Re: When rules run amok....
haha. NUMBER[0-255] s/NUM/randomdigit/g - 3BER[0-255] oops! the errors are harmless AFAIK. --j. jdow writes: I received this from a fellow on another list. It took some puzzling until I figured out what went wrong. He has yet to get back to me with whether or not there was a score on the message or not. But I think SA should guard itself if this leads to a message escaping getting marked. ===8--- Joanne, you're wise to the world of spammers, have you ever seen anything like this: Character in 'C' format wrapped in pack at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Util.pm line 711, GEN145 line 50. Feb 21 20:38:08 cpollock last message repeated 2 times Feb 21 20:38:08 cpollock spamd[28011]: Argument BE isn't numeric in pack at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Util.pm line 711, GEN145 line 50. Feb 21 20:38:08 cpollock spamd[28011]: Argument 1BE isn't numeric in pack at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Util.pm line 711, GEN145 line 50. Here are the headers that are causing this: X-Apparently-To: [EMAIL PROTECTED] via 1-801.457.4483BER[0-255].1BER[0-255].1_(801) (457) (4483)BER[0-255].1_(801) (457) (4483)BER[0-255]; Wed, 22 Feb 2006 08:29:56 +0600 X-Originating-IP: [1 801 457-4483BER[0-255].1BER[0-255].1_801_457_4483BER[0-255].1BER[0-255]] Received: from 1_801.457.4483BER[0-255].1_801.457.4483BER[0-255].1 (801) 457-4483BER[0-255].1-801.457.4483BER[0-255] (HELO c-1 801 457 4483BER[0-255].1_(801)_457_4483BER[0-255].1 (801) 457-4483BER[0-255].1_(801) (457) (4483)BER[0-255].client.comcast.net-MUNGED) (1.801.457.4483BER[0-255].1 801_457_4483BER[0-255].1 801 457 4483BER[0-255].1 801 457 4483BER[0-255]) by mta186.mail.re6.yahoo.com with SMTP; Wed, 22 Feb 2006 06:35:56 +0400 This seems like an attempt to make SA crap out or something. Looks almost like a phone number. Your thoughts? ===8--- pause here and see if you can figure it out. OK, here is the thought I had. Yes, that is a phone number, for the Salt lake City area. It was sent by a spam generator that had a nice rule for putting in numbers for IP addresses using $NUMBER[0-255]. But it also has a rule $NUM for putting in a telephone number. Guess which rule hit first. {^_-}
AWL question
Hi, I'm using SA 3.01 on a RedHat 8 box. Sometimes spam points are added and the logs refer to the AWL list.: --- X-Spam-Flag: YES X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on mail.local X-Spam-Level: X-Spam-Status: Yes, score=0.4 required=0.2 tests=AWL autolearn=ham version=3.0.1 X-Spam-Report: * 0.4 AWL AWL: From: address is in the auto white-list -- Shouldn't addresses in the AWL result in points being subtracted? Does anyone know what could be wrong? /jon
Re: AWL question
Jon Essen-Moller skrev: Shouldn't addresses in the AWL result in points being subtracted? Käre Jon, This is probably the most frequently asked question of them all. AWL adds or subtracts points towards the previous average score of the sender. See http://wiki.apache.org/spamassassin/AwlWrongWay. -- Magnus Holmgren signature.asc Description: OpenPGP digital signature
'Amazon Customer' and others - scoring
Does anyone have a good rule set to stop the Amazon Customer - 983A-987 type emails? Also getting a few of the Starbucks ones through - I have managed to stop some by tweaking Bayes but they are only just getting scored high enough - Anyone know any good rules for these? thanks
Re: AWL question
Jon Essen-Moller skrev: Hej Magnus, Tack för snabbt svar. Följfråga dock. Vet du ifall sa-learn --ham $file påverkar awl poängsättning? Please stick to English on the list. No, sa-learn only updates the bayes database. It doesn't affect awl. -- Magnus Holmgren signature.asc Description: OpenPGP digital signature
Bayes Advise and Question ?
Hi Everybody , I red some articules about bayes and something is not clear for me and I need spamassassin people advises Im using spamassassin rules , some SARE rules , razor and Im happy with spam detection . First I think that I should disable autolearning and manuelly train bayes but after some read I saw that some commercial products said that bayes must train min 2 week also default spamassassin manner is 200 ham 200 spam messages. Before , I think that setting ham and spam too low and train spamassassin only with spam mails which is not detected by spamassassin ... is it right idea ? but I saw that I have to train with ham and spams together because same words can past on spam mails or on ham mails What do you advise ? Should I train bayes manuelly or automaticly with giving long time for trust bayes ! My system spam score threshold is 4.5 then its seems to be bayes_auto_learn_threshold_spam must be setted to 4.5 right ? and if I set it to 4.5 then what will be the header and body % for working ?! And I guess if system didnt catch 3 header 3 body requriment then I have to train system manully right ? Anybody using Journal for bayes learning , its solving about file locking , I think locking is not issue for who is using database enviroment right ? Which way we have to choose for using bayes_learning, database or file ? We are handling more then 500,000 mail day ! Thanks Vahric
RE: Bayes Advise and Question ?
Vahric MUHTARYAN wrote: I red some articules about bayes and something is not clear for me and I need spamassassin people advises Im using spamassassin rules , some SARE rules , razor and Im happy with spam detection . First I think that I should disable autolearning and manuelly train bayes Quite a few people will tell you that this is the best method, but if you do manual training, you have to keep training it. You are never finished with the training because the spams keep changing. but after some read I saw that some commercial products said that bayes must train min 2 week also default spamassassin manner is 200 ham 200 spam messages. Before , I think that setting ham and spam too low and train spamassassin only with spam mails which is not detected by spamassassin ... is it right idea ? No, you have to train with both spam and ham so that Bayes can learn to tell the difference. but I saw that I have to train with ham and spams together because same words can past on spam mails or on ham mails What do you advise ? Should I train bayes manuelly or automaticly with giving long time for trust bayes ! That is debatable. I would suggest that you train it manually with every email that comes through your system for a while. Once you get to 200 ham and 200 spam and it starts working for you, you can switch to either automatic learning, or continue manual learning with just the messages that are scored wrong. My system spam score threshold is 4.5 then its seems to be bayes_auto_learn_threshold_spam must be setted to 4.5 right ? and if I set it to 4.5 then what will be the header and body % for working ?! No, those are two separate settings. The spam threshold (required_hits) is the number of points needed before SpamAssassin will mark a message as spam. Bayes_auto_learn_threshold_spam is the number of points needed before Bayes will learn a message as spam. This should be higher than your required hits to avoid learning false positives as spam. Unless you have a reason to distrust the default setting, I wouldn't change it. Bayes_auto_learn_threshold_nonspam is the maximum score for a message that Bayes learns as ham (or nonspam). This defaults to 0.1, but some people suggest that you should drop it to 0 or even -0.1 to avoid learning false negatives. And I guess if system didnt catch 3 header 3 body requriment then I have to train system manully right ? Right. Anybody using Journal for bayes learning , its solving about file locking , I think locking is not issue for who is using database enviroment right ? I don't think locking is an issue if you are using mysql or another DB to hold the bayes database. But then, I'm not using a database myself, so I'm probably not the right person to answer this question. Which way we have to choose for using bayes_learning, database or file ? We are handling more then 500,000 mail day ! Database is probably the way to go for that volume. I didn't set it up that way because I don't have nearly that volume and I didn't want to go through the hassle of setting it up. -- Bowie
RE: Bayes Advise and Question ?
Thank you sir :) -Original Message- From: Bowie Bailey [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 22, 2006 4:35 PM To: users@spamassassin.apache.org Subject: RE: Bayes Advise and Question ? Vahric MUHTARYAN wrote: I red some articules about bayes and something is not clear for me and I need spamassassin people advises I'm using spamassassin rules , some SARE rules , razor and I'm happy with spam detection . First I think that I should disable autolearning and manuelly train bayes Quite a few people will tell you that this is the best method, but if you do manual training, you have to keep training it. You are never finished with the training because the spams keep changing. but after some read I saw that some commercial products said that bayes must train min 2 week also default spamassassin manner is 200 ham 200 spam messages. Before , I think that setting ham and spam too low and train spamassassin only with spam mails which is not detected by spamassassin ... is it right idea ? No, you have to train with both spam and ham so that Bayes can learn to tell the difference. but I saw that I have to train with ham and spams together because same words can past on spam mails or on ham mails What do you advise ? Should I train bayes manuelly or automaticly with giving long time for trust bayes ! That is debatable. I would suggest that you train it manually with every email that comes through your system for a while. Once you get to 200 ham and 200 spam and it starts working for you, you can switch to either automatic learning, or continue manual learning with just the messages that are scored wrong. My system spam score threshold is 4.5 then it's seems to be bayes_auto_learn_threshold_spam must be setted to 4.5 right ? and if I set it to 4.5 then what will be the header and body % for working ?! No, those are two separate settings. The spam threshold (required_hits) is the number of points needed before SpamAssassin will mark a message as spam. Bayes_auto_learn_threshold_spam is the number of points needed before Bayes will learn a message as spam. This should be higher than your required hits to avoid learning false positives as spam. Unless you have a reason to distrust the default setting, I wouldn't change it. Bayes_auto_learn_threshold_nonspam is the maximum score for a message that Bayes learns as ham (or nonspam). This defaults to 0.1, but some people suggest that you should drop it to 0 or even -0.1 to avoid learning false negatives. And I guess if system didn't catch 3 header 3 body requriment then I have to train system manully right ? Right. Anybody using Journal for bayes learning , it's solving about file locking , I think locking is not issue for who is using database enviroment right ? I don't think locking is an issue if you are using mysql or another DB to hold the bayes database. But then, I'm not using a database myself, so I'm probably not the right person to answer this question. Which way we have to choose for using bayes_learning, database or file ? We are handling more then 500,000 mail day ! Database is probably the way to go for that volume. I didn't set it up that way because I don't have nearly that volume and I didn't want to go through the hassle of setting it up. -- Bowie
RE: Own HAM Rule doesn't work
Title: RE: Own HAM Rule doesn't work -Original Message- From: Muenz, Michael [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 22, 2006 3:57 AM To: users@spamassassin.apache.org Subject: Re: Own HAM Rule doesn't work Hi, maybe the rule is missing the which encloses the to entry. at least this fits [EMAIL PROTECTED]: echo [EMAIL PROTECTED]| perl -ne 'print if m/\.be\$/i' damn right! Thank you very much (also mouss) for your help! What a stupid mistake ... Negative!! What a brilliant discovery! ;) --Chris
RE: Pling pling, many exclamations, and Yahoo!
Title: RE: Pling pling, many exclamations, and Yahoo! -Original Message- From: Philip Prindeville [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 21, 2006 9:45 PM To: users@spamassassin.apache.org Subject: Pling pling, many exclamations, and Yahoo! I was noticing that every time that someone forwards me an article from yahoo! news that it scores high on the MANY_EXCLAMATIONS and PLING_PLING tests. Unfortunately Yahoo! also changed the policy about generating the MAIL FROM: line. It used to be that of the person sending to you. Now it's some long unique id: mail-to-friend.geytimbvgyztcmrrfyyc4nrqhaydsmjqgaxdmnbsg43c4m [EMAIL PROTECTED] That can't be whitelisted... Grrr... Is it reasonable to ask if these two tests above can be made to *not* count bangs associated with names that have a bang as part of their trademark? I.e. CinemaNow! and Yahoo! etc... -Philip Why not just right a meta rule so that if the email hits PLING PLING, or MANY_EXCLAMATIONS, and has @returns.bulk.yahoo.com in it, you simply reduce the score by the amount in PLING PLING, or MANY_EXCLAMATIONS? Even if a spammer fakes this, all it does is remove the PLING PLING or MANY_EXCLAMATIONS scores. No biggy. --Chris
sa-learn
Hi, I am not sure if spam learning is really taking place. I have, # ll /var/bayes/ total 14548 -rwxrwxrwx 1 spamd spamd89616 Feb 21 20:49 bayes_journal -rwxrwxrwx 1 root root 10567680 Feb 21 20:43 bayes_seen -rwxrwxrwx 1 spamd spamd 5304320 Feb 21 20:43 bayes_toks I used sa-learn to learn 107 message like, Learned from 107 message(s) (365 message(s) examined). # ll /var/bayes/ total 14456 -rwxrwxrwx 1 root root 10567680 Feb 21 20:50 bayes_seen -rwxrwxrwx 1 spamd spamd 5304320 Feb 21 20:50 bayes_toks The size of bayes_seen bayes_toks is still the same and bayes_journal is gone. Is this unusual? Why are the sizes still the same especially when I learned around 107 more new spams? With warm regards, -Payal
Re: sa-learn
On Wed, Feb 22, 2006 at 10:50:19AM -0500, Payal Rathod wrote: The size of bayes_seen bayes_toks is still the same and bayes_journal is gone. Is this unusual? Why are the sizes still the same especially when I learned around 107 more new spams? This is normal. Here's a post I made about it last month: http://article.gmane.org/gmane.mail.spam.spamassassin.general/76672 as long as the data seen via sa-learn --dump magic changes, you're all set. -- Randomly Generated Tagline: I can shoot the manager while I'm at it ... kind of like a bonus. - Shawshank Redemption pgpK7IOkiU9Lv.pgp Description: PGP signature
Re: sa-learn
On Wed, Feb 22, 2006 at 10:54:45AM -0500, Theo Van Dinter wrote: This is normal. Here's a post I made about it last month: http://article.gmane.org/gmane.mail.spam.spamassassin.general/76672 as long as the data seen via sa-learn --dump magic changes, you're all set. Thanks for the very fast response. sa-learn --dump magic changes all the time. I have, 0.000 0 42960 0 non-token data: nspam 0.000 0 86243 0 non-token data: nham Is it ok if I don't learn anymore hams for a while? I have, auto_learn 1 bayes_auto_learn 1 Is it OK? With warm regards, -Payal
Re: sa-learn
On Wed, Feb 22, 2006 at 11:00:00AM -0500, Payal Rathod wrote: 0.000 0 42960 0 non-token data: nspam 0.000 0 86243 0 non-token data: nham Is it ok if I don't learn anymore hams for a while? I have, auto_learn 1 bayes_auto_learn 1 Is it OK? I think that would be fine. I'd say you should definitely continue learning any ham mails that get a Bayes score over 70%, but otherwise auto-learning will probably take care of things for you. -- Randomly Generated Tagline: Expect the worst, it's the least you can do. pgpd8Ckc4XMQx.pgp Description: PGP signature
Re: sa-learn
On Wed, Feb 22, 2006 at 11:12:49AM -0500, Theo Van Dinter wrote: I think that would be fine. I'd say you should definitely continue learning any ham mails that get a Bayes score over 70%, but otherwise auto-learning will probably take care of things for you. How would I know which mails have bayes score of over 70% ? One thing I alway don't understand, how do I know scores of mails which are below my required_hits? I use, http://www.gbnet.net/~jrg/qmail/ifspamh With warm regards, -Payal
Re: sa-learn
On Wed, Feb 22, 2006 at 11:19:55AM -0500, Payal Rathod wrote: How would I know which mails have bayes score of over 70% ? Usually you would see a X-Spam-Status header which would include a BAYES_## rule hit. One thing I alway don't understand, how do I know scores of mails which are below my required_hits? I use, http://www.gbnet.net/~jrg/qmail/ifspamh I have no idea how that program works so I have no input for you about how it operates. It may not put in a Status header by default. -- Randomly Generated Tagline: Any day can be the beginning of a new year. pgpbLG9GgQpcJ.pgp Description: PGP signature
Re: sa-learn
On Wed, Feb 22, 2006 at 11:24:11AM -0500, Theo Van Dinter wrote: Usually you would see a X-Spam-Status header which would include a BAYES_## rule hit. I cannot see such a header. I have no idea how that program works so I have no input for you about how it operates. It may not put in a Status header by default. It just forwards the spam mail to a mailbox. The real checking is done by spamc I guess. How can I make spamc add that header even to clean messages? With warm regards, -Payal
Re: sa-learn
Payal Rathod wrote: On Wed, Feb 22, 2006 at 11:24:11AM -0500, Theo Van Dinter wrote: Usually you would see a X-Spam-Status header which would include a BAYES_## rule hit. I cannot see such a header. I have no idea how that program works so I have no input for you about how it operates. It may not put in a Status header by default. It just forwards the spam mail to a mailbox. The real checking is done by spamc I guess. How can I make spamc add that header even to clean messages? With warm regards, -Payal how about man spamc? -Jim
Re: sa-learn
On Wed, Feb 22, 2006 at 11:32:28AM -0500, Payal Rathod wrote: It just forwards the spam mail to a mailbox. The real checking is done by spamc I guess. How can I make spamc add that header even to clean messages? spamc leaves markup to spamd, which would add in that header if you configured it to do so (the default). If spamc is being called in such a way that it simply returns a yes/no, etc, you'd have to change how spamc is called. -- Randomly Generated Tagline: PET ROCKS Probably the only pet easier to move than a turtle. Be careful not to let your pet rock out of its box while you are driving the car. It's simply too easy for them to cause an accident by slipping under your gas or brake pedal. - https://www.moversguide.com/mgservice/SimpleJsp?pid=13 pgpr7xQpBkvyM.pgp Description: PGP signature
SpamAssassin large-scale users willing to comment?
Hey all -- Apache SpamAssassin has won DataMation Product of the Year in the anti-spam category *again* this year -- for the second year running! (yay!) One thing that would be really cool would be some comments from our customers, for the press surrounding this. If you, or someone you know, would be willing to talk to a reporter about how SpamAssassin has helped eliminate spam in your organization, that'd be great. (A non-technical organisation would be even better btw.) Anyone interested? Please reply here, or if you'd prefer to follow up confidentially for whatever reason, to [EMAIL PROTECTED]. --j.
Re: Pling pling, many exclamations, and Yahoo!
Chris Santerre wrote: From: Philip Prindeville [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 21, 2006 9:45 PM To: users@spamassassin.apache.org Subject: Pling pling, many exclamations, and Yahoo! I was noticing that every time that someone forwards me an article from yahoo! news that it scores high on the MANY_EXCLAMATIONS and PLING_PLING tests. Unfortunately Yahoo! also changed the policy about generating the MAIL FROM: line. It used to be that of the person sending to you. Now it's some long unique id: mail-to-friend.geytimbvgyztcmrrfyyc4nrqhaydsmjqgaxdmnbsg43c4m [EMAIL PROTECTED] That can't be whitelisted... Grrr... Is it reasonable to ask if these two tests above can be made to *not* count bangs associated with names that have a bang as part of their trademark? I.e. CinemaNow! and Yahoo! etc... -Philip Why not just right a meta rule so that if the email hits PLING PLING, or MANY_EXCLAMATIONS, and has @returns.bulk.yahoo.com in it, you simply reduce the score by the amount in PLING PLING, or MANY_EXCLAMATIONS? Even if a spammer fakes this, all it does is remove the PLING PLING or MANY_EXCLAMATIONS scores. No biggy. --Chris Because I suspect that Yahoo! might end up rotating through the format of the sending address to stop spammers from borrowing it... So they will use one format, and then change it after a while, and then use the new one for a bit, then change it again... -Philip
RE: Pling pling, many exclamations, and Yahoo!
Philip Prindeville wrote: Unfortunately Yahoo! also changed the policy about generating the MAIL FROM: line. It used to be that of the person sending to you. Now it's some long unique id: [EMAIL PROTECTED] Good for Yahoo. And about time, too. CNN's Clickability send-to-friend tool still uses the visitor's email as MAIL FROM:, which breaks SPF. -- Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902 Hispanic Business Inc./HireDiversity.com Software Engineer
RE: SpamAssassin large-scale users willing to comment?
Title: RE: SpamAssassin large-scale users willing to comment? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 22, 2006 1:00 PM To: users@spamassassin.apache.org Subject: SpamAssassin large-scale users willing to comment? Hey all -- Apache SpamAssassin has won DataMation Product of the Year in the anti-spam category *again* this year -- for the second year running! (yay!) One thing that would be really cool would be some comments from our customers, for the press surrounding this. If you, or someone you know, would be willing to talk to a reporter about how SpamAssassin has helped eliminate spam in your organization, that'd be great. (A non-technical organisation would be even better btw.) Anyone interested? Please reply here, or if you'd prefer to follow up confidentially for whatever reason, to [EMAIL PROTECTED]. --j. My company isn't technology based, and uses it. But that might be a little skewed if I do commentary :) Chris Santerre SysAdmin and SARE/URIBL ninja http://www.uribl.com http://www.rulesemporium.com
Re: SpamAssassin large-scale users willing to comment?
Chris Santerre wrote: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 22, 2006 1:00 PM To: users@spamassassin.apache.org Subject: SpamAssassin large-scale users willing to comment? Hey all -- Apache SpamAssassin has won DataMation Product of the Year in the anti-spam category *again* this year -- for the second year running! (yay!) One thing that would be really cool would be some comments from our customers, for the press surrounding this. If you, or someone you know, would be willing to talk to a reporter about how SpamAssassin has helped eliminate spam in your organization, that'd be great. (A non-technical organisation would be even better btw.) Anyone interested? Please reply here, or if you'd prefer to follow up confidentially for whatever reason, to [EMAIL PROTECTED]. Justin - we're technical, but I'd be more than happy to talk to reporters :) Michele -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239
RE: SpamAssassin large-scale users willing to comment?
We're a university. I'm not sure if we are as big as you're looking for (around 2100 mailboxes), but I'd be willing to talk to a reporter. Kris -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 22, 2006 12:00 PM To: users@SpamAssassin.apache.org Subject: SpamAssassin large-scale users willing to comment? Hey all -- Apache SpamAssassin has won DataMation Product of the Year in the anti-spam category *again* this year -- for the second year running! (yay!) One thing that would be really cool would be some comments from our customers, for the press surrounding this. If you, or someone you know, would be willing to talk to a reporter about how SpamAssassin has helped eliminate spam in your organization, that'd be great. (A non-technical organisation would be even better btw.) Anyone interested? Please reply here, or if you'd prefer to follow up confidentially for whatever reason, to [EMAIL PROTECTED]. --j.
Unsubsribe
Sorry to bother about this, but couldn't seem to find the answer. How do I unsubscribe from this list? // Mads
Re: SpamAssassin large-scale users willing to comment?
Justin, I am a local ISP that uses SpamAssassin to filter mail for our users. We have about 1 mail users, my daily mail volume is nearly 1,000,000 messages (of which most are blocked of course). I have in past been quoted in the news, but it is interesting how most of the technical information is left out by the reporters. An example is: http://www.crd-director.com/index.php?cat=64name=Internet%20News Winning the war against spam about halfway down in the archive you will see a local paper article I was interviewed for. I am impressed they left the mention of ham in there. So I am a technical user, however I am protecting non-technical people. If you can use any comments let me know! Regards, Brad. On Wednesday 22 February 2006 12:59, Justin Mason wrote: Hey all -- Apache SpamAssassin has won DataMation Product of the Year in the anti-spam category *again* this year -- for the second year running! (yay!) One thing that would be really cool would be some comments from our customers, for the press surrounding this. If you, or someone you know, would be willing to talk to a reporter about how SpamAssassin has helped eliminate spam in your organization, that'd be great. (A non-technical organisation would be even better btw.) Anyone interested? Please reply here, or if you'd prefer to follow up confidentially for whatever reason, to [EMAIL PROTECTED]. --j.
Re: Unsubsribe
Mads Ipsen wrote: Sorry to bother about this, but couldn't seem to find the answer. How do I unsubscribe from this list? // Mads list-help: mailto:[EMAIL PROTECTED] list-unsubscribe: mailto:[EMAIL PROTECTED] -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239
Re: Unsubsribe
On Wed, February 22, 2006 11:34 am, Mads Ipsen wrote: Sorry to bother about this, but couldn't seem to find the answer. How do I unsubscribe from this list? In the headers of each message: list-unsubscribe: mailto:[EMAIL PROTECTED]
RE: SpamAssassin large-scale users willing to comment?
[EMAIL PROTECTED] wrote: Hey all -- Apache SpamAssassin has won DataMation Product of the Year in the anti-spam category *again* this year -- for the second year running! (yay!) One thing that would be really cool would be some comments from our customers, for the press surrounding this. If you, or someone you know, would be willing to talk to a reporter about how SpamAssassin has helped eliminate spam in your organization, that'd be great. (A non-technical organisation would be even better btw.) FWIW, the new Windows Live Mail Beta service uses SpamAssassin. -- Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902 Hispanic Business Inc./HireDiversity.com Software Engineer
RE: SpamAssassin large-scale users willing to comment?
Matthew.van.Eerde wrote: FWIW, the new Windows Live Mail Beta service uses SpamAssassin. Er, wait, no it doesn't. Never mind. I was misreading the headers. Clickability uses SpamAssassin. They power CNN's Email this story tool. I had sent myself a CNN story to a Windows Live Mail Beta address, and I read the header as being added by a Windows Live Mail Beta server. In fact, it was added by the Clickability server. -- Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902 Hispanic Business Inc./HireDiversity.com Software Engineer
spamd mysql redux
Howdy list, I'm having the exact same problem that Glenn is/was having as posted about last week. (see http://article.gmane.org/gmane.mail.spam.spamassassin.general/77708) I'm using Fedora Core 4, perl 5.8.6, SA 3.1.0 and mysql 4.1. SA was installed by building an RPM directly from the tarball. It's a fresh install of everything on a brand new box. The sql username/password/database/port/etc is all fine. If I start spamd from the command line (spamd -q) it works fine. If I start it daemonized (spamd -q -d from the command line or service spamd start [with appropriate options in init script]), it won't talk to the database. The errors it produces (when run with -D) are: Feb 22 11:45:42 ronin spamd[3322]: bayes: using username: root Feb 22 11:45:42 ronin spamd[3322]: bayes: unable to connect to database: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (13) Feb 22 11:45:42 ronin spamd[3322]: config: score set 1 chosen. Feb 22 11:45:42 ronin spamd[3322]: config: failed to load user (root) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (13) Feb 22 11:45:42 ronin spamd[3322]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1682. I have it set up to use the db for bayes and user prefs. When it isn't running daemonized, I get the expected less than 200 spams learned and no user prefs found type of messages, indicating that the connection is being made and queries are being run successfully. This seems to be an issue with the daemonization of spamd, perhaps only on FC4. I've contacted Glen and he was nice enough to reply in a very timely manner, but he also hasn't found a solution. I've been pounding on this for a couple of days now and all I've got for my troubles is less hair (that's what happens when you pull it out!). I'm at my wit's end, and have to get this up and integrated this week. It's replacing an OLD SA installation (2.70-cvs) that's eating up all the resources on the server it's running on, which handles some other business-critical processes. If anyone has a suggestion beyond what's already been posted in the earlier thread, I'm all ears... Thanks, St-
Re: spamd mysql redux
Feb 22 11:45:42 ronin spamd[3322]: bayes: unable to connect to database: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (13) Is that where mysql.sock is located? I don't know where the MySQL RPMs might stick it, but source installs stick it at /tmp/mysql.sock by default.
Re: spamd mysql redux
Feb 22 11:45:42 ronin spamd[3322]: bayes: unable to connect to database: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (13) Is that where mysql.sock is located? I don't know where the MySQL RPMs might stick it, but source installs stick it at /tmp/mysql.sock by default. Yep, that's where it's at. I've also tried specifying the port in the dsn options in the cf file, i.e. user_scores_dsn DBI:mysql:spamassassin:localhost:3306 I'm most curious about the error number given - (13). In mysql speak, that's a 'permission denied', but according to the logs, there's no connection attempt even being made. I don't know if that number is coming from spamd, the perl db api or mysql. I doubt it's coming from mysql, since I'm not seeing any connection attempt whatsoever. Thanks, St-
RE: SpamAssassin large-scale users willing to comment?
Title: RE: SpamAssassin large-scale users willing to comment? -Original Message- From: Kristopher Austin [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 22, 2006 2:26 PM To: [EMAIL PROTECTED]; users@spamassassin.apache.org Subject: RE: SpamAssassin large-scale users willing to comment? We're a university. I'm not sure if we are as big as you're looking for (around 2100 mailboxes), but I'd be willing to talk to a reporter. You know, I got to thinking about the last time I talked to a reporter. He had come back from filming some baseball game, and had left his car parked in the one place we play roller hockey. I told him I only hit it a few times. Then he wanted to interview me, so I kept calling him the guy from channel 12, despite the fact that he was clearly wearing a shirt with a big channel 10 on it. Then I pushed further by talking about how hot the weather girl is on channel 12. :) Of course the one shot of us playing that got shown on the news was me getting tripped with a stick and taking a nasty road rash fall. Prbly best I don't talk to them. Otherwise the headline might read: Man reveals antispam product runs on fairies and pixidust! --Chris
Re: AWL question
From: Magnus Holmgren [EMAIL PROTECTED] Organization: Lysator ACS Date: Wed, 22 Feb 2006 12:10:47 +0100 To: users@spamassassin.apache.org Cc: Jon Essen-Moller [EMAIL PROTECTED] Subject: Re: AWL question Jon Essen-Moller skrev: Shouldn't addresses in the AWL result in points being subtracted? Käre Jon, This is probably the most frequently asked question of them all. AWL adds or subtracts points towards the previous average score of the sender. See http://wiki.apache.org/spamassassin/AwlWrongWay. -- Magnus Holmgren The bottom line is its a terrible name for what it actually does. Something like Historical Adjustment would be more accurate ;) -- Matthew Yette Senior Engineer (NOC/Operations) M.A. Polce Consulting 315-838-1644
Re: spamd mysql redux
On Wed, 22 Feb 2006, Steve Thomas wrote: Feb 22 11:45:42 ronin spamd[3322]: bayes: unable to connect to database: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (13) Is that where mysql.sock is located? I don't know where the MySQL RPMs might stick it, but source installs stick it at /tmp/mysql.sock by default. Yep, that's where it's at. I've also tried specifying the port in the dsn options in the cf file, i.e. user_scores_dsn DBI:mysql:spamassassin:localhost:3306 I'm most curious about the error number given - (13). In mysql speak, that's a 'permission denied', but according to the logs, there's no connection attempt even being made. I don't know if that number is coming from spamd, the perl db api or mysql. I doubt it's coming from mysql, since I'm not seeing any connection attempt whatsoever. i googled a bit and found this related to fedora3 and SELinux: http://forums.mysql.com/read.php?11,20759,21482#msg-21482 worth a try :) regards, Matthias
Re: spamd mysql redux
Steve Thomas wrote: I'm most curious about the error number given - (13). In mysql speak, that's a 'permission denied', but according to the logs, there's no connection attempt even being made. I don't know if that number is coming from spamd, the perl db api or mysql. I doubt it's coming from mysql, since I'm not seeing any connection attempt whatsoever. In /etc/my.cf make sure the 'log' option is set in [mysqld] and watch the logs in /var/lib/mysql/*.log. In mysql make sure you have given the correct permissions for root to have access to the spamassassin database from both localhost and the primary hostname of the system. (Chances are you don't need both but until you figure out how you're connecting) Check your mysql.user and mysql.db tables to make sure things are as you expect them to be. Be wary of root logins from % (any host) with read only perms that maybe overriding your other root logins. Run flush privileges in mysql to make sure everything is sane after making any mysql.* changes. -- Scott Russell [EMAIL PROTECTED] IBM Linux Technology Center
Re: spamd mysql redux
i googled a bit and found this related to fedora3 and SELinux: http://forums.mysql.com/read.php?11,20759,21482#msg-21482 I had seen that page, but didn't know what selinux was (thought it was a distro!) so I thought it was irrelevant. After checking it out, it turns out that that's what the problem is/was! I disabled selinux and the first test after rebooting seems to have worked. I don't believe I need selinux for anything, as our environment's pretty well controlled and we've made do without it for.. well forever, but I'll probably have to learn about it eventually so I suppose I'll start looking into it... Thanks a million Matthias. I'm kind of embarrassed that I was looking at the answer yesterday and dismissed it... :\ For Glen and the archives: I disabled selinux by setting the SELINUX environment variable to disabled in /etc/selinux/config and rebooting. Thanks again, St-
Re: SpamAssassin large-scale users willing to comment?
From: Chris Santerre [EMAIL PROTECTED] From: Kristopher Austin [mailto:[EMAIL PROTECTED] We're a university. I'm not sure if we are as big as you're looking for (around 2100 mailboxes), but I'd be willing to talk to a reporter. You know, I got to thinking about the last time I talked to a reporter. He had come back from filming some baseball game, and had left his car parked in the one place we play roller hockey. I told him I only hit it a few times. Then he wanted to interview me, so I kept calling him the guy from channel 12, despite the fact that he was clearly wearing a shirt with a big channel 10 on it. Then I pushed further by talking about how hot the weather girl is on channel 12. :) Of course the one shot of us playing that got shown on the news was me getting tripped with a stick and taking a nasty road rash fall. If you have a attitude it's best not to talk to reporters who are about to cover your activities. They have the last word and can REALLY mess you up. {^_-}
Re: When rules run amok....
I've been wondering if anybody would call 1_801.457.4483 and find out who it is, just for grins and giggles. And it's not QUITE what you posted. The 3 in 3BER is spurious. That is the last digit of the phone number. Chris mentions that the bozoid continues to do it, too. {^_-} - Original Message - From: Justin Mason [EMAIL PROTECTED] haha. NUMBER[0-255] s/NUM/randomdigit/g - 3BER[0-255] oops! the errors are harmless AFAIK. --j. jdow writes: I received this from a fellow on another list. It took some puzzling until I figured out what went wrong. He has yet to get back to me with whether or not there was a score on the message or not. But I think SA should guard itself if this leads to a message escaping getting marked. ===8--- Joanne, you're wise to the world of spammers, have you ever seen anything like this: Character in 'C' format wrapped in pack at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Util.pm line 711, GEN145 line 50. Feb 21 20:38:08 cpollock last message repeated 2 times Feb 21 20:38:08 cpollock spamd[28011]: Argument BE isn't numeric in pack at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Util.pm line 711, GEN145 line 50. Feb 21 20:38:08 cpollock spamd[28011]: Argument 1BE isn't numeric in pack at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Util.pm line 711, GEN145 line 50. Here are the headers that are causing this: X-Apparently-To: [EMAIL PROTECTED] via 1-801.457.4483BER[0-255].1BER[0-255].1_(801) (457) (4483)BER[0-255].1_(801) (457) (4483)BER[0-255]; Wed, 22 Feb 2006 08:29:56 +0600 X-Originating-IP: [1 801 457-4483BER[0-255].1BER[0-255].1_801_457_4483BER[0-255].1BER[0-255]] Received: from 1_801.457.4483BER[0-255].1_801.457.4483BER[0-255].1 (801) 457-4483BER[0-255].1-801.457.4483BER[0-255] (HELO c-1 801 457 4483BER[0-255].1_(801)_457_4483BER[0-255].1 (801) 457-4483BER[0-255].1_(801) (457) (4483)BER[0-255].client.comcast.net-MUNGED) (1.801.457.4483BER[0-255].1 801_457_4483BER[0-255].1 801 457 4483BER[0-255].1 801 457 4483BER[0-255]) by mta186.mail.re6.yahoo.com with SMTP; Wed, 22 Feb 2006 06:35:56 +0400 This seems like an attempt to make SA crap out or something. Looks almost like a phone number. Your thoughts? ===8--- pause here and see if you can figure it out. OK, here is the thought I had. Yes, that is a phone number, for the Salt lake City area. It was sent by a spam generator that had a nice rule for putting in numbers for IP addresses using $NUMBER[0-255]. But it also has a rule $NUM for putting in a telephone number. Guess which rule hit first. {^_-}
Re: spamd mysql redux
On Wed, 22 Feb 2006, Steve Thomas wrote: i googled a bit and found this related to fedora3 and SELinux: http://forums.mysql.com/read.php?11,20759,21482#msg-21482 I had seen that page, but didn't know what selinux was (thought it was a distro!) so I thought it was irrelevant. After checking it out, it turns out that that's what the problem is/was! I disabled selinux and the first test after rebooting seems to have worked. I don't believe I need selinux for anything, as our environment's pretty well controlled and we've made do without it for.. well forever, but I'll probably have to learn about it eventually so I suppose I'll start looking into it... Thanks a million Matthias. I'm kind of embarrassed that I was looking at the answer yesterday and dismissed it... :\ your welcome :) For Glen and the archives: I disabled selinux by setting the SELINUX environment variable to disabled in /etc/selinux/config and rebooting. when installing fedora, it ask for SELinux behavior (enabled / warnings only / disabled), IIRC right after firewall default settings. since i wasnt sure of what it really protects or is used for, i always set it to warnings only. still too lazy, reading the manpages :) regards, Matthias
Take a look at this spam
HelLo -at-use! I fouNd yoUr profile in seaRch result Here. whEn I read it I deCidEd to wriTe you and intRoduce mysElf. sO, mY nAme iS AnAstasia. I Know tHat my letteR may get loSt among oThers that comE to you evEry day, but It will be coOL if yoU'll write me. If yoU really searChing for your sEcond half wTh serious inTEntions to bUild a family, if you prefEr present diaLOgue instead of gaMe, I'll wait for yoUr ansWer. You mAy write me tO my e-maiL: dzumon{--at--]altern.org HaVe a nIce dAy!!! I'm waiTing... Bye-BYe! This scored really low.
Re: Take a look at this spam
wrote: HelLo -at-use! I fouNd yoUr profile in seaRch result Here. whEn I read it I deCidEd to wriTe you and intRoduce mysElf. sO, mY nAme iS AnAstasia. I Know tHat my letteR may get loSt among oThers that comE to you evEry day, but It will be coOL if yoU'll write me. If yoU really searChing for your sEcond half wTh serious inTEntions to bUild a family, if you prefEr present diaLOgue instead of gaMe, I'll wait for yoUr ansWer. You mAy write me tO my e-maiL: dzumon{--at--]altern.org HaVe a nIce dAy!!! I'm waiTing... Bye-BYe! This scored really low. o_O ...
Re: spamd mysql redux
To specify the socket in a perl DBI connect do the following: my $DBH = DBI-connect('dbi:mysql:databaseName;mysql_socket=/tmp/mysql.sock', 'user', 'password', {ShowErrorStatement = 1}) or die Can't open database; Steve Thomas wrote: Feb 22 11:45:42 ronin spamd[3322]: bayes: unable to connect to database: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (13) Is that where mysql.sock is located? I don't know where the MySQL RPMs might stick it, but source installs stick it at /tmp/mysql.sock by default. Yep, that's where it's at. I've also tried specifying the port in the dsn options in the cf file, i.e. user_scores_dsn DBI:mysql:spamassassin:localhost:3306 I'm most curious about the error number given - (13). In mysql speak, that's a 'permission denied', but according to the logs, there's no connection attempt even being made. I don't know if that number is coming from spamd, the perl db api or mysql. I doubt it's coming from mysql, since I'm not seeing any connection attempt whatsoever. Thanks, St- -- Barton L. Phillips Applied Technology Resources, Inc. Tel: (818)652-9850 Web: http://www.applitec.com
Re: When rules run amok....
On Wednesday 22 February 2006 4:30 pm, jdow wrote: I've been wondering if anybody would call 1_801.457.4483 and find out who it is, just for grins and giggles. And it's not QUITE what you posted. The 3 in 3BER is spurious. That is the last digit of the phone number. Chris mentions that the bozoid continues to do it, too. {^_-} Yep, and here is another one I just received, albet a bit different: Feb 22 13:27:54 cpollock spamd[11252]: Argument b isn't numeric in pack at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Util.pm line 711, GEN153 line 38. Feb 22 13:27:54 cpollock spamd[11252]: Argument ed isn't numeric in pack at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Util.pm line 711, GEN153 line 38. Feb 22 13:27:54 cpollock spamd[11252]: Argument Feb isn't numeric in pack at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Util.pm line 711, GEN153 line 38. Feb 22 13:27:54 cpollock spamd[11252]: Character in 'C' format wrapped in pack at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Util.pm line 711, GEN153 line 38. Feb 22 13:27:54 cpollock spamd[11252]: Argument 11:26:19 isn't numeric in pack at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Util.pm line 711, GEN153 line 38. Feb 22 13:27:54 cpollock spamd[11252]: Character in 'C' format wrapped in pack at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Util.pm line 711, GEN153 line 38. And here are the headers: Status: U Return-Path: [EMAIL PROTECTED] Received: from pop.earthlink.net [209.86.93.201] by localhost with POP3 (fetchmail-6.2.5) for [EMAIL PROTECTED] (single-drop); Wed, 22 Feb 2006 13:27:53 -0600 (CST) Received: from ADSL-200-59-108-16.capfed2.uolsinectis.com.ar ([200.59.108.16]) by mx-clapper.atl.sa.earthlink.net (EarthLink SMTP Server) with SMTP id 1fbZE76yn3Nl34b0; Wed, 22 Feb 2006 14:27:31 -0500 (EST) X-Originating-IP: 37.111.211.35 by smtp.200.59.108.16; Wed, 22 Feb 2006 11:26:19 -0800 Message-ID: [EMAIL PROTECTED] From: Martina Hatch [EMAIL PROTECTED] Reply-To: Martina Hatch [EMAIL PROTECTED] To: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: abstracter Free quality adult personals Date: Wed, 22 Feb 2006 11:26:19 -0800 I see where the 'Feb' and '11:26:19' are picked up but I fail to understand why. If there are harmless errors is this an attempt to choke SA or is it a bug somewhere in SA, or neither? -- Chris Registered Linux User 283774 http://counter.li.org 17:27:56 up 8 days, 11:18, 1 user, load average: 0.06, 0.15, 0.22 Mandriva Linux 10.1 Official, kernel 2.6.8.1-12mdk pgp22YmqSJ93N.pgp Description: PGP signature
Re: When rules run amok....
On 2/22/2006 4:58 AM, Justin Mason wrote: the errors are harmless AFAIK. Harmless and already fixed in both trunk and the 3.1 branch (they're caused by the extremely liberal IPv6 regex that was in use). Daryl
Re: When rules run amok....
On Wednesday 22 February 2006 6:24 pm, Daryl C. W. O'Shea wrote: On 2/22/2006 4:58 AM, Justin Mason wrote: the errors are harmless AFAIK. Harmless and already fixed in both trunk and the 3.1 branch (they're caused by the extremely liberal IPv6 regex that was in use). Daryl Thanks for the feedback Daryl. -- Chris Registered Linux User 283774 http://counter.li.org 18:26:43 up 8 days, 12:17, 1 user, load average: 0.10, 0.11, 0.09 Mandriva Linux 10.1 Official, kernel 2.6.8.1-12mdk pgpgo3uDCQCBs.pgp Description: PGP signature
FINAL CALL - Conference on Email and Anti-Spam 2006
Want to make sure folks know about this! - Forwarded message - Date: Wed, 22 Feb 2006 15:01:28 -0800 Subject: FINAL CALL - Conference on Email and Anti-Spam 2006 THE THIRD CONFERENCE ON EMAIL AND ANTI-SPAM (CEAS 2006) Thursday July 27 and Friday July 28, 2006 Mountain View, California http://www.ceas.cc/ FINAL CALL FOR PAPERS Submission Deadline: March 23, 2006 The Conference on Email and Anti-Spam (CEAS) invites short and long paper submissions on research results pertaining to a broad range of issues in email and Internet communication. Submissions may address issues relating to any form of electronic messaging, including traditional email, instant messaging, calendaring, mobile telephone text messaging, and voice over IP. Issues of interest include the analysis and abatement of abuses (such as spam, phishing, identity theft, and privacy invasion) as well as enhancements to and novel applications of electronic messaging. Papers will be selected by peer review for presentation at CEAS and inclusion in the proceedings. PAST PROCEEDINGS: 2004: http://ceas.cc/papers-2004/acceptedpapers.htm 2005: http://ceas.cc/2005/schedulepapers.htm These proceedings give an indication of some of the diverse topics of interest to CEAS. Novel departures from previously included topics are welcome. SUGGESTED TOPICS: * Message filtering, blocking, authentication - machine learning techniques - statistical techniques - natural language processing - protocols - trust and reputation - signatures * Message organization - automatic foldering - categorization - clustering - work flow * Message retrieval - search - summarization * Systems and network issues - performance and scalability - reliability and security - archival and retrieval * Evaluation - corpus and benchmark creation - measures and methodologies - tests of specific methods or products * Analysis - abuse tactics and patterns - legitimate use patterns * User issues - user interfaces - usability studies - messaging in support of user activities * Social issues - costs and benefits of messaging use and abuse - other social impacts - deducing social phenomena * Legal issues - spam - phishing - identity theft - privacy - freedom of speech - digital rights management KEY DATES: * Paper submission deadline: March 23, 2006 * Notification of acceptance: May 22 * Final camera-ready version of papers: June 22 * Conference: July 27 and 28, 2006 REQUIREMENTS: Papers may be of one of two types: short papers (two pages plus bibliography) or full papers (eight pages plus bibliography). Work may not have been previously published in, or under consideration for publication in any other conference or journal. Work that has been summarily reported on-line, or in technical reports or workshops, may be the basis of a CEAS submission provided that presentation and publication by CEAS would be unencumbered by prior copyright assignment. Submissions must use the CEAS electronic system (link to be announced). Style for submissions and final papers is a two-column, 8.5 by 11 inch format, as specified in the style files available at: http://www.ceas.cc/2006/format.htm. Papers will be reviewed by a committee of experts from academic and industrial research centers. Accepted papers will be made freely available on the web, and will be published on CD-ROM. Authors will retain copyright of their work. CONTACT: * [EMAIL PROTECTED], sends mail to the chair and co-chairs. GENERAL CONFERENCE CHAIR: * Gordon V. Cormack, University of Waterloo http://plg.uwaterloo.ca/~gvcormac/ PROGRAM CO-CHAIRS: * Ion Androutsopoulos, Athens University of Economics and Business http://www.aueb.gr/users/ion/ * Alek Kolcz, AOL http://pikespeak.uccs.edu/~Eark/alek/home.html * Dave Crocker, Brandenburg InternetWorking http://bbiw.net PROGRAM COMMITTEE: * Joshua Alspector, AOL * Paula J. Bruening, Center for Democracy and Technology * Vitor R. Carvalho, Carnegie Mellon University * Richard Clayton, University of Cambridge * W. Bruce Croft, University of Massachusetts Amherst * Natalie Glance, Intelliseek Applied Research Center * Joshua Goodman, Microsoft Research * John Graham-Cumming, no affiliation/independent * David Heckerman, Microsoft Research * José María Gómez Hidalgo, Universidad Europea de Madrid * Haym Hirsh, Rutgers University * Thomas Hofmann,
Re: SpamAssassin large-scale users willing to comment?
On Wednesday 22 February 2006 17:27, jdow wrote: From: Chris Santerre [EMAIL PROTECTED] From: Kristopher Austin [mailto:[EMAIL PROTECTED] We're a university. I'm not sure if we are as big as you're looking for (around 2100 mailboxes), but I'd be willing to talk to a reporter. You know, I got to thinking about the last time I talked to a reporter. He had come back from filming some baseball game, and had left his car parked in the one place we play roller hockey. I told him I only hit it a few times. Then he wanted to interview me, so I kept calling him the guy from channel 12, despite the fact that he was clearly wearing a shirt with a big channel 10 on it. Then I pushed further by talking about how hot the weather girl is on channel 12. :) Of course the one shot of us playing that got shown on the news was me getting tripped with a stick and taking a nasty road rash fall. If you have a attitude it's best not to talk to reporters who are about to cover your activities. They have the last word and can REALLY mess you up. {^_-} Chuckle. How true Joanne, in a couple of instances I won't relate here, the reporter didn't need any help at all to screw it up rather hillariously. We, like all brodcasters, have outtakes from the air tapes that goes back nearly 25 years, since 3/4 umatic brought the ability to store such stuff in an economical manner. Its about 3 hours of sometimes embarrasing, often gut busting material when all spliced together. And we've had smart-asses do exactly that to us, quoting the other station while our mike and camera is in is face. Depending on the story contents revelancy, it may or may not make it past the air packages editing. -- Cheers, Gene People having trouble with vz bouncing email to me should add the word 'online' between the 'verizon', and the dot which bypasses vz's stupid bounce rules. I do use spamassassin too. :-) Yahoo.com and AOL/TW attorneys please note, additions to the above message by Gene Heskett are: Copyright 2006 by Maurice Eugene Heskett, all rights reserved.
Re: When rules run amok....
Dig that forged origin ID: - Original Message - From: Chris [EMAIL PROTECTED] To: users@spamassassin.apache.org Sent: Wednesday, February 22, 2006 15:33 Subject: Re: When rules run amok
Re: When rules run amok....
Try that again Dig that forged origin ID: Received: from ADSL-200-59-108-16.capfed2.uolsinectis.com.ar ([200.59.108.16]) by mx-clapper.atl.sa.earthlink.net (EarthLink SMTP Server) with SMTP \ id 1fbZE76yn3Nl34b0; Wed, 22 Feb 2006 14:27:31 -0500 (EST) X-Originating-IP: 37.111.211.35 by smtp.200.59.108.16; Wed, 22 Feb 2006 11:26:19 -0800 That is an IANA block. {^_-} It seens 200.59.108.16 is attempting some fascinating forgeries in IDing itself to Dirtlink. It forged that X-Originating-IP bit it would appear. Clever attempt to make it look legit. If it's an attempt to confuse and SA simply is not getting confused. On the other hand, if the indentations on that message are real then your email tool is pretty well hosed. {o.o}
Re: SpamAssassin large-scale users willing to comment?
I'm interested in this reporter.We use spamassassin's partial features,it's original now,while we should improve it.Thre are more than a hundred million users are protected under SA here. -- [EMAIL PROTECTED] (Justin Mason) wrote: Hey all -- Apache SpamAssassin has won DataMation Product of the Year in the anti-spam category *again* this year -- for the second year running! (yay!) One thing that would be really cool would be some comments from our customers, for the press surrounding this. If you, or someone you know, would be willing to talk to a reporter about how SpamAssassin has helped eliminate spam in your organization, that'd be great. (A non-technical organisation would be even better btw.) Anyone interested? Please reply here, or if you'd prefer to follow up confidentially for whatever reason, to [EMAIL PROTECTED]. --j. _ Call Anyone, Anytime, Anywhere in the World - FREE! Free Internet calling from NetZero Voice Visit http://www.netzerovoice.com today!
Re: When rules run amok....
On Wednesday 22 February 2006 21:51, jdow wrote: Try that again Dig that forged origin ID: Received: from ADSL-200-59-108-16.capfed2.uolsinectis.com.ar ([200.59.108.16]) by mx-clapper.atl.sa.earthlink.net (EarthLink SMTP Server) with SMTP \ id 1fbZE76yn3Nl34b0; Wed, 22 Feb 2006 14:27:31 -0500 (EST) X-Originating-IP: 37.111.211.35 by smtp.200.59.108.16; Wed, 22 Feb 2006 11:26:19 -0800 That is an IANA block. {^_-} It seens 200.59.108.16 is attempting some fascinating forgeries in IDing itself to Dirtlink. It forged that X-Originating-IP bit it would appear. Clever attempt to make it look legit. If it's an attempt to confuse and SA simply is not getting confused. On the other hand, if the indentations on that message are real then your email tool is pretty well hosed. {o.o} I'd assume 'Dirt'Link might have an interest in hearing about that?, particularly since it appears to be a piece of uol, whom we all hate so much... -- Cheers, Gene People having trouble with vz bouncing email to me should add the word 'online' between the 'verizon', and the dot which bypasses vz's stupid bounce rules. I do use spamassassin too. :-) Yahoo.com and AOL/TW attorneys please note, additions to the above message by Gene Heskett are: Copyright 2006 by Maurice Eugene Heskett, all rights reserved.
Re: When rules run amok....
From: Gene Heskett [EMAIL PROTECTED] On Wednesday 22 February 2006 21:51, jdow wrote: Try that again Dig that forged origin ID: Received: from ADSL-200-59-108-16.capfed2.uolsinectis.com.ar ([200.59.108.16]) by mx-clapper.atl.sa.earthlink.net (EarthLink SMTP Server) with SMTP \ id 1fbZE76yn3Nl34b0; Wed, 22 Feb 2006 14:27:31 -0500 (EST) X-Originating-IP: 37.111.211.35 by smtp.200.59.108.16; Wed, 22 Feb 2006 11:26:19 -0800 That is an IANA block. {^_-} It seens 200.59.108.16 is attempting some fascinating forgeries in IDing itself to Dirtlink. It forged that X-Originating-IP bit it would appear. Clever attempt to make it look legit. If it's an attempt to confuse and SA simply is not getting confused. On the other hand, if the indentations on that message are real then your email tool is pretty well hosed. {o.o} I'd assume 'Dirt'Link might have an interest in hearing about that?, particularly since it appears to be a piece of uol, whom we all hate so much... No they wouldn't. It's so obviouslt a forgery it's pathetic. ANY email indicating a dotted quad address starting with 37 is inside an IANA Reserved block of addresses. They aren't issued. {^_-}
Re: SpamAssassin large-scale users willing to comment?
Jeff Peng wrote: I'm interested in this reporter.We use spamassassin's partial features, it's original now,while we should improve it. Thre are more than a hundred million users are protected under SA here. A hundred million or a hundred thousand? Cami
Updated Pump and Dump rules. 2006-02-23
I just committed version 01.00.08 of this ruleset to: http://rulesemporium.com/rules/70_sare_stocks.cf It should appear within the hour. Enjoy. -Doc (SA/SARE/URIBL/SURBL -- Ninja)
Re: Updated Pump and Dump rules. 2006-02-23
On Thursday 23 February 2006 01:06, Doc Schneider wrote: I just committed version 01.00.08 of this ruleset to: http://rulesemporium.com/rules/70_sare_stocks.cf It should appear within the hour. Enjoy. -Doc (SA/SARE/URIBL/SURBL -- Ninja) I've copied this one from that link into the directory where these things live, and added a SARE_STOCKS to the list in the config file, but rules_du_jour claims its not a valid item. Reporting this: No index found for ruleset named SARE_STOCKS. Check that this ruleset is still valid. I'd also gotten rid of SARE_RANDOMVAL from the config for the same reason. Is there something I've forgotten to do to enable this rule set? -- Cheers, Gene People having trouble with vz bouncing email to me should add the word 'online' between the 'verizon', and the dot which bypasses vz's stupid bounce rules. I do use spamassassin too. :-) Yahoo.com and AOL/TW attorneys please note, additions to the above message by Gene Heskett are: Copyright 2006 by Maurice Eugene Heskett, all rights reserved.
Re: Updated Pump and Dump rules. 2006-02-23
Gene Heskett wrote: On Thursday 23 February 2006 01:06, Doc Schneider wrote: I just committed version 01.00.08 of this ruleset to: http://rulesemporium.com/rules/70_sare_stocks.cf It should appear within the hour. Enjoy. -Doc (SA/SARE/URIBL/SURBL -- Ninja) I've copied this one from that link into the directory where these things live, and added a SARE_STOCKS to the list in the config file, but rules_du_jour claims its not a valid item. Reporting this: No index found for ruleset named SARE_STOCKS. Check that this ruleset is still valid. I'd also gotten rid of SARE_RANDOMVAL from the config for the same reason. Is there something I've forgotten to do to enable this rule set? Have you upgraded and installed the newest RDJ? This has come up on this list a lot recently and from what I understand is that RDJ does auto download its newest version but it doesn't auto install it. Let me know if that works. -Doc
Re: SpamAssassin large-scale users willing to comment?
A hundred million or a hundred thousand? I really mean a hundred million. _ Call Anyone, Anytime, Anywhere in the World - FREE! Free Internet calling from NetZero Voice Visit http://www.netzerovoice.com today!