date:20060410

Dan wrote:
> Follow up question (even more odd than weight limits):
>
> I want to flag all messages as spam, then configure various rules as
> exceptions, marking them as ham.  But how do I universally mark
> messages one way in SpamAssassin and then unmark them in the other?
>
> I realize this is unorthodox, but I would appreciate any suggestions.
Hmm.. this might be a bit tough. Since SA rules by nature detect
something, it might be difficult to detect "something or nothing"..

Perhaps this:

body L_DEFAULT_ALL   /.?/
score L_DEFAULT_ALL 5.0

would work.. That should detect even a message with no body..

>

Re: should I upgrade?

2006-04-10 Thread Sergei

I tried sa-learn, but don't you need a sizable spam collection for it to
work? The docs say that you need to collect about a thousand of ham and
spam messages before the training starts to work. That sounds like a
pain in the neck. Or am I missing something?

I ran sa-learn on this one message, than ran SA with the -D switch and
it said that it was ignoring the Bayes database because there was only
one message.

How is it working for you? Or did you do the initial training?

On Mon, 2006-04-10 at 21:49 -0400, BMWrider wrote:
> All,
> 
> When I upgraded to 3.1.1 the Online Pharmaceutical SPAM also came  
> through. It didn't take much effort to
> run sa-learn --spam on a bunch of them to shut them out. The spammers  
> are trying some new tricks right
> now which will get through a fresh upgrade but again manual training  
> will stop them quickly.
> 
> Richard
> 
> 
> 
> "The advantage of a bad memory is that one enjoys several times the  
> same good things for the first time."
> Friedrich Nietzsche
> 
> 
> On Apr 10, 2006, at 8:59 PM, Sergei Gerasenko wrote:
> 
> > Thanks for such a quick reply. So upgrading would really be helpful in
> > terms of performance if nothing else. Ok, I'll give it a thought.  
> > Maybe
> > I'll find a Debian package with the latest version. Should be  
> > possible.
> >
> > I installed SpamAssassin today for the first time and "The Ultimate
> > Online Pharmaceutical" (seems like a LOT of people get this one in
> > particular) came through undetected. I had to add a manual rule to  
> > take
> > care of it. Could that have happened because I have an older  
> > version of
> > SA? If so, any options besides upgrading?
> >
> > Thanks!
> >
> > On Mon, Apr 10, 2006 at 08:40:03PM -0400, Matt Kettler wrote:
> >> Sergei Gerasenko wrote:
> >>> Hello everybody,
> >>>
> >>> Got a potentially previously answered question. I have spamassassin
> >>> 3.0.2-3, which is the current release with Debian. I wouldn't  
> >>> like to
> >>> deviate from the official package and so I'm wondering if it's
> >>> absolutely necessary to upgrade. I diffed the rules, they seem to  
> >>> be the
> >>> same.
> >>>
> >>> That's actually why I'm looking into this. I'll need to update  
> >>> the rules
> >>> periodically and sa-update is not in 3.0.2. Is there a repository  
> >>> of the
> >>> standard rules somewhere? I couldn't find it no matter how hard I
> >>> looked.
> >> There are no standard rule updates that will work with the SA 3.0.x
> >> codebase.
> >>
> >> The whole idea behind SA 0.1 through 3.0.5 was that if you needed new
> >> rules, you upgraded your SA version. Rule updates were previously  
> >> very
> >> slow, due to the expensive mass-check process. New releases of SA  
> >> code
> >> came out much faster than new rules, thus there was no point in
> >> separating the two. (rule updates were typically only made once or  
> >> twice
> >> for a given major.minor release of SA. ie: 2.60 and 2.64 had rule
> >> updates, 2.61-63 did not.)
> >>
> >> With 3.1.1 and higher, the SA devs are trying out an approach of  
> >> adding
> >> on rules and making updates to an already released version. However,
> >> this is a completely new concept, and thus only supported on the
> >> completely new version.
> >>
>

Re: Learning SpamAssassin


Follow up question (even more odd than weight limits):

I want to flag all messages as spam, then configure various rules as  
exceptions, marking them as ham.  But how do I universally mark  
messages one way in SpamAssassin and then unmark them in the other?


I realize this is unorthodox, but I would appreciate any suggestions.

Thanks,
Dan

Re: should I upgrade?

2006-04-10 Thread Sergei Gerasenko

> Side-note.. what version of SA did you diff against?

I downloaded Mail-SpamAssassin-current from the ftp. I thought that was
a link to the most current version. I might have been wrong.

> All that said, you might be OK with debian's SA 3.0.2-3. While it's
> important to be fairly current on SA, it's not always critical to be on

Cool.

> I myself despise distro port packages and avoid them for any package
> that I have a solid knowledge of that I want to update readily. I lean

I agree but this has to be super stable even if there's a chance of
slight problems. At home I go for the latest :)

Re: should I upgrade?

2006-04-10 Thread Sergei Gerasenko

Thanks for such a quick reply. So upgrading would really be helpful in
terms of performance if nothing else. Ok, I'll give it a thought. Maybe
I'll find a Debian package with the latest version. Should be possible.

I installed SpamAssassin today for the first time and "The Ultimate
Online Pharmaceutical" (seems like a LOT of people get this one in
particular) came through undetected. I had to add a manual rule to take
care of it. Could that have happened because I have an older version of
SA? If so, any options besides upgrading?

Thanks!

On Mon, Apr 10, 2006 at 08:40:03PM -0400, Matt Kettler wrote:
> Sergei Gerasenko wrote:
> > Hello everybody,
> >
> > Got a potentially previously answered question. I have spamassassin
> > 3.0.2-3, which is the current release with Debian. I wouldn't like to
> > deviate from the official package and so I'm wondering if it's
> > absolutely necessary to upgrade. I diffed the rules, they seem to be the
> > same. 
> >
> > That's actually why I'm looking into this. I'll need to update the rules
> > periodically and sa-update is not in 3.0.2. Is there a repository of the
> > standard rules somewhere? I couldn't find it no matter how hard I
> > looked.
> There are no standard rule updates that will work with the SA 3.0.x
> codebase.
> 
> The whole idea behind SA 0.1 through 3.0.5 was that if you needed new
> rules, you upgraded your SA version. Rule updates were previously very
> slow, due to the expensive mass-check process. New releases of SA code
> came out much faster than new rules, thus there was no point in
> separating the two. (rule updates were typically only made once or twice
> for a given major.minor release of SA. ie: 2.60 and 2.64 had rule
> updates, 2.61-63 did not.)
> 
> With 3.1.1 and higher, the SA devs are trying out an approach of adding
> on rules and making updates to an already released version. However,
> this is a completely new concept, and thus only supported on the
> completely new version.
>

Re: should I upgrade?

Sergei Gerasenko wrote:
> Hello everybody,
>
> Got a potentially previously answered question. I have spamassassin
> 3.0.2-3, which is the current release with Debian. I wouldn't like to
> deviate from the official package and so I'm wondering if it's
> absolutely necessary to upgrade. I diffed the rules, they seem to be the
> same. 
>   
Side-note.. what version of SA did you diff against?

It seems highly improbable that the rules you have are the same as those
in 3.1.1.

Also, even if the literal .cf files are the same, the code implements
some of the rules. ALL_TRUSTED behaves considerably different between
3.0.0-3.0.4 and 3.0.5. Did debian backport the changes in the Received:
parser that cause this change?

All that said, you might be OK with debian's SA 3.0.2-3. While it's
important to be fairly current on SA, it's not always critical to be on
the latest release. You'll loose out on a little accuracy, but if
staying within debian's ports is important to you it might be worth the
trade-off. That's your choice to make.

I myself despise distro port packages and avoid them for any package
that I have a solid knowledge of that I want to update readily. I lean
on distro packages for odds-and-ends utilities that I rarely change
outside of security updates (bash, tar, gzip), but I go official-source
for packages I'm pushing the leading edge of (SA, clamav, snort, etc).
But that's my personal preference, and it's not suited to everyone.

Re: should I upgrade?

2006-04-10 Thread Jim Knuth

Heute (11.04.2006/02:40 Uhr) schrieb Matt Kettler,

> The whole idea behind SA 0.1 through 3.0.5 was that if you needed new
> rules, you upgraded your SA version. Rule updates were previously very
> slow, due to the expensive mass-check process. New releases of SA code
> came out much faster than new rules, thus there was no point in
> separating the two. (rule updates were typically only made once or twice
> for a given major.minor release of SA. ie: 2.60 and 2.64 had rule
> updates, 2.61-63 did not.)

> With 3.1.1 and higher

higher? what did you mean? 3.1.1 is the latest version, or? You
mean the following version or what? ;)

> , the SA devs are trying out an approach of adding
> on rules and making updates to an already released version. However,
> this is a completely new concept, and thus only supported on the
> completely new version.

-- 
Viele Gruesse, Kind regards,
 Jim Knuth
 [EMAIL PROTECTED]
 ICQ #277289867
--
Zufalls-Zitat
--
Küchenschaben gab es schon, ehe die Dinosaurier auf der 
Erde erschienen.
--
Der Text hat nichts mit dem Empfaenger der Mail zu tun
--
Virus free. Checked by NOD32 Version 1.1481 Build 7052  10.04.2006

Re: should I upgrade?

Sergei Gerasenko wrote:
> Hello everybody,
>
> Got a potentially previously answered question. I have spamassassin
> 3.0.2-3, which is the current release with Debian. I wouldn't like to
> deviate from the official package and so I'm wondering if it's
> absolutely necessary to upgrade. I diffed the rules, they seem to be the
> same. 
>
> That's actually why I'm looking into this. I'll need to update the rules
> periodically and sa-update is not in 3.0.2. Is there a repository of the
> standard rules somewhere? I couldn't find it no matter how hard I
> looked.
There are no standard rule updates that will work with the SA 3.0.x
codebase.

The whole idea behind SA 0.1 through 3.0.5 was that if you needed new
rules, you upgraded your SA version. Rule updates were previously very
slow, due to the expensive mass-check process. New releases of SA code
came out much faster than new rules, thus there was no point in
separating the two. (rule updates were typically only made once or twice
for a given major.minor release of SA. ie: 2.60 and 2.64 had rule
updates, 2.61-63 did not.)

With 3.1.1 and higher, the SA devs are trying out an approach of adding
on rules and making updates to an already released version. However,
this is a completely new concept, and thus only supported on the
completely new version.

should I upgrade?

2006-04-10 Thread Sergei Gerasenko

Hello everybody,

Got a potentially previously answered question. I have spamassassin
3.0.2-3, which is the current release with Debian. I wouldn't like to
deviate from the official package and so I'm wondering if it's
absolutely necessary to upgrade. I diffed the rules, they seem to be the
same. 

That's actually why I'm looking into this. I'll need to update the rules
periodically and sa-update is not in 3.0.2. Is there a repository of the
standard rules somewhere? I couldn't find it no matter how hard I
looked.

I saw on the spamassassin site that 3.0.0 should be upgraded, but does it go
for 3.0.2 as well? Sorry if this has been answered many times.

Thanks!

Sending spam with Mailman

2006-04-10 Thread Kenneth Porter

I suppose I shouldn't be shocked by this but it surprised me to receive
some spam sent with Mailman.

I have a folder for catching all mailing list mail that doesn't yet have
its own procmail rule. The catch-all procmail rule looks for anything with
a List-Id header and dumps it in ~/mail/Lists/Unknown. That reminds me to
add a new rule for a freshly-subscribed list.

Today I found spam in that folder, and it had legitimate-looking Mailman
headers. I figure SURBL will catch it quickly, but I find it troubling that
this is going to reduce the Bayes quality of List-Id headers over time.

Note that the recipient is one of my spam traps on my website,
"index_html". That tells me which page supplied the address. (If I used
dynamic pages I could even encode the time and IP address of the spider in
the spamtrap.)

The list headers point to what looks like a legitimate Mailman setup, and
the sending IP has SPF_PASS.--- Begin Message ---

Visit Our Website

Click below to see the large size photo

Beautiful Brasil
As you aware Brasil is currently one of the Worlds 'Hotspots' for Tourism and Investment Property.
We are a property developer based in Parnaíba in the state of Piauí NE Brasil.
We have new houses, resales and a land bank of over a thousand acres.
Many people like the idea of purchasing a plot of land first and then building their 'Dream' property at their own pace.
We are interested in developing arrangements with you to market our properties and are prepared to offer a sales discount for a limited period to purchasers.
Please look at our web site www.solutionsbrasil.com
If you are intrested in purchasing property, selling properties or developing a joint venture arrangement, please contact us to discuss further.
QUOTE REFERENCEGDP01 Purchasing PropertiesGDP07 Selling Properties GDP09 Joint Venture Arrangement
Or use our Contact us form
We very much look forward to discussing these options with you further.
Yours sincerely,Lee Courtney-RowlandsSales DirectorEmail: [EMAIL PROTECTED] Phone: +55 86 3322 6566Mobile: +55 86 9409 5283
Solutions BrasilRua Pedro II, 1750 - CentroCEP 64200-420 - Parnaiba - Piaui - Brasil

Click here to visit our website.
if you don't want receive more e-mails like this, please click here

Telephone: +55 86 3322 6566Telephone: +55 86 3322 1129E-mail: [EMAIL PROTECTED]

--- End Message ---

RE: apache httpd + spam assassin = web without spam?

2006-04-10 Thread Steve Thomas

> I was having this problem for a while... then I added a confirmation block
> to my guestbook - so that any post had to be confirmed.
>
> Boom - spam stopped (I've never even gotten confirmation notices that they
> tried again).

I did basically the same thing. I hacked PHPBB a little to throw an error
if a certain non-standard form field didn't have a specific value, and my
forum spam has stopped completely. Their bots are still creating accounts,
but they can't post, so there's no real damage done.

St-

Re: Learning SpamAssassin

No, I'm saying 15 digits. That's *total* combined between integer  
and decimal

places.

However, because the floating point is stored in a scientific  
notation, you can

add a bunch of extra zeros to push those 15 digits around.


So you can have:
 (15 digits) + (307 zeros).0

or
0.(307 zeros) +(15 digits)

(note: I've simplified the math a lot here, because none of this is  
really
stored in terms of decimal places. It's really stored as powers-of- 
two, binary
format. It's really 2^51 +/- 2^e , where e can be up to anywhere up  
to 1023)


Okay, I'm getting you.  Maximum 15 unique/consecutive digits,  
positioned/valued by additional zeros.


Thanks!

Re: Learning SpamAssassin

Dan wrote:
>> The total range for the mantissa of a double-precision float is
>> 52-bits, with 1
>> bit for sign. This means that the range between your most significant
>> and least
>> significant digit of the final summed answer cannot be greater than
>> 2^51, or
>> you'll loose precision.
>>
>> The total range for the exponent of a double-precision float is
>> 2^1023, so you
>> cannot express any numbers larger than 2^51 + 2^1023.
>>
> 
> 
> I'm not that experienced with math/compsci, but Excel describes
> 
> 2^51 as having 15 digits (2,251,799,813,685,250)
> 
> 2^1023 comes in with 307 digits (won't display above 255)
> 
> 
> So you're saying 307 integers and 15 decimals?:

No, I'm saying 15 digits. That's *total* combined between integer and decimal
places.

However, because the floating point is stored in a scientific notation, you can
add a bunch of extra zeros to push those 15 digits around.

So you can have:
 (15 digits) + (307 zeros).0

or
0.(307 zeros) +(15 digits)

(note: I've simplified the math a lot here, because none of this is really
stored in terms of decimal places. It's really stored as powers-of-two, binary
format. It's really 2^51 +/- 2^e , where e can be up to anywhere up to 1023)

Re: Learning SpamAssassin

The total range for the mantissa of a double-precision float is 52- 
bits, with 1
bit for sign. This means that the range between your most  
significant and least
significant digit of the final summed answer cannot be greater than  
2^51, or

you'll loose precision.

The total range for the exponent of a double-precision float is  
2^1023, so you

cannot express any numbers larger than 2^51 + 2^1023.




I'm not that experienced with math/compsci, but Excel describes

2^51 as having 15 digits (2,251,799,813,685,250)

2^1023 comes in with 307 digits (won't display above 255)


So you're saying 307 integers and 15 decimals?:

1000 
 
 
 
.001


Thanks,
Dan

Re: Learning SpamAssassin

Dan wrote:
> Good approach Herb, thanks
> 
> 
> To anyone:
> 
> 1) What is the highest weight value (in number of digits) supported by
> SpamAssassin?
> 
> 2) What is the smallest weigh value (in decimal places) supported by
> SpamAssassin?

In current practice, the range is 1000 to 0.0001. The code that prints results
is heavily biased toward this input range, and also rounds or truncates to the
nearest tenth. I think this is pretty much the widest dynamic range you should
ever have need to use.

However, when it comes down to parsing and internal mathematics, spamassassin is
likely only limited by the capacity of IEEE double-precision floating point
numbers, which perl uses for all floating point math.

These limits do not result in a static number of digits. The more you use to the
left of the decimal place, the less you can use to the right without loosing
precision.

The total range for the mantissa of a double-precision float is 52-bits, with 1
bit for sign. This means that the range between your most significant and least
significant digit of the final summed answer cannot be greater than 2^51, or
you'll loose precision.

The total range for the exponent of a double-precision float is 2^1023, so you
cannot express any numbers larger than 2^51 + 2^1023.

Re: Learning SpamAssassin


Good approach Herb, thanks


To anyone:

1) What is the highest weight value (in number of digits) supported  
by SpamAssassin?


2) What is the smallest weigh value (in decimal places) supported by  
SpamAssassin?



These might look like:

10

.01


Thanks,
Dan

FW: RERE:We want approve yours loan l42kr9

2006-04-10 Thread Gene Hendrickson



-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Monday, April 10, 2006 5:49 AM
To: [EMAIL PROTECTED]
Subject: RERE:We want approve yours loan l42kr9


Dear  [EMAIL PROTECTED]

http://ca.geocities.com/nq92ra63ut5//   


You have been approved for a $402,000 house loan at a 3.45% Fixed R.ate.
This offer is being presented to you right now!. Your credit history is in
no way a factor.
We have 99% approval rate.
To take advantage of this Limited Time Opportunity,

please take a minute and confirm your curiosity or intention to accept this
loan, at the following web-site:

http://ca.geocities.com/nq92ra63ut5//   


Best Regards
Danny DeCapri

http://ca.geocities.com/nq92ra63ut5//



[EMAIL PROTECTED] wrote:
> RE:We can approve any loan
sopq5jvljif8wk
XogME8ionYqOSJXMeHMSgMB


<>

Using SpamAssassin In Perl

2006-04-10 Thread Luke Shannon

Hello;  Our company newsletter is not getting to some of our subscribers.   My guess is it is ending up in junk mail folders.  We have a section on relationship tips and I am concerned some of the content in this section could be triggering spam filters.   I am working on a script that runs SpamAssassin on an uploaded text version of the letter so I can scan the content.   What I would love is a report flagging content that might be causing a problem (and the overall score) so I can send the letter back to the creative team showing them the exact content that needs to be rewritten/removed.  Below is the script I have started. I am not sure what the spamassissin report should look like, but what I am getting back can't be it (It just gives me the version of spam assassin and the name of the file).  I am not experienced in Perl so it could easily be a problem with my code.  Is there any easier way to get a report
 on an email?What is a good online reference for understanding the SpamAssassin API?  Thanks,  Luke  #!/Perl/bin/perl use strict; use CGI qw(:standard); use Mail::SpamAssassin;  # get a parameter from a form my $fulltext = param('fulltext') || 'no text supplied';  #create an array from the text in the file my @lines = split(/\n/, $fulltext);  #create a test my $spamtest = Mail::SpamAssassin->new( );  #create a new mail object my $mail = $spamtest->parse([EMAIL PROTECTED]);  #create a status object my $status = $spamtest->check($mail);  # output a document print header( ), start_html("Spam Assasin Report"),     p("SpamAssassin Report: ", tt(escapeHTML($status->rewrite_mail())),     end_html( );
		Enrich your life at Yahoo! Canada Finance

Re: SpamAssassin Woes

JD Smith wrote:
> That is what I was beginning to suspect.  Is there a way to untrain the
> emails I ran through it?

Feed them to sa-learn --forget.

>It was a pretty large selection.. A few
> thousand of both spam and ham.
>
> I turned on auto-learning so it should start to pick things up on it's
> own without needing me to train it, no?

True, but it's generally best to start off with at least a small sample
of hand-picked emails for training. Left entirely to it's own devices,
bayes learning can sometimes go awry. A little hand training helps keep
it from mis-learning because of the "no contradictions" rule. (Never
autolearn as spam any message that existing training says is strongly
ham, and vice versa).

>
> Training on a per user basis could be difficult as this is a gateway
> scanning and feeding mail on to around ten or so domains some of which
> are rather large such as the Caddo Parish School Board that puts through
> around 10,000 mails per day.

If you're using MailScanner, there's no option for per-user bayes.

RE: SpamAssassin Woes

That is what I was beginning to suspect.  Is there a way to untrain the
emails I ran through it?  It was a pretty large selection.. A few
thousand of both spam and ham.

I turned on auto-learning so it should start to pick things up on it's
own without needing me to train it, no?

Training on a per user basis could be difficult as this is a gateway
scanning and feeding mail on to around ten or so domains some of which
are rather large such as the Caddo Parish School Board that puts through
around 10,000 mails per day.

Best regards,

JD Smith

-Original Message-
From: Sander Holthaus [mailto:[EMAIL PROTECTED] 
Sent: Monday, April 10, 2006 9:51 AM
To: JD Smith
Cc: users@spamassassin.apache.org
Subject: Re: SpamAssassin Woes

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
 
JD Smith wrote:
> Greetings List:
>
> My name is JD Smith and I have been put in charge of setting up a spam
> solution for my organization.  I have chosen to go with MailScanner +
> Postfix + SA + MailWatch.
>
> I have everything pretty much setup and it is working, however my spam
> filtering is far from the 90th percentile..  I think I'm actually only
> catching around 70% or something which is worse than our old solution.
>
> I trained the bayes with a corpus of common spam that was recommended
to
> me by someone somewhere (I forget) when I first got started.  Maybe I
> need new updated rules?  Does anyone have any suggestions on where I
> might find a list of good, suggested rules to implement?
>
> Best regards,
>
> JD Smith
>
>
Training Bayes with common spam is not the best way. It should be
learned with Spam that is specific for your mail-accounts (or better,
on a per account basis).

SARE has some very good rules. The SpamAssassin Wiki should help you
out further.

Kind Regards,
Sander Holthaus
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2.2 (MingW32)
 
iD8DBQFEOnDiVf373DysOTURAgIFAJ47fscgLgPAWiCYHmQC3JkEHhMRgQCghOUU
ow7Vf7Ho9UZytJt41kJOCRs=
=iG6f
-END PGP SIGNATURE-


-- 
This message has been scanned for viruses and
dangerous content by ShooSpam, and is
believed to be clean.

FW: SpamAssassin Woes

Forwarding, I ws replying directly to Martin for some reason.

-Original Message-
From: JD Smith 
Sent: Monday, April 10, 2006 9:51 AM
To: 'Martin Hepworth'
Subject: RE: SpamAssassin Woes

Aye, that's in my lint so I guess I do have that turned on. :)

I don't have a 88_FVGT_headers.cf anywhere. Could I possibly be missing
some rules that are distributed by default?  I just updated my rule list
with a selection from SARE, hopefully that increases my effectiveness a
decent bit.

Was training my SA with that corpus a bad idea?  From what I just read
in the FAQ it seems like SA is already fairly well trained on generic
messages and that it will auto learn my specific spam better...  Could I
have possible done more harm than good?  It seemed to be more effective
pre training.

Best regards,

JD Smith

-Original Message-
From: Martin Hepworth [mailto:[EMAIL PROTECTED] 
Sent: Monday, April 10, 2006 9:24 AM
To: JD Smith
Subject: RE: SpamAssassin Woes


Looks like you're already the URI-RBL...you can check by looking at the
output of the --lint you should see something akin to..


[89163] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from
@INC
[89163] dbg: plugin: registered
Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8d92d90)

And

[89163] dbg: dns: name server: 127.0.0.1, family: 2, ipv6: 0
[89163] dbg: dns: testing resolver nameservers: 127.0.0.1
[89163] dbg: dns: trying (3) msn.com...
[89163] dbg: dns: looking up NS for 'msn.com'
[89163] dbg: dns: NS lookup of msn.com using 127.0.0.1 succeeded => DNS
available (set dns_available to override)
[89163] dbg: dns: is DNS available? 1



If you check 88_FVGT_headers.cf you'll find a test for non-reverse DNS
already - you just need to adjust the score to be over your threshold.

Personnally I'd be careful about single rule triggering spam as this can
lead to false positives.

--
Martin Hepworth 
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -Original Message-
> From: JD Smith [mailto:[EMAIL PROTECTED]
> Sent: 10 April 2006 15:14
> To: Martin Hepworth
> Subject: RE: SpamAssassin Woes
> 
> My boss wanted me to flag mail coming in that doesn't have a valid
RDNS
> as spam.
> 
> How do I turn on the new uri-rbl?  There is no information on it in
the
> two .pre files nor do I see anything in the .cf file.
> 
> Thanks for the SARE link, I'm going through it now.
> 
> Best regards,
> 
> JD Smith
> 
> -Original Message-
> From: Martin Hepworth [mailto:[EMAIL PROTECTED]
> Sent: Monday, April 10, 2006 9:11 AM
> To: JD Smith
> Subject: RE: SpamAssassin Woes
> 
> 
> We all gotta start somewhere...
> 
> There's two different types of RBL's -
> 
> 1. the 'traditional' RBL that looks at where the email has come from
by
> looking at  the headers.
> 
> I only run a couple of these inside SA - giving the rest a zero score
in
> spam.assassin.prefs.conf which turns off that RBL.
> 
> 2. and the 'new' URI-RBL that looks at URL's in the message body...
> 
> as for the RDNS lookups, what 'check' are you going to do with the
> information from the RNDS?
> 
> 
> 
> 
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
> 
> > -Original Message-
> > From: JD Smith [mailto:[EMAIL PROTECTED]
> > Sent: 10 April 2006 15:05
> > To: Martin Hepworth
> > Subject: RE: SpamAssassin Woes
> >
> > It says URIDNSRBL is turned on.  The -lint showed it checking a list
> of
> > RBLs.  I assume this is what you meant?
> >
> > Is there a way to get SA to do RDNS lookups and flag as spam based
> upon
> > that also?  Or is that something that should be done by MailScanner
or
> > Postfix?  I've had to learn basically everything about mail from
> scratch
> > since I started this project so some of my questions probably seem
> > uninformed... Because they are. ;)
> >
> > Best regards,
> >
> > JD Smith
> >
> > -Original Message-
> > From: Martin Hepworth [mailto:[EMAIL PROTECTED]
> > Sent: Monday, April 10, 2006 8:58 AM
> > To: JD Smith
> > Subject: RE: SpamAssassin Woes
> >
> > Hi
> >
> > Check out the SARE and other rules at
> >
> > www.rulesemporium.org
> >
> > Also make sure you've got the URI-RBL plugin installed and working
> > (check
> > the /etc/mail/spamassassin/*.pre files to see if the plugin is
> > uncommented,
> > and run "spamassassin -D --lint" to make sure it's being used).
> >
> > --
> > Martin Hepworth
> > Snr Systems Administrator
> > Solid State Logic
> > Tel: +44 (0)1865 842300
> >
> > > -Original Message-
> > > From: JD Smith [mailto:[EMAIL PROTECTED]
> > > Sent: 10 April 2006 14:49
> > > To: users@spamassassin.apache.org
> > > Subject: SpamAssassin Woes
> > >
> > > Greetings List:
> > >
> > > My name is JD Smith and I have been put in charge of setting up a
> spam
> > > solution for my organization.  I have chosen to go with
MailScanner
> +
> > > Postfix + SA + MailWatch.
> > >
> > > I have everything pretty much setup and it is working, however my
> spam
> > >

FW: SpamAssassin Woes

Forwarding this as I was replying directly to martin for some reason.

-Original Message-
From: JD Smith 
Sent: Monday, April 10, 2006 9:14 AM
To: 'Martin Hepworth'
Subject: RE: SpamAssassin Woes

My boss wanted me to flag mail coming in that doesn't have a valid RDNS
as spam.  

How do I turn on the new uri-rbl?  There is no information on it in the
two .pre files nor do I see anything in the .cf file.

Thanks for the SARE link, I'm going through it now.

Best regards,

JD Smith

-Original Message-
From: Martin Hepworth [mailto:[EMAIL PROTECTED] 
Sent: Monday, April 10, 2006 9:11 AM
To: JD Smith
Subject: RE: SpamAssassin Woes


We all gotta start somewhere...

There's two different types of RBL's - 

1. the 'traditional' RBL that looks at where the email has come from by
looking at  the headers.

I only run a couple of these inside SA - giving the rest a zero score in
spam.assassin.prefs.conf which turns off that RBL.

2. and the 'new' URI-RBL that looks at URL's in the message body...

as for the RDNS lookups, what 'check' are you going to do with the
information from the RNDS? 




--
Martin Hepworth 
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -Original Message-
> From: JD Smith [mailto:[EMAIL PROTECTED]
> Sent: 10 April 2006 15:05
> To: Martin Hepworth
> Subject: RE: SpamAssassin Woes
> 
> It says URIDNSRBL is turned on.  The -lint showed it checking a list
of
> RBLs.  I assume this is what you meant?
> 
> Is there a way to get SA to do RDNS lookups and flag as spam based
upon
> that also?  Or is that something that should be done by MailScanner or
> Postfix?  I've had to learn basically everything about mail from
scratch
> since I started this project so some of my questions probably seem
> uninformed... Because they are. ;)
> 
> Best regards,
> 
> JD Smith
> 
> -Original Message-
> From: Martin Hepworth [mailto:[EMAIL PROTECTED]
> Sent: Monday, April 10, 2006 8:58 AM
> To: JD Smith
> Subject: RE: SpamAssassin Woes
> 
> Hi
> 
> Check out the SARE and other rules at
> 
> www.rulesemporium.org
> 
> Also make sure you've got the URI-RBL plugin installed and working
> (check
> the /etc/mail/spamassassin/*.pre files to see if the plugin is
> uncommented,
> and run "spamassassin -D --lint" to make sure it's being used).
> 
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
> 
> > -Original Message-
> > From: JD Smith [mailto:[EMAIL PROTECTED]
> > Sent: 10 April 2006 14:49
> > To: users@spamassassin.apache.org
> > Subject: SpamAssassin Woes
> >
> > Greetings List:
> >
> > My name is JD Smith and I have been put in charge of setting up a
spam
> > solution for my organization.  I have chosen to go with MailScanner
+
> > Postfix + SA + MailWatch.
> >
> > I have everything pretty much setup and it is working, however my
spam
> > filtering is far from the 90th percentile..  I think I'm actually
only
> > catching around 70% or something which is worse than our old
solution.
> >
> > I trained the bayes with a corpus of common spam that was
recommended
> to
> > me by someone somewhere (I forget) when I first got started.  Maybe
I
> > need new updated rules?  Does anyone have any suggestions on where I
> > might find a list of good, suggested rules to implement?
> >
> > Best regards,
> >
> > JD Smith
> 
> 
> 
> **
> 
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they
> are addressed. If you have received this email in error please notify
> the system manager.
> 
> This footnote confirms that this email message has been swept
> for the presence of computer viruses and is believed to be clean.
> 
> **
> 
> 
> --
> This message has been scanned for viruses and
> dangerous content by ShooSpam, and is
> believed to be clean.
> 
> 



**

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.   

**


-- 
This message has been scanned for viruses and
dangerous content by ShooSpam, and is
believed to be clean.

Re: SpamAssassin Woes

2006-04-10 Thread Sander Holthaus

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
 
JD Smith wrote:
> Greetings List:
>
> My name is JD Smith and I have been put in charge of setting up a spam
> solution for my organization.  I have chosen to go with MailScanner +
> Postfix + SA + MailWatch.
>
> I have everything pretty much setup and it is working, however my spam
> filtering is far from the 90th percentile..  I think I'm actually only
> catching around 70% or something which is worse than our old solution.
>
> I trained the bayes with a corpus of common spam that was recommended to
> me by someone somewhere (I forget) when I first got started.  Maybe I
> need new updated rules?  Does anyone have any suggestions on where I
> might find a list of good, suggested rules to implement?
>
> Best regards,
>
> JD Smith
>
>
Training Bayes with common spam is not the best way. It should be
learned with Spam that is specific for your mail-accounts (or better,
on a per account basis).

SARE has some very good rules. The SpamAssassin Wiki should help you
out further.

Kind Regards,
Sander Holthaus
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2.2 (MingW32)
 
iD8DBQFEOnDiVf373DysOTURAgIFAJ47fscgLgPAWiCYHmQC3JkEHhMRgQCghOUU
ow7Vf7Ho9UZytJt41kJOCRs=
=iG6f
-END PGP SIGNATURE-

SpamAssassin Woes