Re: Internal email marked as spam...
Daryl C. W. O'Shea wrote: >Screaming Eagle wrote: > > >>All, >>Emailing with outlook and from internal network is marked as spam: >>pts rule name description >> -- >>-- >>-1.8 ALL_TRUSTEDPassed through trusted hosts only via SMTP >> 1.1 MIME_HTML_MOSTLY BODY: Multipart message mostly text/html MIME >> 1.0 HTML_MESSAGE BODY: HTML included in message >> 0.1 HTML_90_100BODY: Message is 90% to 100% HTML >> 3.0 BAYES_00 BODY: Bayesian spam probability is 0 to 1% >>[score: 0.0002] >> 2.8 RATWARE_OUTLOOK_NONAME Bulk email fingerprint (Outlook no name) >>found >> 1.9 RATWARE_MS_HASHBulk email fingerprint (msgid ms hash) found >> 1.7 MSGID_DOLLARS Message-Id has pattern used in spam >>-0.8 AWLAWL: From: address is in the auto white-list >> >>I think the RATWARE_OUTLOOK_NOMAME, RATWARE_MS_HASH,and MSGID_DOLLARS >>is skewing the score. I have only seen this score if you use MS >>OUTLOOK. Any idea why and if there is work around for this? Thanks. >> >> > > > > 3.0 BAYES_00 BODY: Bayesian spam probability is 0 to 1% > > [score: 0.0002] > >Whoever set the score for BAYES_00 to 3.0 must have been high! > >Daryl > > That's true, but you'd still be over 5.0 even without it. -Philip
RE: Internal email marked as spam...
I second that. > -Original Message- > From: Daryl C. W. O'Shea [mailto:[EMAIL PROTECTED] > Sent: Monday, April 10, 2006 8:29 PM > To: spam mailling list > Subject: Re: Internal email marked as spam... > > Screaming Eagle wrote: > > All, > > Emailing with outlook and from internal network is marked as spam: > > pts rule name description > > -- > > -- > > -1.8 ALL_TRUSTEDPassed through trusted hosts only via SMTP > > 1.1 MIME_HTML_MOSTLY BODY: Multipart message mostly text/html > MIME > > 1.0 HTML_MESSAGE BODY: HTML included in message > > 0.1 HTML_90_100BODY: Message is 90% to 100% HTML > > 3.0 BAYES_00 BODY: Bayesian spam probability is 0 to 1% > > [score: 0.0002] > > 2.8 RATWARE_OUTLOOK_NONAME Bulk email fingerprint (Outlook no name) > > found > > 1.9 RATWARE_MS_HASHBulk email fingerprint (msgid ms hash) found > > 1.7 MSGID_DOLLARS Message-Id has pattern used in spam > > -0.8 AWLAWL: From: address is in the auto white-list > > > > I think the RATWARE_OUTLOOK_NOMAME, RATWARE_MS_HASH,and MSGID_DOLLARS > > is skewing the score. I have only seen this score if you use MS > > OUTLOOK. Any idea why and if there is work around for this? Thanks. > > > > 3.0 BAYES_00 BODY: Bayesian spam probability is 0 to 1% > > [score: 0.0002] > > Whoever set the score for BAYES_00 to 3.0 must have been high! > > Daryl
Re: Internal email marked as spam...
Screaming Eagle wrote: All, Emailing with outlook and from internal network is marked as spam: pts rule name description -- -- -1.8 ALL_TRUSTEDPassed through trusted hosts only via SMTP 1.1 MIME_HTML_MOSTLY BODY: Multipart message mostly text/html MIME 1.0 HTML_MESSAGE BODY: HTML included in message 0.1 HTML_90_100BODY: Message is 90% to 100% HTML 3.0 BAYES_00 BODY: Bayesian spam probability is 0 to 1% [score: 0.0002] 2.8 RATWARE_OUTLOOK_NONAME Bulk email fingerprint (Outlook no name) found 1.9 RATWARE_MS_HASHBulk email fingerprint (msgid ms hash) found 1.7 MSGID_DOLLARS Message-Id has pattern used in spam -0.8 AWLAWL: From: address is in the auto white-list I think the RATWARE_OUTLOOK_NOMAME, RATWARE_MS_HASH,and MSGID_DOLLARS is skewing the score. I have only seen this score if you use MS OUTLOOK. Any idea why and if there is work around for this? Thanks. > 3.0 BAYES_00 BODY: Bayesian spam probability is 0 to 1% > [score: 0.0002] Whoever set the score for BAYES_00 to 3.0 must have been high! Daryl
Internal email marked as spam...
All, Emailing with outlook and from internal network is marked as spam: pts rule name description -- -- -1.8 ALL_TRUSTED Passed through trusted hosts only via SMTP 1.1 MIME_HTML_MOSTLY BODY: Multipart message mostly text/html MIME 1.0 HTML_MESSAGE BODY: HTML included in message 0.1 HTML_90_100 BODY: Message is 90% to 100% HTML 3.0 BAYES_00 BODY: Bayesian spam probability is 0 to 1% [score: 0.0002] 2.8 RATWARE_OUTLOOK_NONAME Bulk email fingerprint (Outlook no name) found 1.9 RATWARE_MS_HASH Bulk email fingerprint (msgid ms hash) found 1.7 MSGID_DOLLARS Message-Id has pattern used in spam -0.8 AWL AWL: From: address is in the auto white-list I think the RATWARE_OUTLOOK_NOMAME, RATWARE_MS_HASH,and MSGID_DOLLARS is skewing the score. I have only seen this score if you use MS OUTLOOK. Any idea why and if there is work around for this? Thanks.
Re: Learning SpamAssassin
Dan wrote: > Follow up question (even more odd than weight limits): > > I want to flag all messages as spam, then configure various rules as > exceptions, marking them as ham. But how do I universally mark > messages one way in SpamAssassin and then unmark them in the other? > > I realize this is unorthodox, but I would appreciate any suggestions. Hmm.. this might be a bit tough. Since SA rules by nature detect something, it might be difficult to detect "something or nothing".. Perhaps this: body L_DEFAULT_ALL /.?/ score L_DEFAULT_ALL 5.0 would work.. That should detect even a message with no body.. >
Re: should I upgrade?
I tried sa-learn, but don't you need a sizable spam collection for it to work? The docs say that you need to collect about a thousand of ham and spam messages before the training starts to work. That sounds like a pain in the neck. Or am I missing something? I ran sa-learn on this one message, than ran SA with the -D switch and it said that it was ignoring the Bayes database because there was only one message. How is it working for you? Or did you do the initial training? On Mon, 2006-04-10 at 21:49 -0400, BMWrider wrote: > All, > > When I upgraded to 3.1.1 the Online Pharmaceutical SPAM also came > through. It didn't take much effort to > run sa-learn --spam on a bunch of them to shut them out. The spammers > are trying some new tricks right > now which will get through a fresh upgrade but again manual training > will stop them quickly. > > Richard > > > > "The advantage of a bad memory is that one enjoys several times the > same good things for the first time." > Friedrich Nietzsche > > > On Apr 10, 2006, at 8:59 PM, Sergei Gerasenko wrote: > > > Thanks for such a quick reply. So upgrading would really be helpful in > > terms of performance if nothing else. Ok, I'll give it a thought. > > Maybe > > I'll find a Debian package with the latest version. Should be > > possible. > > > > I installed SpamAssassin today for the first time and "The Ultimate > > Online Pharmaceutical" (seems like a LOT of people get this one in > > particular) came through undetected. I had to add a manual rule to > > take > > care of it. Could that have happened because I have an older > > version of > > SA? If so, any options besides upgrading? > > > > Thanks! > > > > On Mon, Apr 10, 2006 at 08:40:03PM -0400, Matt Kettler wrote: > >> Sergei Gerasenko wrote: > >>> Hello everybody, > >>> > >>> Got a potentially previously answered question. I have spamassassin > >>> 3.0.2-3, which is the current release with Debian. I wouldn't > >>> like to > >>> deviate from the official package and so I'm wondering if it's > >>> absolutely necessary to upgrade. I diffed the rules, they seem to > >>> be the > >>> same. > >>> > >>> That's actually why I'm looking into this. I'll need to update > >>> the rules > >>> periodically and sa-update is not in 3.0.2. Is there a repository > >>> of the > >>> standard rules somewhere? I couldn't find it no matter how hard I > >>> looked. > >> There are no standard rule updates that will work with the SA 3.0.x > >> codebase. > >> > >> The whole idea behind SA 0.1 through 3.0.5 was that if you needed new > >> rules, you upgraded your SA version. Rule updates were previously > >> very > >> slow, due to the expensive mass-check process. New releases of SA > >> code > >> came out much faster than new rules, thus there was no point in > >> separating the two. (rule updates were typically only made once or > >> twice > >> for a given major.minor release of SA. ie: 2.60 and 2.64 had rule > >> updates, 2.61-63 did not.) > >> > >> With 3.1.1 and higher, the SA devs are trying out an approach of > >> adding > >> on rules and making updates to an already released version. However, > >> this is a completely new concept, and thus only supported on the > >> completely new version. > >> >
Re: Learning SpamAssassin
Follow up question (even more odd than weight limits): I want to flag all messages as spam, then configure various rules as exceptions, marking them as ham. But how do I universally mark messages one way in SpamAssassin and then unmark them in the other? I realize this is unorthodox, but I would appreciate any suggestions. Thanks, Dan
Re: should I upgrade?
> Side-note.. what version of SA did you diff against? I downloaded Mail-SpamAssassin-current from the ftp. I thought that was a link to the most current version. I might have been wrong. > All that said, you might be OK with debian's SA 3.0.2-3. While it's > important to be fairly current on SA, it's not always critical to be on Cool. > I myself despise distro port packages and avoid them for any package > that I have a solid knowledge of that I want to update readily. I lean I agree but this has to be super stable even if there's a chance of slight problems. At home I go for the latest :)
Re: should I upgrade?
Thanks for such a quick reply. So upgrading would really be helpful in terms of performance if nothing else. Ok, I'll give it a thought. Maybe I'll find a Debian package with the latest version. Should be possible. I installed SpamAssassin today for the first time and "The Ultimate Online Pharmaceutical" (seems like a LOT of people get this one in particular) came through undetected. I had to add a manual rule to take care of it. Could that have happened because I have an older version of SA? If so, any options besides upgrading? Thanks! On Mon, Apr 10, 2006 at 08:40:03PM -0400, Matt Kettler wrote: > Sergei Gerasenko wrote: > > Hello everybody, > > > > Got a potentially previously answered question. I have spamassassin > > 3.0.2-3, which is the current release with Debian. I wouldn't like to > > deviate from the official package and so I'm wondering if it's > > absolutely necessary to upgrade. I diffed the rules, they seem to be the > > same. > > > > That's actually why I'm looking into this. I'll need to update the rules > > periodically and sa-update is not in 3.0.2. Is there a repository of the > > standard rules somewhere? I couldn't find it no matter how hard I > > looked. > There are no standard rule updates that will work with the SA 3.0.x > codebase. > > The whole idea behind SA 0.1 through 3.0.5 was that if you needed new > rules, you upgraded your SA version. Rule updates were previously very > slow, due to the expensive mass-check process. New releases of SA code > came out much faster than new rules, thus there was no point in > separating the two. (rule updates were typically only made once or twice > for a given major.minor release of SA. ie: 2.60 and 2.64 had rule > updates, 2.61-63 did not.) > > With 3.1.1 and higher, the SA devs are trying out an approach of adding > on rules and making updates to an already released version. However, > this is a completely new concept, and thus only supported on the > completely new version. >
Re: should I upgrade?
Sergei Gerasenko wrote: > Hello everybody, > > Got a potentially previously answered question. I have spamassassin > 3.0.2-3, which is the current release with Debian. I wouldn't like to > deviate from the official package and so I'm wondering if it's > absolutely necessary to upgrade. I diffed the rules, they seem to be the > same. > Side-note.. what version of SA did you diff against? It seems highly improbable that the rules you have are the same as those in 3.1.1. Also, even if the literal .cf files are the same, the code implements some of the rules. ALL_TRUSTED behaves considerably different between 3.0.0-3.0.4 and 3.0.5. Did debian backport the changes in the Received: parser that cause this change? All that said, you might be OK with debian's SA 3.0.2-3. While it's important to be fairly current on SA, it's not always critical to be on the latest release. You'll loose out on a little accuracy, but if staying within debian's ports is important to you it might be worth the trade-off. That's your choice to make. I myself despise distro port packages and avoid them for any package that I have a solid knowledge of that I want to update readily. I lean on distro packages for odds-and-ends utilities that I rarely change outside of security updates (bash, tar, gzip), but I go official-source for packages I'm pushing the leading edge of (SA, clamav, snort, etc). But that's my personal preference, and it's not suited to everyone.
Re: should I upgrade?
Heute (11.04.2006/02:40 Uhr) schrieb Matt Kettler, > The whole idea behind SA 0.1 through 3.0.5 was that if you needed new > rules, you upgraded your SA version. Rule updates were previously very > slow, due to the expensive mass-check process. New releases of SA code > came out much faster than new rules, thus there was no point in > separating the two. (rule updates were typically only made once or twice > for a given major.minor release of SA. ie: 2.60 and 2.64 had rule > updates, 2.61-63 did not.) > With 3.1.1 and higher higher? what did you mean? 3.1.1 is the latest version, or? You mean the following version or what? ;) > , the SA devs are trying out an approach of adding > on rules and making updates to an already released version. However, > this is a completely new concept, and thus only supported on the > completely new version. -- Viele Gruesse, Kind regards, Jim Knuth [EMAIL PROTECTED] ICQ #277289867 -- Zufalls-Zitat -- Küchenschaben gab es schon, ehe die Dinosaurier auf der Erde erschienen. -- Der Text hat nichts mit dem Empfaenger der Mail zu tun -- Virus free. Checked by NOD32 Version 1.1481 Build 7052 10.04.2006
Re: should I upgrade?
Sergei Gerasenko wrote: > Hello everybody, > > Got a potentially previously answered question. I have spamassassin > 3.0.2-3, which is the current release with Debian. I wouldn't like to > deviate from the official package and so I'm wondering if it's > absolutely necessary to upgrade. I diffed the rules, they seem to be the > same. > > That's actually why I'm looking into this. I'll need to update the rules > periodically and sa-update is not in 3.0.2. Is there a repository of the > standard rules somewhere? I couldn't find it no matter how hard I > looked. There are no standard rule updates that will work with the SA 3.0.x codebase. The whole idea behind SA 0.1 through 3.0.5 was that if you needed new rules, you upgraded your SA version. Rule updates were previously very slow, due to the expensive mass-check process. New releases of SA code came out much faster than new rules, thus there was no point in separating the two. (rule updates were typically only made once or twice for a given major.minor release of SA. ie: 2.60 and 2.64 had rule updates, 2.61-63 did not.) With 3.1.1 and higher, the SA devs are trying out an approach of adding on rules and making updates to an already released version. However, this is a completely new concept, and thus only supported on the completely new version.
should I upgrade?
Hello everybody, Got a potentially previously answered question. I have spamassassin 3.0.2-3, which is the current release with Debian. I wouldn't like to deviate from the official package and so I'm wondering if it's absolutely necessary to upgrade. I diffed the rules, they seem to be the same. That's actually why I'm looking into this. I'll need to update the rules periodically and sa-update is not in 3.0.2. Is there a repository of the standard rules somewhere? I couldn't find it no matter how hard I looked. I saw on the spamassassin site that 3.0.0 should be upgraded, but does it go for 3.0.2 as well? Sorry if this has been answered many times. Thanks!
Sending spam with Mailman
I suppose I shouldn't be shocked by this but it surprised me to receive some spam sent with Mailman. I have a folder for catching all mailing list mail that doesn't yet have its own procmail rule. The catch-all procmail rule looks for anything with a List-Id header and dumps it in ~/mail/Lists/Unknown. That reminds me to add a new rule for a freshly-subscribed list. Today I found spam in that folder, and it had legitimate-looking Mailman headers. I figure SURBL will catch it quickly, but I find it troubling that this is going to reduce the Bayes quality of List-Id headers over time. Note that the recipient is one of my spam traps on my website, "index_html". That tells me which page supplied the address. (If I used dynamic pages I could even encode the time and IP address of the spider in the spamtrap.) The list headers point to what looks like a legitimate Mailman setup, and the sending IP has SPF_PASS.--- Begin Message --- Visit Our Website Click below to see the large size photo Beautiful Brasil As you aware Brasil is currently one of the Worlds 'Hotspots' for Tourism and Investment Property. We are a property developer based in Parnaíba in the state of Piauí NE Brasil. We have new houses, resales and a land bank of over a thousand acres. Many people like the idea of purchasing a plot of land first and then building their 'Dream' property at their own pace. We are interested in developing arrangements with you to market our properties and are prepared to offer a sales discount for a limited period to purchasers. Please look at our web site www.solutionsbrasil.com If you are intrested in purchasing property, selling properties or developing a joint venture arrangement, please contact us to discuss further. QUOTE REFERENCEGDP01 Purchasing PropertiesGDP07 Selling Properties GDP09 Joint Venture Arrangement Or use our Contact us form We very much look forward to discussing these options with you further. Yours sincerely,Lee Courtney-RowlandsSales DirectorEmail: [EMAIL PROTECTED] Phone: +55 86 3322 6566Mobile: +55 86 9409 5283 Solutions BrasilRua Pedro II, 1750 - CentroCEP 64200-420 - Parnaiba - Piaui - Brasil Click here to visit our website. if you don't want receive more e-mails like this, please click here Telephone: +55 86 3322 6566Telephone: +55 86 3322 1129E-mail: [EMAIL PROTECTED] --- End Message ---
RE: apache httpd + spam assassin = web without spam?
> I was having this problem for a while... then I added a confirmation block > to my guestbook - so that any post had to be confirmed. > > Boom - spam stopped (I've never even gotten confirmation notices that they > tried again). I did basically the same thing. I hacked PHPBB a little to throw an error if a certain non-standard form field didn't have a specific value, and my forum spam has stopped completely. Their bots are still creating accounts, but they can't post, so there's no real damage done. St-
Re: Learning SpamAssassin
No, I'm saying 15 digits. That's *total* combined between integer and decimal places. However, because the floating point is stored in a scientific notation, you can add a bunch of extra zeros to push those 15 digits around. So you can have: (15 digits) + (307 zeros).0 or 0.(307 zeros) +(15 digits) (note: I've simplified the math a lot here, because none of this is really stored in terms of decimal places. It's really stored as powers-of- two, binary format. It's really 2^51 +/- 2^e , where e can be up to anywhere up to 1023) Okay, I'm getting you. Maximum 15 unique/consecutive digits, positioned/valued by additional zeros. Thanks!
Re: Learning SpamAssassin
Dan wrote: >> The total range for the mantissa of a double-precision float is >> 52-bits, with 1 >> bit for sign. This means that the range between your most significant >> and least >> significant digit of the final summed answer cannot be greater than >> 2^51, or >> you'll loose precision. >> >> The total range for the exponent of a double-precision float is >> 2^1023, so you >> cannot express any numbers larger than 2^51 + 2^1023. >> > > > I'm not that experienced with math/compsci, but Excel describes > > 2^51 as having 15 digits (2,251,799,813,685,250) > > 2^1023 comes in with 307 digits (won't display above 255) > > > So you're saying 307 integers and 15 decimals?: No, I'm saying 15 digits. That's *total* combined between integer and decimal places. However, because the floating point is stored in a scientific notation, you can add a bunch of extra zeros to push those 15 digits around. So you can have: (15 digits) + (307 zeros).0 or 0.(307 zeros) +(15 digits) (note: I've simplified the math a lot here, because none of this is really stored in terms of decimal places. It's really stored as powers-of-two, binary format. It's really 2^51 +/- 2^e , where e can be up to anywhere up to 1023)
Re: Learning SpamAssassin
The total range for the mantissa of a double-precision float is 52- bits, with 1 bit for sign. This means that the range between your most significant and least significant digit of the final summed answer cannot be greater than 2^51, or you'll loose precision. The total range for the exponent of a double-precision float is 2^1023, so you cannot express any numbers larger than 2^51 + 2^1023. I'm not that experienced with math/compsci, but Excel describes 2^51 as having 15 digits (2,251,799,813,685,250) 2^1023 comes in with 307 digits (won't display above 255) So you're saying 307 integers and 15 decimals?: 1000 .001 Thanks, Dan
Re: Learning SpamAssassin
Dan wrote: > Good approach Herb, thanks > > > To anyone: > > 1) What is the highest weight value (in number of digits) supported by > SpamAssassin? > > 2) What is the smallest weigh value (in decimal places) supported by > SpamAssassin? In current practice, the range is 1000 to 0.0001. The code that prints results is heavily biased toward this input range, and also rounds or truncates to the nearest tenth. I think this is pretty much the widest dynamic range you should ever have need to use. However, when it comes down to parsing and internal mathematics, spamassassin is likely only limited by the capacity of IEEE double-precision floating point numbers, which perl uses for all floating point math. These limits do not result in a static number of digits. The more you use to the left of the decimal place, the less you can use to the right without loosing precision. The total range for the mantissa of a double-precision float is 52-bits, with 1 bit for sign. This means that the range between your most significant and least significant digit of the final summed answer cannot be greater than 2^51, or you'll loose precision. The total range for the exponent of a double-precision float is 2^1023, so you cannot express any numbers larger than 2^51 + 2^1023.
Re: Learning SpamAssassin
Good approach Herb, thanks To anyone: 1) What is the highest weight value (in number of digits) supported by SpamAssassin? 2) What is the smallest weigh value (in decimal places) supported by SpamAssassin? These might look like: 10 .01 Thanks, Dan
FW: RERE:We want approve yours loan l42kr9
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Monday, April 10, 2006 5:49 AM To: [EMAIL PROTECTED] Subject: RERE:We want approve yours loan l42kr9 Dear [EMAIL PROTECTED] http://ca.geocities.com/nq92ra63ut5// You have been approved for a $402,000 house loan at a 3.45% Fixed R.ate. This offer is being presented to you right now!. Your credit history is in no way a factor. We have 99% approval rate. To take advantage of this Limited Time Opportunity, please take a minute and confirm your curiosity or intention to accept this loan, at the following web-site: http://ca.geocities.com/nq92ra63ut5// Best Regards Danny DeCapri http://ca.geocities.com/nq92ra63ut5// [EMAIL PROTECTED] wrote: > RE:We can approve any loan sopq5jvljif8wk XogME8ionYqOSJXMeHMSgMB <>
Using SpamAssassin In Perl
Hello; Our company newsletter is not getting to some of our subscribers. My guess is it is ending up in junk mail folders. We have a section on relationship tips and I am concerned some of the content in this section could be triggering spam filters. I am working on a script that runs SpamAssassin on an uploaded text version of the letter so I can scan the content. What I would love is a report flagging content that might be causing a problem (and the overall score) so I can send the letter back to the creative team showing them the exact content that needs to be rewritten/removed. Below is the script I have started. I am not sure what the spamassissin report should look like, but what I am getting back can't be it (It just gives me the version of spam assassin and the name of the file). I am not experienced in Perl so it could easily be a problem with my code. Is there any easier way to get a report on an email?What is a good online reference for understanding the SpamAssassin API? Thanks, Luke #!/Perl/bin/perl use strict; use CGI qw(:standard); use Mail::SpamAssassin; # get a parameter from a form my $fulltext = param('fulltext') || 'no text supplied'; #create an array from the text in the file my @lines = split(/\n/, $fulltext); #create a test my $spamtest = Mail::SpamAssassin->new( ); #create a new mail object my $mail = $spamtest->parse([EMAIL PROTECTED]); #create a status object my $status = $spamtest->check($mail); # output a document print header( ), start_html("Spam Assasin Report"), p("SpamAssassin Report: ", tt(escapeHTML($status->rewrite_mail())), end_html( ); Enrich your life at Yahoo! Canada Finance
Re: SpamAssassin Woes
JD Smith wrote: > That is what I was beginning to suspect. Is there a way to untrain the > emails I ran through it? Feed them to sa-learn --forget. >It was a pretty large selection.. A few > thousand of both spam and ham. > > I turned on auto-learning so it should start to pick things up on it's > own without needing me to train it, no? True, but it's generally best to start off with at least a small sample of hand-picked emails for training. Left entirely to it's own devices, bayes learning can sometimes go awry. A little hand training helps keep it from mis-learning because of the "no contradictions" rule. (Never autolearn as spam any message that existing training says is strongly ham, and vice versa). > > Training on a per user basis could be difficult as this is a gateway > scanning and feeding mail on to around ten or so domains some of which > are rather large such as the Caddo Parish School Board that puts through > around 10,000 mails per day. If you're using MailScanner, there's no option for per-user bayes.
RE: SpamAssassin Woes
That is what I was beginning to suspect. Is there a way to untrain the emails I ran through it? It was a pretty large selection.. A few thousand of both spam and ham. I turned on auto-learning so it should start to pick things up on it's own without needing me to train it, no? Training on a per user basis could be difficult as this is a gateway scanning and feeding mail on to around ten or so domains some of which are rather large such as the Caddo Parish School Board that puts through around 10,000 mails per day. Best regards, JD Smith -Original Message- From: Sander Holthaus [mailto:[EMAIL PROTECTED] Sent: Monday, April 10, 2006 9:51 AM To: JD Smith Cc: users@spamassassin.apache.org Subject: Re: SpamAssassin Woes -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 JD Smith wrote: > Greetings List: > > My name is JD Smith and I have been put in charge of setting up a spam > solution for my organization. I have chosen to go with MailScanner + > Postfix + SA + MailWatch. > > I have everything pretty much setup and it is working, however my spam > filtering is far from the 90th percentile.. I think I'm actually only > catching around 70% or something which is worse than our old solution. > > I trained the bayes with a corpus of common spam that was recommended to > me by someone somewhere (I forget) when I first got started. Maybe I > need new updated rules? Does anyone have any suggestions on where I > might find a list of good, suggested rules to implement? > > Best regards, > > JD Smith > > Training Bayes with common spam is not the best way. It should be learned with Spam that is specific for your mail-accounts (or better, on a per account basis). SARE has some very good rules. The SpamAssassin Wiki should help you out further. Kind Regards, Sander Holthaus -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.2 (MingW32) iD8DBQFEOnDiVf373DysOTURAgIFAJ47fscgLgPAWiCYHmQC3JkEHhMRgQCghOUU ow7Vf7Ho9UZytJt41kJOCRs= =iG6f -END PGP SIGNATURE- -- This message has been scanned for viruses and dangerous content by ShooSpam, and is believed to be clean.
FW: SpamAssassin Woes
Forwarding, I ws replying directly to Martin for some reason. -Original Message- From: JD Smith Sent: Monday, April 10, 2006 9:51 AM To: 'Martin Hepworth' Subject: RE: SpamAssassin Woes Aye, that's in my lint so I guess I do have that turned on. :) I don't have a 88_FVGT_headers.cf anywhere. Could I possibly be missing some rules that are distributed by default? I just updated my rule list with a selection from SARE, hopefully that increases my effectiveness a decent bit. Was training my SA with that corpus a bad idea? From what I just read in the FAQ it seems like SA is already fairly well trained on generic messages and that it will auto learn my specific spam better... Could I have possible done more harm than good? It seemed to be more effective pre training. Best regards, JD Smith -Original Message- From: Martin Hepworth [mailto:[EMAIL PROTECTED] Sent: Monday, April 10, 2006 9:24 AM To: JD Smith Subject: RE: SpamAssassin Woes Looks like you're already the URI-RBL...you can check by looking at the output of the --lint you should see something akin to.. [89163] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC [89163] dbg: plugin: registered Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8d92d90) And [89163] dbg: dns: name server: 127.0.0.1, family: 2, ipv6: 0 [89163] dbg: dns: testing resolver nameservers: 127.0.0.1 [89163] dbg: dns: trying (3) msn.com... [89163] dbg: dns: looking up NS for 'msn.com' [89163] dbg: dns: NS lookup of msn.com using 127.0.0.1 succeeded => DNS available (set dns_available to override) [89163] dbg: dns: is DNS available? 1 If you check 88_FVGT_headers.cf you'll find a test for non-reverse DNS already - you just need to adjust the score to be over your threshold. Personnally I'd be careful about single rule triggering spam as this can lead to false positives. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -Original Message- > From: JD Smith [mailto:[EMAIL PROTECTED] > Sent: 10 April 2006 15:14 > To: Martin Hepworth > Subject: RE: SpamAssassin Woes > > My boss wanted me to flag mail coming in that doesn't have a valid RDNS > as spam. > > How do I turn on the new uri-rbl? There is no information on it in the > two .pre files nor do I see anything in the .cf file. > > Thanks for the SARE link, I'm going through it now. > > Best regards, > > JD Smith > > -Original Message- > From: Martin Hepworth [mailto:[EMAIL PROTECTED] > Sent: Monday, April 10, 2006 9:11 AM > To: JD Smith > Subject: RE: SpamAssassin Woes > > > We all gotta start somewhere... > > There's two different types of RBL's - > > 1. the 'traditional' RBL that looks at where the email has come from by > looking at the headers. > > I only run a couple of these inside SA - giving the rest a zero score in > spam.assassin.prefs.conf which turns off that RBL. > > 2. and the 'new' URI-RBL that looks at URL's in the message body... > > as for the RDNS lookups, what 'check' are you going to do with the > information from the RNDS? > > > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > -Original Message- > > From: JD Smith [mailto:[EMAIL PROTECTED] > > Sent: 10 April 2006 15:05 > > To: Martin Hepworth > > Subject: RE: SpamAssassin Woes > > > > It says URIDNSRBL is turned on. The -lint showed it checking a list > of > > RBLs. I assume this is what you meant? > > > > Is there a way to get SA to do RDNS lookups and flag as spam based > upon > > that also? Or is that something that should be done by MailScanner or > > Postfix? I've had to learn basically everything about mail from > scratch > > since I started this project so some of my questions probably seem > > uninformed... Because they are. ;) > > > > Best regards, > > > > JD Smith > > > > -Original Message- > > From: Martin Hepworth [mailto:[EMAIL PROTECTED] > > Sent: Monday, April 10, 2006 8:58 AM > > To: JD Smith > > Subject: RE: SpamAssassin Woes > > > > Hi > > > > Check out the SARE and other rules at > > > > www.rulesemporium.org > > > > Also make sure you've got the URI-RBL plugin installed and working > > (check > > the /etc/mail/spamassassin/*.pre files to see if the plugin is > > uncommented, > > and run "spamassassin -D --lint" to make sure it's being used). > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > > > -Original Message- > > > From: JD Smith [mailto:[EMAIL PROTECTED] > > > Sent: 10 April 2006 14:49 > > > To: users@spamassassin.apache.org > > > Subject: SpamAssassin Woes > > > > > > Greetings List: > > > > > > My name is JD Smith and I have been put in charge of setting up a > spam > > > solution for my organization. I have chosen to go with MailScanner > + > > > Postfix + SA + MailWatch. > > > > > > I have everything pretty much setup and it is working, however my > spam > > >
FW: SpamAssassin Woes
Forwarding this as I was replying directly to martin for some reason. -Original Message- From: JD Smith Sent: Monday, April 10, 2006 9:14 AM To: 'Martin Hepworth' Subject: RE: SpamAssassin Woes My boss wanted me to flag mail coming in that doesn't have a valid RDNS as spam. How do I turn on the new uri-rbl? There is no information on it in the two .pre files nor do I see anything in the .cf file. Thanks for the SARE link, I'm going through it now. Best regards, JD Smith -Original Message- From: Martin Hepworth [mailto:[EMAIL PROTECTED] Sent: Monday, April 10, 2006 9:11 AM To: JD Smith Subject: RE: SpamAssassin Woes We all gotta start somewhere... There's two different types of RBL's - 1. the 'traditional' RBL that looks at where the email has come from by looking at the headers. I only run a couple of these inside SA - giving the rest a zero score in spam.assassin.prefs.conf which turns off that RBL. 2. and the 'new' URI-RBL that looks at URL's in the message body... as for the RDNS lookups, what 'check' are you going to do with the information from the RNDS? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -Original Message- > From: JD Smith [mailto:[EMAIL PROTECTED] > Sent: 10 April 2006 15:05 > To: Martin Hepworth > Subject: RE: SpamAssassin Woes > > It says URIDNSRBL is turned on. The -lint showed it checking a list of > RBLs. I assume this is what you meant? > > Is there a way to get SA to do RDNS lookups and flag as spam based upon > that also? Or is that something that should be done by MailScanner or > Postfix? I've had to learn basically everything about mail from scratch > since I started this project so some of my questions probably seem > uninformed... Because they are. ;) > > Best regards, > > JD Smith > > -Original Message- > From: Martin Hepworth [mailto:[EMAIL PROTECTED] > Sent: Monday, April 10, 2006 8:58 AM > To: JD Smith > Subject: RE: SpamAssassin Woes > > Hi > > Check out the SARE and other rules at > > www.rulesemporium.org > > Also make sure you've got the URI-RBL plugin installed and working > (check > the /etc/mail/spamassassin/*.pre files to see if the plugin is > uncommented, > and run "spamassassin -D --lint" to make sure it's being used). > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > -Original Message- > > From: JD Smith [mailto:[EMAIL PROTECTED] > > Sent: 10 April 2006 14:49 > > To: users@spamassassin.apache.org > > Subject: SpamAssassin Woes > > > > Greetings List: > > > > My name is JD Smith and I have been put in charge of setting up a spam > > solution for my organization. I have chosen to go with MailScanner + > > Postfix + SA + MailWatch. > > > > I have everything pretty much setup and it is working, however my spam > > filtering is far from the 90th percentile.. I think I'm actually only > > catching around 70% or something which is worse than our old solution. > > > > I trained the bayes with a corpus of common spam that was recommended > to > > me by someone somewhere (I forget) when I first got started. Maybe I > > need new updated rules? Does anyone have any suggestions on where I > > might find a list of good, suggested rules to implement? > > > > Best regards, > > > > JD Smith > > > > ** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ** > > > -- > This message has been scanned for viruses and > dangerous content by ShooSpam, and is > believed to be clean. > > ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ** -- This message has been scanned for viruses and dangerous content by ShooSpam, and is believed to be clean.
Re: SpamAssassin Woes
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 JD Smith wrote: > Greetings List: > > My name is JD Smith and I have been put in charge of setting up a spam > solution for my organization. I have chosen to go with MailScanner + > Postfix + SA + MailWatch. > > I have everything pretty much setup and it is working, however my spam > filtering is far from the 90th percentile.. I think I'm actually only > catching around 70% or something which is worse than our old solution. > > I trained the bayes with a corpus of common spam that was recommended to > me by someone somewhere (I forget) when I first got started. Maybe I > need new updated rules? Does anyone have any suggestions on where I > might find a list of good, suggested rules to implement? > > Best regards, > > JD Smith > > Training Bayes with common spam is not the best way. It should be learned with Spam that is specific for your mail-accounts (or better, on a per account basis). SARE has some very good rules. The SpamAssassin Wiki should help you out further. Kind Regards, Sander Holthaus -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.2 (MingW32) iD8DBQFEOnDiVf373DysOTURAgIFAJ47fscgLgPAWiCYHmQC3JkEHhMRgQCghOUU ow7Vf7Ho9UZytJt41kJOCRs= =iG6f -END PGP SIGNATURE-
SpamAssassin Woes
Greetings List: My name is JD Smith and I have been put in charge of setting up a spam solution for my organization. I have chosen to go with MailScanner + Postfix + SA + MailWatch. I have everything pretty much setup and it is working, however my spam filtering is far from the 90th percentile.. I think I'm actually only catching around 70% or something which is worse than our old solution. I trained the bayes with a corpus of common spam that was recommended to me by someone somewhere (I forget) when I first got started. Maybe I need new updated rules? Does anyone have any suggestions on where I might find a list of good, suggested rules to implement? Best regards, JD Smith
Re: Which Operating Systems Do You Use and Why?
On Sunday 09 April 2006 15:20, mouss wrote: > No. white and black aren't colors. they are absence of colour:) Well... according to physics... it really depends on what is delivering the pigments... When you paint.. and you combine a bunch of colors.. the colors get darker and darker.. to the point where they'll eventually turn black if you add enough dark color... or you can use crayons, or sharpies, etc. Combine red, blue, and green colors using this and see if you end up with something very dark like black. When you combine light, three sources of mono-colored filtered light (like on a tv) or a three-lens projection tv or even three spotlights.. of red, blue, and green... project them onto the same spot.. and you have white. White happen when all spectrum of the visible light is reflected back into your eyes... technically white is *all colors* .. and we know that because a prism will do the reverse and split white light up in to the ROYGIBV spectrum of all visible light. Black .. is the non-color .. it happens when *no visible light* is reflected back to your eye. Like a darkened shaded room with no open windows to a bright outside world. It's black inside .. because there's a *void* of light. You illuminate a single light bulb or open the window.. what happens? The blackness/darkness flees and is replaced by light. Black is the same to White as Cold is to Heat. Black is a "void" of color. Cold is a "void" of heat. It's not so much that cold refrigerates and puts "cold/coolness" upon something resulting in in it being cooler ... but the way it does is by pulling the heat from item. Cold is literally anti-heat. Probably easier to think of as a temperature vacuum of sorts ... where it draws temperature away from an object. Now.. if you want to read something on the 'net that is absolutely hilarious... go out to google and search for "Dark Suckers" -or- maybe "Dark Sucker Bulbs"... it's hilarious about how lights work by "sucking dark" and how when a bulb gets full of enough "dark" they go out because they can no longer suck any more dark. If you don't think it's funny when you find it, then that's proof that I'm a geek and easily entertained. -- Tyler Nally [EMAIL PROTECTED] 317-989-2028
Spamassassin problem.
Hello, I'm getting this strange error with my SpamAssassin lately. I googled for soulution, but none of patches that I found applied clearly so I reversed every tryed patch. spamassassin-3.1.0-4 Integrated with exim-4.54 (exiscan) Error: Apr 9 22:56:54 spamd[17021]: prefork: syswrite(7) failed, retrying... at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/SpamdForkScaling.pm line 554. Apr 9 22:56:59 spamd[17021]: prefork: syswrite(7) failed, retrying... at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/SpamdForkScaling.pm line 554. Any clues/ideas how to solve this problem? Regards.
Re: SA 3.1.1 post-install error
[3086] error: Can't locate IO/Socket/SSL.pm in @INC (@INC contains: which part of that error do you not understand?
Re: Which Operating Systems Do You Use and Why?
On Thu, Apr 06, 2006 at 12:12:25PM -0700, Ask List wrote: >linux and unix is unix. So I would like to hear users experiences using >different operating systems. Pros/Cons/Problems/Headaches/etc. The >operating systems I'm most interested in are Debian, Ubuntu, Gentoo, >Slackware, FreeBSDs, and OpenSolaris. Debian, Ubuntu, Gentoo and Slackware (add about 100 other Linux distributions) are not different operating systems. They all use the Linux kernel and software and in many cases the same version of it. They are just different distributions of the same operating system. And by the way, we use Debian here. Regards. Johann -- Johann Spies Telefoon: 021-808 4036 Informasietegnologie, Universiteit van Stellenbosch "But seek ye first the kingdom of God, and his righteousness; and all these things shall be added unto you." Matthew 6:33