the 
technical information is left out by the reporters.

An example is: 
http://www.crd-director.com/index.php?cat=64name=Internet%20News

Winning the war against spam about halfway down in the archive you will see 
a local paper article I was interviewed for. I am impressed they left the 
mention of ham in there.

So I am a technical user, however I am protecting non-technical people.

If you can use any comments let me know!

Regards,
Brad.

  
On Wednesday 22 February 2006 12:59, Justin Mason wrote:
 Hey all --

 Apache SpamAssassin has won DataMation Product of the Year in the
 anti-spam category *again* this year -- for the second year running!
 (yay!)

 One thing that would be really cool would be some comments from our
 customers, for the press surrounding this.

 If you, or someone you know, would be willing to talk to a reporter about
 how SpamAssassin has helped eliminate spam in your organization, that'd be
 great.  (A non-technical organisation would be even better btw.)

 Anyone interested?  Please reply here, or if you'd prefer to follow up
 confidentially for whatever reason, to [EMAIL PROTECTED].

 --j.

Re: Unsubsribe

[Michele Neylon:: Blacknight.ie]

Mads Ipsen wrote:
 Sorry to bother about this, but couldn't seem to find the answer. How do I
 unsubscribe from this list?
 
 // Mads
list-help: mailto:[EMAIL PROTECTED]
list-unsubscribe: mailto:[EMAIL PROTECTED]

-- 
Mr Michele Neylon
Blacknight Solutions
Quality Business Hosting  Colocation
http://www.blacknight.ie/
Tel. 1850 927 280
Intl. +353 (0) 59  9183072
Direct Dial: +353 (0)59 9183090
Fax. +353 (0) 59  9164239

Re: Unsubsribe

[Evan Platt]

On Wed, February 22, 2006 11:34 am, Mads Ipsen wrote:
 Sorry to bother about this, but couldn't seem to find the answer. How do I
 unsubscribe from this list?

In the headers of each message:

list-unsubscribe: mailto:[EMAIL PROTECTED]

RE: SpamAssassin large-scale users willing to comment?

[Matthew.van.Eerde]

[EMAIL PROTECTED] wrote:
 Hey all --
 
 Apache SpamAssassin has won DataMation Product of the Year in the
 anti-spam category *again* this year -- for the second year running!
 (yay!)
 
 One thing that would be really cool would be some comments from our
 customers, for the press surrounding this.
 
 If you, or someone you know, would be willing to talk to a reporter
 about how SpamAssassin has helped eliminate spam in your
 organization, that'd be great.  (A non-technical organisation would
 be even better btw.) 

FWIW, the new Windows Live Mail Beta service uses SpamAssassin.

-- 
Matthew.van.Eerde (at) hbinc.com   805.964.4554 x902
Hispanic Business Inc./HireDiversity.com   Software Engineer

RE: SpamAssassin large-scale users willing to comment?

[Matthew.van.Eerde]

Matthew.van.Eerde wrote:
 FWIW, the new Windows Live Mail Beta service uses SpamAssassin.

Er, wait, no it doesn't.  Never mind.  I was misreading the headers.

Clickability uses SpamAssassin.  They power CNN's Email this story tool.  I 
had sent myself a CNN story to a Windows Live Mail Beta address, and I read the 
header as being added by a Windows Live Mail Beta server.  In fact, it was 
added by the Clickability server.

-- 
Matthew.van.Eerde (at) hbinc.com   805.964.4554 x902
Hispanic Business Inc./HireDiversity.com   Software Engineer

spamd mysql redux

[Steve Thomas]

Howdy list,

I'm having the exact same problem that Glenn is/was having as posted about
last week. (see
http://article.gmane.org/gmane.mail.spam.spamassassin.general/77708)

I'm using Fedora Core 4, perl 5.8.6, SA 3.1.0 and mysql 4.1. SA was
installed by building an RPM directly from the tarball. It's a fresh
install of everything on a brand new box.

The sql username/password/database/port/etc is all fine. If I start spamd
from the command line (spamd -q) it works fine. If I start it daemonized
(spamd -q -d from the command line or service spamd start [with
appropriate options in init script]), it won't talk to the database. The
errors it produces (when run with -D) are:

Feb 22 11:45:42 ronin spamd[3322]: bayes: using username: root
Feb 22 11:45:42 ronin spamd[3322]: bayes: unable to connect to database:
Can't connect to local MySQL server through socket
'/var/lib/mysql/mysql.sock' (13)
Feb 22 11:45:42 ronin spamd[3322]: config: score set 1 chosen.
Feb 22 11:45:42 ronin spamd[3322]: config: failed to load user (root)
scores from SQL database: config: SQL error: Can't connect to local MySQL
server through socket '/var/lib/mysql/mysql.sock' (13)
Feb 22 11:45:42 ronin spamd[3322]: spamd: service unavailable: Error
fetching user preferences via SQL at /usr/bin/spamd line 1682.

I have it set up to use the db for bayes and user prefs. When it isn't
running daemonized, I get the expected less than 200 spams learned and
no user prefs found type of messages, indicating that the connection is
being made and queries are being run successfully.

This seems to be an issue with the daemonization of spamd, perhaps only on
FC4. I've contacted Glen and he was nice enough to reply in a very timely
manner, but he also hasn't found a solution. I've been pounding on this
for a couple of days now and all I've got for my troubles is less hair
(that's what happens when you pull it out!).

I'm at my wit's end, and have to get this up and integrated this week.
It's replacing an OLD SA installation (2.70-cvs) that's eating up all the
resources on the server it's running on, which handles some other
business-critical processes.

If anyone has a suggestion beyond what's already been posted in the
earlier thread, I'm all ears...

Thanks,
St-

Re: spamd mysql redux

[Mike Jackson]

Feb 22 11:45:42 ronin spamd[3322]: bayes: unable to connect to database:
Can't connect to local MySQL server through socket
'/var/lib/mysql/mysql.sock' (13)


Is that where mysql.sock is located? I don't know where the MySQL RPMs might 
stick it, but source installs stick it at /tmp/mysql.sock by default. 

Re: spamd mysql redux

[Steve Thomas]

 Feb 22 11:45:42 ronin spamd[3322]: bayes: unable to connect to database:
 Can't connect to local MySQL server through socket
 '/var/lib/mysql/mysql.sock' (13)

 Is that where mysql.sock is located? I don't know where the MySQL RPMs
 might
 stick it, but source installs stick it at /tmp/mysql.sock by default.

Yep, that's where it's at. I've also tried specifying the port in the dsn
options in the cf file, i.e.
user_scores_dsn DBI:mysql:spamassassin:localhost:3306

I'm most curious about the error number given - (13). In mysql speak,
that's a 'permission denied', but according to the logs, there's no
connection attempt even being made. I don't know if that number is coming
from spamd, the perl db api or mysql. I doubt it's coming from mysql,
since I'm not seeing any connection attempt whatsoever.

Thanks,
St-

RE: SpamAssassin large-scale users willing to comment?

[Chris Santerre]

Title: RE: SpamAssassin large-scale users willing to comment?







 -Original Message-
 From: Kristopher Austin [mailto:[EMAIL PROTECTED]]
 Sent: Wednesday, February 22, 2006 2:26 PM
 To: [EMAIL PROTECTED]; users@spamassassin.apache.org
 Subject: RE: SpamAssassin large-scale users willing to comment?
 
 
 We're a university. I'm not sure if we are as big as you're 
 looking for
 (around 2100 mailboxes), but I'd be willing to talk to a reporter.


You know, I got to thinking about the last time I talked to a reporter. He had come back from filming some baseball game, and had left his car parked in the one place we play roller hockey. I told him I only hit it a few times. Then he wanted to interview me, so I kept calling him the guy from channel 12, despite the fact that he was clearly wearing a shirt with a big channel 10 on it. Then I pushed further by talking about how hot the weather girl is on channel 12. :) 

Of course the one shot of us playing that got shown on the news was me getting tripped with a stick and taking a nasty road rash fall. 

Prbly best I don't talk to them. Otherwise the headline might read:


Man reveals antispam product runs on fairies and pixidust!


--Chris 

Re: AWL question

[Matthew Yette]

 From: Magnus Holmgren [EMAIL PROTECTED]
 Organization: Lysator ACS
 Date: Wed, 22 Feb 2006 12:10:47 +0100
 To: users@spamassassin.apache.org
 Cc: Jon Essen-Moller [EMAIL PROTECTED]
 Subject: Re: AWL question
 
 Jon Essen-Moller skrev:
 Shouldn't addresses in the AWL result in points being subtracted?
 
 Käre Jon,
 
 This is probably the most frequently asked question of them all. AWL
 adds or subtracts points towards the previous average score of the
 sender. See http://wiki.apache.org/spamassassin/AwlWrongWay.
 
 -- 
 Magnus Holmgren
 

The bottom line is its a terrible name for what it actually does. Something
like Historical Adjustment would be more accurate ;)
-- 
Matthew Yette
Senior Engineer (NOC/Operations)
M.A. Polce Consulting
315-838-1644

Re: spamd mysql redux

[Matthias Fuhrmann]

On Wed, 22 Feb 2006, Steve Thomas wrote:

  Feb 22 11:45:42 ronin spamd[3322]: bayes: unable to connect to database:
  Can't connect to local MySQL server through socket
  '/var/lib/mysql/mysql.sock' (13)
 
  Is that where mysql.sock is located? I don't know where the MySQL RPMs
  might
  stick it, but source installs stick it at /tmp/mysql.sock by default.

 Yep, that's where it's at. I've also tried specifying the port in the dsn
 options in the cf file, i.e.
 user_scores_dsn DBI:mysql:spamassassin:localhost:3306

 I'm most curious about the error number given - (13). In mysql speak,
 that's a 'permission denied', but according to the logs, there's no
 connection attempt even being made. I don't know if that number is coming
 from spamd, the perl db api or mysql. I doubt it's coming from mysql,
 since I'm not seeing any connection attempt whatsoever.

i googled a bit and found this related to fedora3 and SELinux:
http://forums.mysql.com/read.php?11,20759,21482#msg-21482

worth a try :)

regards,
Matthias

Re: spamd mysql redux

[Scott Russell]

Steve Thomas wrote:

I'm most curious about the error number given - (13). In mysql speak,
that's a 'permission denied', but according to the logs, there's no
connection attempt even being made. I don't know if that number is coming
from spamd, the perl db api or mysql. I doubt it's coming from mysql,
since I'm not seeing any connection attempt whatsoever.


In /etc/my.cf make sure the 'log' option is set in [mysqld] and watch 
the logs in /var/lib/mysql/*.log.


In mysql make sure you have given the correct permissions for root to 
have access to the spamassassin database from both localhost and the 
primary hostname of the system. (Chances are you don't need both but 
until you figure out how you're connecting)


Check your mysql.user and mysql.db tables to make sure things are as you 
expect them to be. Be wary of root logins from % (any host) with read 
only perms that maybe overriding your other root logins.


Run flush privileges in mysql to make sure everything is sane after 
making any mysql.* changes.


--
Scott Russell [EMAIL PROTECTED]
IBM Linux Technology Center

Re: spamd mysql redux

[Steve Thomas]

 i googled a bit and found this related to fedora3 and SELinux:
 http://forums.mysql.com/read.php?11,20759,21482#msg-21482

I had seen that page, but didn't know what selinux was (thought it was a
distro!) so I thought it was irrelevant. After checking it out, it turns
out that that's what the problem is/was! I disabled selinux and the first
test after rebooting seems to have worked.

I don't believe I need selinux for anything, as our environment's pretty
well controlled and we've made do without it for.. well forever, but I'll
probably have to learn about it eventually so I suppose I'll start looking
into it...

Thanks a million Matthias. I'm kind of embarrassed that I was looking at
the answer yesterday and dismissed it... :\

For Glen and the archives:
I disabled selinux by setting the SELINUX environment variable to
disabled in /etc/selinux/config and rebooting.

Thanks again,
St-

Re: SpamAssassin large-scale users willing to comment?

[jdow]

From: Chris Santerre [EMAIL PROTECTED]

From: Kristopher Austin [mailto:[EMAIL PROTECTED]

We're a university.  I'm not sure if we are as big as you're 
looking for

(around 2100 mailboxes), but I'd be willing to talk to a reporter.


You know, I got to thinking about the last time I talked to a reporter. He
had come back from filming some baseball game, and had left his car parked
in the one place we play roller hockey. I told him I only hit it a few
times. Then he wanted to interview me, so I kept calling him the guy from
channel 12, despite the fact that he was clearly wearing a shirt with a big
channel 10 on it. Then I pushed further by talking about how hot the weather
girl is on channel 12. :) 


Of course the one shot of us playing that got shown on the news was me
getting tripped with a stick and taking a nasty road rash fall. 


If you have a attitude it's best not to talk to reporters who are
about to cover your activities. They have the last word and can REALLY
mess you up.

{^_-}

Re: When rules run amok....

[jdow]

I've been wondering if anybody would call 1_801.457.4483 and find out
who it is, just for grins and giggles.

And it's not QUITE what you posted. The 3 in 3BER is spurious. That is
the last digit of the phone number.

Chris mentions that the bozoid continues to do it, too.
{^_-}
- Original Message - 
From: Justin Mason [EMAIL PROTECTED]




haha. 


   NUMBER[0-255]
   s/NUM/randomdigit/g
   - 3BER[0-255]

oops!

the errors are harmless AFAIK.

--j.

jdow writes:

I received this from a fellow on another list. It took some puzzling
until I figured out what went wrong. He has yet to get back to me with
whether or not there was a score on the message or not. But I think
SA should guard itself if this leads to a message escaping getting
marked.

===8---
Joanne, you're wise to the world of spammers, have you ever seen anything 
like this:


Character in 'C' format wrapped in pack 
at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Util.pm line 711, 
GEN145 line 50. 
Feb 21 20:38:08 cpollock last message repeated 2 times
Feb 21 20:38:08 cpollock spamd[28011]: Argument BE isn't numeric in pack 
at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Util.pm line 711, 
GEN145 line 50. 
Feb 21 20:38:08 cpollock spamd[28011]: Argument 1BE isn't numeric in pack 
at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Util.pm line 711, 
GEN145 line 50. 


Here are the headers that are causing this:

X-Apparently-To: [EMAIL PROTECTED] via 
1-801.457.4483BER[0-255].1BER[0-255].1_(801) (457) (4483)BER[0-255].1_(801) 
(457) (4483)BER[0-255]; Wed, 22 Feb 2006 08:29:56 +0600
 X-Originating-IP: [1 801 
457-4483BER[0-255].1BER[0-255].1_801_457_4483BER[0-255].1BER[0-255]]
 Received: from 1_801.457.4483BER[0-255].1_801.457.4483BER[0-255].1 (801) 
457-4483BER[0-255].1-801.457.4483BER[0-255]  (HELO c-1 801 457 
4483BER[0-255].1_(801)_457_4483BER[0-255].1 (801) 
457-4483BER[0-255].1_(801) (457) 
(4483)BER[0-255].client.comcast.net-MUNGED) (1.801.457.4483BER[0-255].1 
801_457_4483BER[0-255].1 801 457 4483BER[0-255].1 801 457 4483BER[0-255]) 
  by mta186.mail.re6.yahoo.com with SMTP; Wed, 22 Feb 2006 06:35:56 +0400


This seems like an attempt to make SA crap out or something.  Looks almost 
like a phone number. Your thoughts?

===8---

pause here and see if you can figure it out.































OK, here is the thought I had. Yes, that is a phone number, for the Salt
lake City area. It was sent by a spam generator that had a nice rule for
putting in numbers for IP addresses using $NUMBER[0-255]. But it also has
a rule $NUM for putting in a telephone number. Guess which rule hit first.

{^_-}

Re: spamd mysql redux

[Matthias Fuhrmann]

On Wed, 22 Feb 2006, Steve Thomas wrote:

  i googled a bit and found this related to fedora3 and SELinux:
  http://forums.mysql.com/read.php?11,20759,21482#msg-21482

 I had seen that page, but didn't know what selinux was (thought it was a
 distro!) so I thought it was irrelevant. After checking it out, it turns
 out that that's what the problem is/was! I disabled selinux and the first
 test after rebooting seems to have worked.

 I don't believe I need selinux for anything, as our environment's pretty
 well controlled and we've made do without it for.. well forever, but I'll
 probably have to learn about it eventually so I suppose I'll start looking
 into it...

 Thanks a million Matthias. I'm kind of embarrassed that I was looking at
 the answer yesterday and dismissed it... :\

your welcome :)

 For Glen and the archives:
 I disabled selinux by setting the SELINUX environment variable to
 disabled in /etc/selinux/config and rebooting.

when installing fedora, it ask for SELinux behavior (enabled / warnings
only / disabled), IIRC right after firewall default settings. since i
wasnt sure of what it really protects or is used for, i always set it
to warnings only. still too lazy, reading the manpages :)

regards,
Matthias

Take a look at this spam

[qqqq]

HelLo -at-use! I fouNd yoUr profile in seaRch result Here. whEn I read it I 
deCidEd to wriTe you and intRoduce mysElf. sO, mY
nAme iS AnAstasia. I Know tHat my letteR may get loSt among oThers that comE to 
you evEry day, but It will be coOL if yoU'll write
me. If yoU really searChing for your sEcond half wTh serious inTEntions to 
bUild a family, if you prefEr present diaLOgue instead of
gaMe, I'll wait for yoUr ansWer.


You mAy write me tO my e-maiL: dzumon{--at--]altern.org

HaVe a nIce dAy!!!
I'm waiTing... Bye-BYe!


This scored really low.

Re: Take a look at this spam

[Rick Macdougall]

 wrote:

HelLo -at-use! I fouNd yoUr profile in seaRch result Here. whEn I read it I 
deCidEd to wriTe you and intRoduce mysElf. sO, mY
nAme iS AnAstasia. I Know tHat my letteR may get loSt among oThers that comE to 
you evEry day, but It will be coOL if yoU'll write
me. If yoU really searChing for your sEcond half wTh serious inTEntions to 
bUild a family, if you prefEr present diaLOgue instead of
gaMe, I'll wait for yoUr ansWer.


You mAy write me tO my e-maiL: dzumon{--at--]altern.org

HaVe a nIce dAy!!!
I'm waiTing... Bye-BYe!


This scored really low.






o_O

...

Re: spamd mysql redux

[Barton L. Phillips]

To specify the socket in a perl DBI connect do the following:

my $DBH = 
DBI-connect('dbi:mysql:databaseName;mysql_socket=/tmp/mysql.sock', 
'user', 'password',

  {ShowErrorStatement = 1}) or die Can't open database;

Steve Thomas wrote:

Feb 22 11:45:42 ronin spamd[3322]: bayes: unable to connect to database:
Can't connect to local MySQL server through socket
'/var/lib/mysql/mysql.sock' (13)
  

Is that where mysql.sock is located? I don't know where the MySQL RPMs
might
stick it, but source installs stick it at /tmp/mysql.sock by default.



Yep, that's where it's at. I've also tried specifying the port in the dsn
options in the cf file, i.e.
user_scores_dsn DBI:mysql:spamassassin:localhost:3306

I'm most curious about the error number given - (13). In mysql speak,
that's a 'permission denied', but according to the logs, there's no
connection attempt even being made. I don't know if that number is coming
from spamd, the perl db api or mysql. I doubt it's coming from mysql,
since I'm not seeing any connection attempt whatsoever.

Thanks,
St-


  


--

Barton L. Phillips
Applied Technology Resources, Inc.
Tel: (818)652-9850
Web: http://www.applitec.com

Re: When rules run amok....

[Chris]

On Wednesday 22 February 2006 4:30 pm, jdow wrote:
 I've been wondering if anybody would call 1_801.457.4483 and find out
 who it is, just for grins and giggles.

 And it's not QUITE what you posted. The 3 in 3BER is spurious. That
 is the last digit of the phone number.

 Chris mentions that the bozoid continues to do it, too.
 {^_-}

Yep, and here is another one I just received, albet a bit different:

Feb 22 13:27:54 cpollock spamd[11252]: Argument b isn't numeric in pack 
at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Util.pm line 711, 
GEN153 line 38. 
Feb 22 13:27:54 cpollock spamd[11252]: Argument ed isn't numeric in pack 
at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Util.pm line 711, 
GEN153 line 38. 
Feb 22 13:27:54 cpollock spamd[11252]: Argument Feb isn't numeric in pack 
at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Util.pm line 711, 
GEN153 line 38. 
Feb 22 13:27:54 cpollock spamd[11252]: Character in 'C' format wrapped in 
pack at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Util.pm line 711, 
GEN153 line 38. 
Feb 22 13:27:54 cpollock spamd[11252]: Argument 11:26:19 isn't numeric in 
pack at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Util.pm line 711, 
GEN153 line 38. 
Feb 22 13:27:54 cpollock spamd[11252]: Character in 'C' format wrapped in 
pack at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Util.pm line 711, 
GEN153 line 38. 

And here are the headers:

Status: U
 Return-Path: [EMAIL PROTECTED]
 Received: from pop.earthlink.net [209.86.93.201] 
by localhost with POP3 (fetchmail-6.2.5) 
for [EMAIL PROTECTED] (single-drop); Wed, 22 Feb 2006 13:27:53 
-0600 (CST)
 Received: from ADSL-200-59-108-16.capfed2.uolsinectis.com.ar 
([200.59.108.16]) 
by mx-clapper.atl.sa.earthlink.net (EarthLink SMTP Server) with SMTP 
id 1fbZE76yn3Nl34b0; Wed, 22 Feb 2006 14:27:31 -0500 (EST)
 X-Originating-IP: 37.111.211.35 by smtp.200.59.108.16;  Wed, 22 Feb 2006 
11:26:19 -0800
 Message-ID: [EMAIL PROTECTED]
 From: Martina Hatch [EMAIL PROTECTED]
 Reply-To: Martina Hatch [EMAIL PROTECTED]
 To: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], 
[EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], 
[EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], 
[EMAIL PROTECTED]
 Subject: abstracter Free quality adult personals
 Date: Wed, 22 Feb 2006 11:26:19 -0800

I see where the 'Feb' and '11:26:19' are picked up but I fail to understand 
why.  If there are harmless errors is this an attempt to choke SA or is it 
a bug somewhere in SA, or neither?

-- 
Chris
Registered Linux User 283774 http://counter.li.org
17:27:56 up 8 days, 11:18, 1 user, load average: 0.06, 0.15, 0.22
Mandriva Linux 10.1 Official, kernel 2.6.8.1-12mdk



pgp22YmqSJ93N.pgp
Description: PGP signature

Re: When rules run amok....

[Daryl C. W. O'Shea]

On 2/22/2006 4:58 AM, Justin Mason wrote:


the errors are harmless AFAIK.


Harmless and already fixed in both trunk and the 3.1 branch (they're 
caused by the extremely liberal IPv6 regex that was in use).


Daryl

Re: When rules run amok....

[Chris]

On Wednesday 22 February 2006 6:24 pm, Daryl C. W. O'Shea wrote:
 On 2/22/2006 4:58 AM, Justin Mason wrote:
  the errors are harmless AFAIK.

 Harmless and already fixed in both trunk and the 3.1 branch (they're
 caused by the extremely liberal IPv6 regex that was in use).

 Daryl

Thanks for the feedback Daryl.

-- 
Chris
Registered Linux User 283774 http://counter.li.org
18:26:43 up 8 days, 12:17, 1 user, load average: 0.10, 0.11, 0.09
Mandriva Linux 10.1 Official, kernel 2.6.8.1-12mdk



pgpgo3uDCQCBs.pgp
Description: PGP signature

FINAL CALL - Conference on Email and Anti-Spam 2006

[Theo Van Dinter]

Want to make sure folks know about this!

- Forwarded message -

Date: Wed, 22 Feb 2006 15:01:28 -0800
Subject: FINAL CALL - Conference on Email and Anti-Spam 2006

   THE THIRD CONFERENCE ON EMAIL AND ANTI-SPAM (CEAS 2006)


Thursday July 27 and Friday July 28, 2006
   Mountain View, California
 http://www.ceas.cc/


 FINAL CALL FOR PAPERS
   Submission Deadline: March 23, 2006


   The Conference on Email and Anti-Spam (CEAS) invites short and long paper
   submissions on research results pertaining to a broad range of issues in
   email and Internet communication.

   Submissions may address issues relating to any form of electronic
   messaging, including traditional email, instant messaging, calendaring,
   mobile telephone text messaging, and voice over IP. Issues of interest
   include the analysis and abatement of abuses (such as spam, phishing,
   identity theft, and privacy invasion) as well as enhancements to and novel
   applications of electronic messaging.

   Papers will be selected by peer review for presentation at CEAS and
   inclusion in the proceedings.


   PAST PROCEEDINGS:

  2004: http://ceas.cc/papers-2004/acceptedpapers.htm
  2005: http://ceas.cc/2005/schedulepapers.htm

   These proceedings give an indication of some of the diverse topics of
   interest to CEAS. Novel departures from previously included topics are
   welcome.


   SUGGESTED TOPICS:

   *  Message filtering, blocking, authentication
  -  machine learning techniques
  -  statistical techniques
  -  natural language processing
  -  protocols
  -  trust and reputation
  -  signatures

   *  Message organization
  -  automatic foldering
  -  categorization
  -  clustering
  -  work flow

   *  Message retrieval
  -  search
  -  summarization

   *  Systems and network issues
  -  performance and scalability
  -  reliability and security
  -  archival and retrieval

   *  Evaluation
  -  corpus and benchmark creation
  -  measures and methodologies
  -  tests of specific methods or products

   *  Analysis
  -  abuse tactics and patterns
  -  legitimate use patterns

   *  User issues
  -  user interfaces
  -  usability studies
  -  messaging in support of user activities

   *  Social issues
  -  costs and benefits of messaging use and abuse
  -  other social impacts
  -  deducing social phenomena

   *  Legal issues
  -  spam
  -  phishing
  -  identity theft
  -  privacy
  -  freedom of speech
  -  digital rights management


   KEY DATES:

   *  Paper submission deadline: March 23, 2006
   *  Notification of acceptance: May 22
   *  Final camera-ready version of papers: June 22
   *  Conference: July 27 and 28, 2006


   REQUIREMENTS:

   Papers may be of one of two types: short papers (two pages plus
   bibliography) or full papers (eight pages plus bibliography). Work may not
   have been previously published in, or under consideration for publication
   in any other conference or journal. Work that has been summarily reported
   on-line, or in technical reports or workshops, may be the basis of a CEAS
   submission provided that presentation and publication by CEAS would be
   unencumbered by prior copyright assignment.

   Submissions must use the CEAS electronic system (link to be announced).

   Style for submissions and final papers is a two-column, 8.5 by 11 inch
   format, as specified in the style files available at:
   http://www.ceas.cc/2006/format.htm.

   Papers will be reviewed by a committee of experts from academic and
   industrial research centers. Accepted papers will be made freely available
   on the web, and will be published on CD-ROM. Authors will retain copyright
   of their work.


   CONTACT:

   *  [EMAIL PROTECTED], sends mail to the chair and co-chairs.


   GENERAL CONFERENCE CHAIR:

   *  Gordon V. Cormack, University of Waterloo
  http://plg.uwaterloo.ca/~gvcormac/


   PROGRAM CO-CHAIRS:

   *  Ion Androutsopoulos, Athens University of Economics and Business
  http://www.aueb.gr/users/ion/

* Alek Kolcz, AOL
  http://pikespeak.uccs.edu/~Eark/alek/home.html

* Dave Crocker, Brandenburg InternetWorking
  http://bbiw.net


   PROGRAM COMMITTEE:

*  Joshua Alspector, AOL
*  Paula J. Bruening, Center for Democracy and Technology
*  Vitor R. Carvalho, Carnegie Mellon University
*  Richard Clayton, University of Cambridge
*  W. Bruce Croft, University of Massachusetts Amherst
*  Natalie Glance, Intelliseek Applied Research Center
*  Joshua Goodman, Microsoft Research
*  John Graham-Cumming, no affiliation/independent
*  David Heckerman, Microsoft Research
*  José María Gómez Hidalgo, Universidad Europea de Madrid
*  Haym Hirsh, Rutgers University
*  Thomas Hofmann, 

Re: SpamAssassin large-scale users willing to comment?

[Gene Heskett]

On Wednesday 22 February 2006 17:27, jdow wrote:
From: Chris Santerre [EMAIL PROTECTED]

 From: Kristopher Austin [mailto:[EMAIL PROTECTED]

 We're a university.  I'm not sure if we are as big as you're
 looking for
 (around 2100 mailboxes), but I'd be willing to talk to a reporter.

 You know, I got to thinking about the last time I talked to a
 reporter. He had come back from filming some baseball game, and had
 left his car parked in the one place we play roller hockey. I told
 him I only hit it a few times. Then he wanted to interview me, so I
 kept calling him the guy from channel 12, despite the fact that he
 was clearly wearing a shirt with a big channel 10 on it. Then I
 pushed further by talking about how hot the weather girl is on
 channel 12. :)

 Of course the one shot of us playing that got shown on the news was
 me getting tripped with a stick and taking a nasty road rash fall.

If you have a attitude it's best not to talk to reporters who are
about to cover your activities. They have the last word and can REALLY
mess you up.

{^_-}

Chuckle. How true Joanne, in a couple of instances I won't relate here, 
the reporter didn't need any help at all to screw it up rather 
hillariously.  We, like all brodcasters, have outtakes from the air 
tapes that goes back nearly 25 years, since 3/4 umatic brought the 
ability to store such stuff in an economical manner.  Its about 3 hours 
of sometimes embarrasing, often gut busting material when all spliced 
together.  And we've had smart-asses do exactly that to us, quoting the 
other station while our mike and camera is in is face.  Depending on 
the story contents revelancy, it may or may not make it past the air 
packages editing.

-- 
Cheers, Gene
People having trouble with vz bouncing email to me should add the word
'online' between the 'verizon', and the dot which bypasses vz's
stupid bounce rules.  I do use spamassassin too. :-)
Yahoo.com and AOL/TW attorneys please note, additions to the above
message by Gene Heskett are:
Copyright 2006 by Maurice Eugene Heskett, all rights reserved.

Re: When rules run amok....

[jdow]

Dig that forged origin ID:
- Original Message - 
From: Chris [EMAIL PROTECTED]

To: users@spamassassin.apache.org
Sent: Wednesday, February 22, 2006 15:33
Subject: Re: When rules run amok

Re: When rules run amok....

[jdow]

Try that again
Dig that forged origin ID:
Received: from ADSL-200-59-108-16.capfed2.uolsinectis.com.ar ([200.59.108.16]) 
   by mx-clapper.atl.sa.earthlink.net (EarthLink SMTP Server) with SMTP \

id 1fbZE76yn3Nl34b0; Wed, 22 Feb 2006 14:27:31 -0500 (EST)
X-Originating-IP: 37.111.211.35 by smtp.200.59.108.16;  Wed, 22 Feb 2006 
11:26:19 -0800


That is an IANA block. {^_-} It seens 200.59.108.16 is attempting some
fascinating forgeries in IDing itself to Dirtlink. It forged that
X-Originating-IP bit it would appear. Clever attempt to make it look
legit.

If it's an attempt to confuse and SA simply is not getting confused.

On the other hand, if the indentations on that message are real then your
email tool is pretty well hosed.

{o.o}

Re: SpamAssassin large-scale users willing to comment?

[Jeff Peng]

I'm interested in this reporter.We use spamassassin's partial features,it's 
original now,while we should improve it.Thre are more than a hundred million 
users are protected under SA here.

-- [EMAIL PROTECTED] (Justin Mason) wrote:
Hey all --

Apache SpamAssassin has won DataMation Product of the Year in the
anti-spam category *again* this year -- for the second year running!
(yay!)

One thing that would be really cool would be some comments from our
customers, for the press surrounding this.

If you, or someone you know, would be willing to talk to a reporter about
how SpamAssassin has helped eliminate spam in your organization, that'd be
great.  (A non-technical organisation would be even better btw.)

Anyone interested?  Please reply here, or if you'd prefer to follow up
confidentially for whatever reason, to [EMAIL PROTECTED].

--j.



_
Call Anyone, Anytime, Anywhere in the World - FREE!
Free Internet calling from NetZero Voice
Visit http://www.netzerovoice.com today!

Re: When rules run amok....

[Gene Heskett]

On Wednesday 22 February 2006 21:51, jdow wrote:
Try that again
Dig that forged origin ID:
 Received: from ADSL-200-59-108-16.capfed2.uolsinectis.com.ar
 ([200.59.108.16]) by mx-clapper.atl.sa.earthlink.net (EarthLink SMTP
 Server) with SMTP \ id 1fbZE76yn3Nl34b0; Wed, 22 Feb 2006 14:27:31
 -0500 (EST)
 X-Originating-IP: 37.111.211.35 by smtp.200.59.108.16;  Wed, 22 Feb
 2006 11:26:19 -0800

That is an IANA block. {^_-} It seens 200.59.108.16 is attempting some
fascinating forgeries in IDing itself to Dirtlink. It forged that
X-Originating-IP bit it would appear. Clever attempt to make it look
legit.

If it's an attempt to confuse and SA simply is not getting confused.

On the other hand, if the indentations on that message are real then
 your email tool is pretty well hosed.

{o.o}

I'd assume 'Dirt'Link might have an interest in hearing about that?, 
particularly since it appears to be a piece of uol, whom we all hate so 
much...

-- 
Cheers, Gene
People having trouble with vz bouncing email to me should add the word
'online' between the 'verizon', and the dot which bypasses vz's
stupid bounce rules.  I do use spamassassin too. :-)
Yahoo.com and AOL/TW attorneys please note, additions to the above
message by Gene Heskett are:
Copyright 2006 by Maurice Eugene Heskett, all rights reserved.

Re: When rules run amok....

[jdow]

From: Gene Heskett [EMAIL PROTECTED]


On Wednesday 22 February 2006 21:51, jdow wrote:

Try that again
Dig that forged origin ID:
Received: from ADSL-200-59-108-16.capfed2.uolsinectis.com.ar
([200.59.108.16]) by mx-clapper.atl.sa.earthlink.net (EarthLink SMTP
Server) with SMTP \ id 1fbZE76yn3Nl34b0; Wed, 22 Feb 2006 14:27:31
-0500 (EST)
X-Originating-IP: 37.111.211.35 by smtp.200.59.108.16;  Wed, 22 Feb
2006 11:26:19 -0800

That is an IANA block. {^_-} It seens 200.59.108.16 is attempting some
fascinating forgeries in IDing itself to Dirtlink. It forged that
X-Originating-IP bit it would appear. Clever attempt to make it look
legit.

If it's an attempt to confuse and SA simply is not getting confused.

On the other hand, if the indentations on that message are real then
your email tool is pretty well hosed.

{o.o}


I'd assume 'Dirt'Link might have an interest in hearing about that?, 
particularly since it appears to be a piece of uol, whom we all hate so 
much...


No they wouldn't. It's so obviouslt a forgery it's pathetic. ANY email
indicating a dotted quad address starting with 37 is inside an IANA
Reserved block of addresses. They aren't issued.

{^_-}

Re: SpamAssassin large-scale users willing to comment?

[Cami]

Jeff Peng wrote:

I'm interested in this reporter.We use spamassassin's partial features,
it's original now,while we should improve it.
Thre are more than a hundred million users are protected under SA here.


A hundred million or a hundred thousand?

Cami

Updated Pump and Dump rules. 2006-02-23

[Doc Schneider]

I just committed version 01.00.08 of this ruleset to:

http://rulesemporium.com/rules/70_sare_stocks.cf

It should appear within the hour.

Enjoy.

-Doc (SA/SARE/URIBL/SURBL -- Ninja)

Re: Updated Pump and Dump rules. 2006-02-23

[Gene Heskett]

On Thursday 23 February 2006 01:06, Doc Schneider wrote:
I just committed version 01.00.08 of this ruleset to:

http://rulesemporium.com/rules/70_sare_stocks.cf

It should appear within the hour.

Enjoy.

-Doc (SA/SARE/URIBL/SURBL -- Ninja)

I've copied this one from that link into the directory where these 
things live, and added a SARE_STOCKS to the list in the config file, 
but rules_du_jour claims its not a valid item.  Reporting this:

No index found for ruleset named SARE_STOCKS.  Check that this ruleset 
is still valid.

I'd also gotten rid of SARE_RANDOMVAL from the config for the same 
reason.  Is there something I've forgotten to do to enable this rule 
set?

-- 
Cheers, Gene
People having trouble with vz bouncing email to me should add the word
'online' between the 'verizon', and the dot which bypasses vz's
stupid bounce rules.  I do use spamassassin too. :-)
Yahoo.com and AOL/TW attorneys please note, additions to the above
message by Gene Heskett are:
Copyright 2006 by Maurice Eugene Heskett, all rights reserved.

Re: Updated Pump and Dump rules. 2006-02-23

[Doc Schneider]

Gene Heskett wrote:

On Thursday 23 February 2006 01:06, Doc Schneider wrote:

I just committed version 01.00.08 of this ruleset to:

http://rulesemporium.com/rules/70_sare_stocks.cf

It should appear within the hour.

Enjoy.

-Doc (SA/SARE/URIBL/SURBL -- Ninja)


I've copied this one from that link into the directory where these 
things live, and added a SARE_STOCKS to the list in the config file, 
but rules_du_jour claims its not a valid item.  Reporting this:


No index found for ruleset named SARE_STOCKS.  Check that this ruleset 
is still valid.


I'd also gotten rid of SARE_RANDOMVAL from the config for the same 
reason.  Is there something I've forgotten to do to enable this rule 
set?




Have you upgraded and installed the newest RDJ? This has come up on this 
list a lot recently and from what I understand is that RDJ does auto 
download its newest version but it doesn't auto install it.


Let me know if that works.

-Doc

Re: SpamAssassin large-scale users willing to comment?

[Jeff Peng]

A hundred million or a hundred thousand?


I really mean a hundred million.


_
Call Anyone, Anytime, Anywhere in the World - FREE!
Free Internet calling from NetZero Voice
Visit http://www.netzerovoice.com today!