extract message-id's from logfile
Hi! bit offtopic, but maybe it's easy and someone is able to drop me the *magic* snippet of code: My logile looks like: Mar 23 10:15:55 admin05 spamd[6084]: spamd: result: Y 5 - AWL,BAYES_00,DCC_CHECK,DIGEST_MULTIPLE,HTML_MESSAGE,LOGINHASH2,MIME_HTML _ONLY,RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E4_51_100,RAZOR2_CHECK scantime=1.8,size=4860,user=(unknown),uid=1002,required_score=5.0,rhost= mailgate.wee.com,raddr=10.10.10.21,rport=9661,mid=15669820.200703231447 [EMAIL PROTECTED],bayes=1.25626575044335e-05,autolearn=no Mar 23 10:19:38 admin05 spamd[6084]: spamd: result: Y 7 - BAYES_00,DCC_CHECK,DIGEST_MULTIPLE,FRT_CONTACT,HTML_30_40,HTML_MESSAGE,H TML_TITLE_UNTITLED,LOGINHASH2,MULTIPART_ALT_NON_TEXT,NO_RECEIVED,NO_RELA YS,RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E4_51_100,RAZOR2_CHECK scantime=2.7,size=12337,user=(unknown),uid=1002,required_score=5.0,rhost =mailgate.wee.com,raddr=10.10.10.21,rport=9897,mid=[EMAIL PROTECTED] hikoi.com,bayes=1.66533453693773e-16,autolearn=no ... i do need to extract the message-id's from there to get the following list: [EMAIL PROTECTED] [EMAIL PROTECTED] How to realize ?? Any skilled grep'ers / awk'ers / sed'ers alive here ? Ove Starckjohann
Re: extract message-id's from logfile
PERL:
#!/usr/bin/perl
while(STDIN) {
if(/mid=(.*)/) {
print $1\n;
}
}
cat spamd.log | whatever you name above perl script
will give you all of your 'mid' (message ids) from the spamd.log file
(or whatever you
call you spam log file for SA).
Starckjohann, Ove wrote:
Hi!
bit offtopic, but maybe it's easy and someone is able to drop me the
*magic* snippet of code:
My logile looks like:
Mar 23 10:15:55 admin05 spamd[6084]: spamd: result: Y 5 -
AWL,BAYES_00,DCC_CHECK,DIGEST_MULTIPLE,HTML_MESSAGE,LOGINHASH2,MIME_HTML
_ONLY,RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E4_51_100,RAZOR2_CHECK
scantime=1.8,size=4860,user=(unknown),uid=1002,required_score=5.0,rhost=
mailgate.wee.com,raddr=10.10.10.21,rport=9661,mid=15669820.200703231447
[EMAIL PROTECTED],bayes=1.25626575044335e-05,autolearn=no
Mar 23 10:19:38 admin05 spamd[6084]: spamd: result: Y 7 -
BAYES_00,DCC_CHECK,DIGEST_MULTIPLE,FRT_CONTACT,HTML_30_40,HTML_MESSAGE,H
TML_TITLE_UNTITLED,LOGINHASH2,MULTIPART_ALT_NON_TEXT,NO_RECEIVED,NO_RELA
YS,RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E4_51_100,RAZOR2_CHECK
scantime=2.7,size=12337,user=(unknown),uid=1002,required_score=5.0,rhost
=mailgate.wee.com,raddr=10.10.10.21,rport=9897,mid=[EMAIL PROTECTED]
hikoi.com,bayes=1.66533453693773e-16,autolearn=no
...
i do need to extract the message-id's from there to get the following
list:
[EMAIL PROTECTED]
[EMAIL PROTECTED]
How to realize ??
Any skilled grep'ers / awk'ers / sed'ers alive here ?
Ove Starckjohann
Blocking mail from one specific user to another
Hi, Can I use something like this to in spamassassin/local.cf to block mail from one a list to one particular user. I sometimes have users that ask me to block stuf that isnt really spam but that they have signed up to and forgotten why they get it. In this situation I dont want to block everyone from gettting these mails. Is using spamassassin to do this the wrong way to go about it? header MC_MY_RULEFrom =~ /[EMAIL PROTECTED]/i header MC_MY_RULEEnvelope-to =~ /[EMAIL PROTECTED]/i header MC_MY_RULESubject =~ /Mailing list subject/i score MC_MY_RULE10.0 regards, -- Michael Connors
Re: Blocking mail from one specific user to another
Well, of course you can't block with SA itself. But I assume you knew that. You can't do what you want quite the way you showed it. But you can get the effect you want: header __MC_MY_FROMFrom =~ /[EMAIL PROTECTED]/i header __MC_MY_ENVEnvelope-to =~ /[EMAIL PROTECTED]/i header __MC_MY_SUBSubject =~ /Mailing list subject/i meta MC_MY_RULE __MC_MY_FROM __MC_MY_ENV __MC_MY_SUB score MC_MY_RULE10.0 Now, whether that will really work for you... Loren
Re: Blocking mail from one specific user to another
I see, I didn't understand the syntax of the rules before, now I understand. Thank you, I will try that. Loren Wilton wrote: Well, of course you can't block with SA itself. But I assume you knew that. You can't do what you want quite the way you showed it. But you can get the effect you want: header __MC_MY_FROMFrom =~ /[EMAIL PROTECTED]/i header __MC_MY_ENVEnvelope-to =~ /[EMAIL PROTECTED]/i header __MC_MY_SUBSubject =~ /Mailing list subject/i meta MC_MY_RULE __MC_MY_FROM __MC_MY_ENV __MC_MY_SUB score MC_MY_RULE10.0 Now, whether that will really work for you... Loren -- Michael Connors go2web Limited Registered in Ireland: No. 327376 Reg. address: 53, Thormanby Lawns, Howth, Dublin 13 Head Office: Harbour House, Harbour Road, Howth Phone: +353-1-839 5432 Fax: +353-1-839 5439
Re: Blocking mail from one specific user to another
On Fri, 23 Mar 2007, Michael Connors wrote: Received: from [87.198.136.186] (helo=[10.1.1.125]) by mail.go2.ie with esmtpa (Exim 4.52) id 1HUjCF-0005Fo-62; Fri, 23 Mar 2007 12:48:43 + Message-ID: [EMAIL PROTECTED] Date: Fri, 23 Mar 2007 12:48:44 + From: Michael Connors [EMAIL PROTECTED] To: Loren Wilton [EMAIL PROTECTED] CC: users@spamassassin.apache.org Subject: Re: Blocking mail from one specific user to another I see, I didn't understand the syntax of the rules before, now I understand. Thank you, I will try that. As indicated elsewhere in this thread, this is best done by the MTA and not SpamAssassin. You appear to be using exim as your MTA. At least that's what's indicated by: Received: from [87.198.136.186] (helo=[10.1.1.125]) by mail.go2.ie with esmtpa (Exim 4.52) id 1HUjCF-0005Fo-62; Fri, 23 Mar 2007 12:48:43 + So have a look at exim's wikki. This specific case is covered in: http://www.exim.org/eximwiki/FAQ/Policy_controls/Q0710 -- Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK [EMAIL PROTECTED] Phone: +44 1225 386101
Re: what is RAZOR2_CF_RANGE_51_100 BODY?
thanks but whats that means? confidence (cf) rating between 51 and 100. thanks 2007/3/22, Theo Van Dinter [EMAIL PROTECTED]: On Thu, Mar 22, 2007 at 10:50:58AM -0300, David fire wrote: i try to configure my spam assassin but i have one question what is RAZOR2_CF_RANGE_51_100 BODY ? It means that Razor2 gave the message a spam confidence (cf) rating between 51 and 100. -- Randomly Selected Tagline: There are two things in life one should always remember: 1. Never tell everything you know. -- (\__/) (='.'=)This is Bunny. Copy and paste bunny into your ()_()signature to help him gain world domination.
Re: Blocking mail from one specific user to another
Dennis Davis wrote: On Fri, 23 Mar 2007, Michael Connors wrote: Received: from [87.198.136.186] (helo=[10.1.1.125]) by mail.go2.ie with esmtpa (Exim 4.52) id 1HUjCF-0005Fo-62; Fri, 23 Mar 2007 12:48:43 + Message-ID: [EMAIL PROTECTED] Date: Fri, 23 Mar 2007 12:48:44 + From: Michael Connors [EMAIL PROTECTED] To: Loren Wilton [EMAIL PROTECTED] CC: users@spamassassin.apache.org Subject: Re: Blocking mail from one specific user to another I see, I didn't understand the syntax of the rules before, now I understand. Thank you, I will try that. As indicated elsewhere in this thread, this is best done by the MTA and not SpamAssassin. You appear to be using exim as your MTA. At least that's what's indicated by: Received: from [87.198.136.186] (helo=[10.1.1.125]) by mail.go2.ie with esmtpa (Exim 4.52) id 1HUjCF-0005Fo-62; Fri, 23 Mar 2007 12:48:43 + So have a look at exim's wikki. This specific case is covered in: http://www.exim.org/eximwiki/FAQ/Policy_controls/Q0710 I will look into that. Thanks for your answers. regards, Michael -- Michael Connors go2web Limited Registered in Ireland: No. 327376 Reg. address: 53, Thormanby Lawns, Howth, Dublin 13 Head Office: Harbour House, Harbour Road, Howth Phone: +353-1-839 5432 Fax: +353-1-839 5439
Re: Is Bayes Dead? Have the spammers won?
Perhaps what I need to do is to get rid of autolearn and write my own learning system that strips out the body of messages with images and just learns the headers. My problem is that when users get image spam they put it in the spam folders and they get learned. But the text in the image spam causes ham type text to be learned as spam. That causes ham to get higher scores.
Re: Is Bayes Dead? Have the spammers won?
Yes image spam can be a real pain. I have just implemented a new mailserver and image spam is certainly on the increase :- mysql select count(*) from maillog; +--+ | count(*) | +--+ |15091 | +--+ 1 row in set (0.00 sec) mysql select count(*) from maillog where spamreport like '%FUZZY_OCR%'; +--+ | count(*) | +--+ | 3438 | +--+ 1 row in set (0.04 sec) mysql select count(*) from maillog where spamreport like '%FUZZY_OCR_KNOWN_HASH%'; +--+ | count(*) | +--+ | 1070 | +--+ 1 row in set (0.04 sec) On Fri, 23 Mar 2007 06:46:50 -0700, Marc Perkel [EMAIL PROTECTED] wrote: Perhaps what I need to do is to get rid of autolearn and write my own learning system that strips out the body of messages with images and just learns the headers. My problem is that when users get image spam they put it in the spam folders and they get learned. But the text in the image spam causes ham type text to be learned as spam. That causes ham to get higher scores. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- --[ UxBoD ]-- // PGP Key: curl -s http://www.splatnix.net/uxbod.asc | gpg --import // Fingerprint: 543A E778 7F2D 98F1 3E50 9C1F F190 93E0 E8E8 0CF8 // Keyserver: www.keyserver.net Key-ID: 0xE8E80CF8 // SIP Phone: [EMAIL PROTECTED] -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Re: Is Bayes Dead? Have the spammers won?
On Fri, 23 Mar 2007, Marc Perkel wrote: Perhaps what I need to do is to get rid of autolearn and write my own learning system that strips out the body of messages with images and just learns the headers. My problem is that when users get image spam they put it in the spam folders and they get learned. But the text in the image spam causes ham type text to be learned as spam. That causes ham to get higher scores. Perhaps better: purge the learning folders of messages with image attachments before learning. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ [EMAIL PROTECTED]FALaholic #11174 pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- It is not the place of government to make right every tragedy and woe that befalls every resident of the nation. --- 592 days until the Presidential Election
Re: Is Bayes Dead? Have the spammers won?
/me continues to wait for the spammers to tire of greylisting I work for a managed hosting provider, and I have seen spam messages get back customers' greylisting setups. It may be isolated, but some spammers are already starting to work around it.
RE: NOTICE: SpamAssassin 3.2.0-rc1 PRERELEASE available
Those (STILL TODO ;) bits are the things which would convince me to test it. Without them I'm rather in the dark as to what has changed, what needs to be changed in my config, and what areas need careful attention. So when are the betas of the (STILL TODO ;)'s coming out? :-) Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: 22 March 2007 21:15 To: users@spamassassin.apache.org; dev@spamassassin.apache.org Subject: NOTICE: SpamAssassin 3.2.0-rc1 PRERELEASE available SpamAssassin 3.2.0-rc1 is released! This is a *prerelease* for SpamAssassin 3.2.0; not the full release. SpamAssassin is a mail filter which uses advanced statistical and heuristic tests to identify spam (also known as unsolicited bulk email). Highlights of the release - (STILL TODO ;) Downloading --- http://people.apache.org/~jm/devel/Mail-SpamAssassin-3.2.0-rc1.tar.bz2 http://people.apache.org/~jm/devel/Mail-SpamAssassin-3.2.0-rc1.tar.gz http://people.apache.org/~jm/devel/Mail-SpamAssassin-3.2.0-rc1.zip md5sum of archive files: 2be09ab4fad7960e739ecf8a0bacc8cb Mail-SpamAssassin-3.2.0-rc1.tar.bz2 254464ac8ac0584e4fb8664d2fdb49ad Mail-SpamAssassin-3.2.0-rc1.tar.gz 47dec3411b9cedececa5832d04057686 Mail-SpamAssassin-3.2.0-rc1.zip sha1sum of archive files: 53dd8a84b7a87bccdb6a4606be66bf010a76a3bf Mail-SpamAssassin-3.2.0-rc1.tar.bz2 1a2ac68efce3ad89dd32c636268af7e63aedbcfe Mail-SpamAssassin-3.2.0-rc1.tar.gz d6a4f35792319cf7260bd76dc7285c092ad0ed30 Mail-SpamAssassin-3.2.0-rc1.zip The release files also have a .asc accompanying them. The file serves as an external GPG signature for the given release file. The signing key is available via the wwwkeys.pgp.net key server, as well as http://spamassassin.apache.org/released/GPG-SIGNING-KEY The key information is: pub 1024D/265FA05B 2003-06-09 SpamAssassin Signing Key [EMAIL PROTECTED] rg Key fingerprint =3D 26C9 00A4 6DD4 0CD5 AD24 F6D7 DEE0 1987 265F A05B Important installation notes - see the INSTALL and UPGRADE files in the distribution. Summary of major changes since 3.1.x (STILL TODO ;)
Re: Is Bayes Dead? Have the spammers won?
Marc Perkel wrote: Perhaps what I need to do is to get rid of autolearn and write my own learning system that strips out the body of messages with images and just learns the headers. My problem is that when users get image spam they put it in the spam folders and they get learned. But the text in the image spam causes ham type text to be learned as spam. That causes ham to get higher scores. Are you sure of this? Have you also trained these ham messages to counter this effect? Not too long ago we were in the same situation. I have autolearn enabled but I have adjusted the thresholds to avoid learning false positives/negatives. We were getting ham (although arguably - they were newsletter type ham) that was hitting BAYES_99. As soon as i started training them as ham the problem went away. Spam is still detected correctly by bayes and these newsletters no longer hit bayes_99. -Jim
Re: what is RAZOR2_CF_RANGE_51_100 BODY?
On Thu, Mar 22, 2007 at 12:40:23PM -0300, David fire wrote: thanks but whats that means? confidence (cf) rating between 51 and 100. FWIW, I responded to a private mail already. But for everyone else's curiosity ... I pointed him at the Razor folks (razor.sf.net, https://lists.sourceforge.net/lists/listinfo/razor-users, etc,) to find out more about Razor. The short version, as previously discussed, is that it's a confidence rating for spam, as a percentage. In this case, between 51 and 100%. -- Randomly Selected Tagline: Holy Smokes!the church is on fire! pgpg1cRJwr5WT.pgp Description: PGP signature
Re: Is Bayes Dead? Have the spammers won?
Well, my two cents on this: When I upgraded my servers (about half a year ago) and started using a mysql-based Bayes DB, image spams began to drive me crazy. Seemed like there was no way to stop them. But with a good purge of bayes, a rebuild, and the addition of sa-update rules, it all began to get better. Right now, I have implemented a system for my users to train a global Bayes database, and I must say it is working almost flawlessly. Only a few discussion lists got BAYES_99 hits, but as soon as the users forwarded them to the ham training account (or moved them to their webmail-based HAM folders), everything got better. I'm a small fish in this fight (two servers, about 400 users each, ~25000 messages a day, ~2 rejected via zenspamhaus.org mostly, ~1100 spam messages, and ~30 virus messages a day), but I must say that taking good care of my Bayes database has improved a lot the spam fighting capabilities of my servers. It includes making sa-forget of false positives, then feeding them to sa-learn as ham, sa-forget of false negatives and making SA analyze and report them, etc. Luckily, I managed to write some scripts to do the work for me. They're still at test stage, but I'm convinced that they seem to perform very well... A taste: http://www.biol.unlp.edu.ar/cgi-bin/mailgraph.cgi Luis 2007/3/23, Jim Maul [EMAIL PROTECTED]: Marc Perkel wrote: Perhaps what I need to do is to get rid of autolearn and write my own learning system that strips out the body of messages with images and just learns the headers. My problem is that when users get image spam they put it in the spam folders and they get learned. But the text in the image spam causes ham type text to be learned as spam. That causes ham to get higher scores. Are you sure of this? Have you also trained these ham messages to counter this effect? Not too long ago we were in the same situation. I have autolearn enabled but I have adjusted the thresholds to avoid learning false positives/negatives. We were getting ham (although arguably - they were newsletter type ham) that was hitting BAYES_99. As soon as i started training them as ham the problem went away. Spam is still detected correctly by bayes and these newsletters no longer hit bayes_99. -Jim -- - GNU-GPL: May The Source Be With You... -
Re: NOTICE: SpamAssassin 3.2.0-rc1 PRERELEASE available
Randal, Phil writes: Those (STILL TODO ;) bits are the things which would convince me to test it. Without them I'm rather in the dark as to what has changed, what needs to be changed in my config, and what areas need careful attention. So when are the betas of the (STILL TODO ;)'s coming out? :-) Doc has promised to do them really soon. ;) http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5382 --j.
Re: Is Bayes Dead? Have the spammers won?
Images were killing us until we installed focr. It really helped. I'm dreading the day that the scum find a way to circumvent that though. As an aside, I just noticed a bunch of spam like this in our quarantine (scored very very high so no one normally sees it, but I look sometimes): Subject: SPAM: HIGH * anti-spammers are lamers Parts/Attachments: 1 OK 3 lines Text (charset: ISO-8859-2) 2 Shown ~14 lines Text (charset: ISO-8859-2) subj regards, spammer. From: Luis Hernán Otegui [EMAIL PROTECTED] To: Spamassassin talk list users@spamassassin.apache.org Subject: Re: Is Bayes Dead? Have the spammers won? Date: Fri, 23 Mar 2007 11:45:22 -0300 Well, my two cents on this: When I upgraded my servers (about half a year ago) and started using a mysql-based Bayes DB, image spams began to drive me crazy. Seemed like there was no way to stop them. But with a good purge of bayes, a rebuild, and the addition of sa-update rules, it all began to get better. Right now, I have implemented a system for my users to train a global Bayes database, and I must say it is working almost flawlessly. Only a few discussion lists got BAYES_99 hits, but as soon as the users forwarded them to the ham training account (or moved them to their webmail-based HAM folders), everything got better. I'm a small fish in this fight (two servers, about 400 users each, ~25000 messages a day, ~2 rejected via zenspamhaus.org mostly, ~1100 spam messages, and ~30 virus messages a day), but I must say that taking good care of my Bayes database has improved a lot the spam fighting capabilities of my servers. It includes making sa-forget of false positives, then feeding them to sa-learn as ham, sa-forget of false negatives and making SA analyze and report them, etc. Luckily, I managed to write some scripts to do the work for me. They're still at test stage, but I'm convinced that they seem to perform very well... A taste: http://www.biol.unlp.edu.ar/cgi-bin/mailgraph.cgi Luis 2007/3/23, Jim Maul [EMAIL PROTECTED]: Marc Perkel wrote: Perhaps what I need to do is to get rid of autolearn and write my own learning system that strips out the body of messages with images and just learns the headers. My problem is that when users get image spam they put it in the spam folders and they get learned. But the text in the image spam causes ham type text to be learned as spam. That causes ham to get higher scores. Are you sure of this? Have you also trained these ham messages to counter this effect? Not too long ago we were in the same situation. I have autolearn enabled but I have adjusted the thresholds to avoid learning false positives/negatives. We were getting ham (although arguably - they were newsletter type ham) that was hitting BAYES_99. As soon as i started training them as ham the problem went away. Spam is still detected correctly by bayes and these newsletters no longer hit bayes_99. -Jim -- - GNU-GPL: May The Source Be With You... - _ Interest Rates near 39yr lows! $430,000 Mortgage for $1,399/mo - Calculate new payment http://www.lowermybills.com/lre/index.jsp?sourceid=lmb-9632-18466moid=7581
RE: extract message-id's from logfile
Starckjohann, Ove wrote:
Hi!
bit offtopic, but maybe it's easy and someone is able to drop me the
*magic* snippet of code:
My logile looks like:
Mar 23 10:15:55 admin05 spamd[6084]: spamd: result: Y 5 -
AWL,BAYES_00,DCC_CHECK,DIGEST_MULTIPLE,HTML_MESSAGE,LOGINHASH2,MIME_HTML
_ONLY,RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E4_51_100,RAZOR2_CHECK
scantime=1.8,size=4860,user=(unknown),uid=1002,required_score=5.0,rhost=
mailgate.wee.com,raddr=10.10.10.21,rport=9661,mid=15669820.200703231447
[EMAIL PROTECTED],bayes=1.25626575044335e-05,autolearn=no
Mar 23 10:19:38 admin05 spamd[6084]: spamd: result: Y 7 -
BAYES_00,DCC_CHECK,DIGEST_MULTIPLE,FRT_CONTACT,HTML_30_40,HTML_MESSAGE,H
TML_TITLE_UNTITLED,LOGINHASH2,MULTIPART_ALT_NON_TEXT,NO_RECEIVED,NO_RELA
YS,RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E4_51_100,RAZOR2_CHECK
scantime=2.7,size=12337,user=(unknown),uid=1002,required_score=5.0,rhost
=mailgate.wee.com,raddr=10.10.10.21,rport=9897,mid=[EMAIL PROTECTED]
hikoi.com,bayes=1.66533453693773e-16,autolearn=no
...
i do need to extract the message-id's from there to get the following
list:
[EMAIL PROTECTED]
[EMAIL PROTECTED]
How to realize ??
Any skilled grep'ers / awk'ers / sed'ers alive here ?
Perl'ers?
Use grep or whatever to find the right lines and then pipe it to a perl
script like this:
grep (whatever) maillog | perl -ne 'if (/mid=([^]+)/) { print $1\n }'
--
Bowie
Re: Blocking mail from one specific user to another
Another option would be to use Sieve or another type of server side filter. This way, you would have a few options. You could reject it, discard it, or redirect the message elsewhere. Just an idea, but like the others have said, I wouldn't use SA for it. .metts Michael Connors wrote: Dennis Davis wrote: On Fri, 23 Mar 2007, Michael Connors wrote: Received: from [87.198.136.186] (helo=[10.1.1.125]) by mail.go2.ie with esmtpa (Exim 4.52) id 1HUjCF-0005Fo-62; Fri, 23 Mar 2007 12:48:43 + Message-ID: [EMAIL PROTECTED] Date: Fri, 23 Mar 2007 12:48:44 + From: Michael Connors [EMAIL PROTECTED] To: Loren Wilton [EMAIL PROTECTED] CC: users@spamassassin.apache.org Subject: Re: Blocking mail from one specific user to another I see, I didn't understand the syntax of the rules before, now I understand. Thank you, I will try that. As indicated elsewhere in this thread, this is best done by the MTA and not SpamAssassin. You appear to be using exim as your MTA. At least that's what's indicated by: Received: from [87.198.136.186] (helo=[10.1.1.125]) by mail.go2.ie with esmtpa (Exim 4.52) id 1HUjCF-0005Fo-62; Fri, 23 Mar 2007 12:48:43 + So have a look at exim's wikki. This specific case is covered in: http://www.exim.org/eximwiki/FAQ/Policy_controls/Q0710 I will look into that. Thanks for your answers. regards, Michael
Re: Blocking mail from one specific user to another
On Fri, 23 Mar 2007, Loren Wilton wrote:
Well, of course you can't block with SA itself. But I assume you knew that.
You can't do what you want quite the way you showed it. But you can get the
effect you want:
header __MC_MY_FROMFrom =~ /[EMAIL PROTECTED]/i
header __MC_MY_ENVEnvelope-to =~ /[EMAIL PROTECTED]/i
header __MC_MY_SUBSubject =~ /Mailing list subject/i
meta MC_MY_RULE __MC_MY_FROM __MC_MY_ENV __MC_MY_SUB
score MC_MY_RULE10.0
Don't forget:
1) this is predicated upon the 'Envelope-to' being available to SA, not
all configurations do that.
2) What if another user at your site also subscribed to that list and
wanted it. The mail message can have multiple 'Envelope-to' addrs.
Then you'd have a FP for the second user.
--
Dave Funk University of Iowa
dbfunk (at) engineering.uiowa.eduCollege of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_adminIowa City, IA 52242-1527
#include std_disclaimer.h
Better is not better, 'standard' is better. B{
Re: Blocking mail from one specific user to another
Hi, I have it working, I am blocking it at the MTA using policy controls. It appears to be working fine. Thanks everyone for the help, Michael Jonathan M Metts wrote: Another option would be to use Sieve or another type of server side filter. This way, you would have a few options. You could reject it, discard it, or redirect the message elsewhere. Just an idea, but like the others have said, I wouldn't use SA for it. .metts Michael Connors wrote: Dennis Davis wrote: On Fri, 23 Mar 2007, Michael Connors wrote: Received: from [87.198.136.186] (helo=[10.1.1.125]) by mail.go2.ie with esmtpa (Exim 4.52) id 1HUjCF-0005Fo-62; Fri, 23 Mar 2007 12:48:43 + Message-ID: [EMAIL PROTECTED] Date: Fri, 23 Mar 2007 12:48:44 + From: Michael Connors [EMAIL PROTECTED] To: Loren Wilton [EMAIL PROTECTED] CC: users@spamassassin.apache.org Subject: Re: Blocking mail from one specific user to another I see, I didn't understand the syntax of the rules before, now I understand. Thank you, I will try that. As indicated elsewhere in this thread, this is best done by the MTA and not SpamAssassin. You appear to be using exim as your MTA. At least that's what's indicated by: Received: from [87.198.136.186] (helo=[10.1.1.125]) by mail.go2.ie with esmtpa (Exim 4.52) id 1HUjCF-0005Fo-62; Fri, 23 Mar 2007 12:48:43 + So have a look at exim's wikki. This specific case is covered in: http://www.exim.org/eximwiki/FAQ/Policy_controls/Q0710 I will look into that. Thanks for your answers. regards, Michael -- Michael Connors go2web Limited Registered in Ireland: No. 327376 Reg. address: 53, Thormanby Lawns, Howth, Dublin 13 Head Office: Harbour House, Harbour Road, Howth Phone: +353-1-839 5432 Fax: +353-1-839 5439
Re: R: Is Bayes Dead? Have the spammers won?
On Thu, 22 Mar 2007 09:55:07 -0700, Marc Perkel [EMAIL PROTECTED] wrote: Maybe I'm doing something wrong but with the various methods of bayes poisoning going on I've found that bayes is just lowering the score of spam and causing more spam to get through. Where bayes used to be the centerpiece of spam filtering now I have turned it off to increase accuracy. Anyone else seeing this or is there some new tricks that I'm missing out on? I use a 3 tier system to minimize the effect of poisining the Bayes tables. First we do checking against a few databases for known spammer addresses, then check the message for obvious spam (claiming to come from our server, honeypot addresses, words in subjects, high SA score with no Bayes scoring) and then we do the Bayes scoring.
Re: Is Bayes Dead? Have the spammers won?
Jim Maul wrote: Marc Perkel wrote: Perhaps what I need to do is to get rid of autolearn and write my own learning system that strips out the body of messages with images and just learns the headers. My problem is that when users get image spam they put it in the spam folders and they get learned. But the text in the image spam causes ham type text to be learned as spam. That causes ham to get higher scores. Are you sure of this? Have you also trained these ham messages to counter this effect? Not too long ago we were in the same situation. I have autolearn enabled but I have adjusted the thresholds to avoid learning false positives/negatives. We were getting ham (although arguably - they were newsletter type ham) that was hitting BAYES_99. As soon as i started training them as ham the problem went away. Spam is still detected correctly by bayes and these newsletters no longer hit bayes_99. -Jim What I think my problem might be is that I have done so much work prescreening messages with Exim that what's left isn't good stock for autolearn. I think what I need is a separate dedicated learner server that is selective and smart about what it learns.
RE: reset spam bayes
Dean Manners said: sa-learn --clear Make sure you have a ham/spam pile ready to re-train your db's after clearing. Hmm so if someone does this sa-learn --clear Q: when that command is completed, should one restart SA or are we good to go immediately after for training etc? - rh -- Robert - Abba Communications http://www.abbacomm.net/
Re: Is Bayes Dead? Have the spammers won?
Marc Perkel wrote: Jim Maul wrote: Marc Perkel wrote: Perhaps what I need to do is to get rid of autolearn and write my own learning system that strips out the body of messages with images and just learns the headers. My problem is that when users get image spam they put it in the spam folders and they get learned. But the text in the image spam causes ham type text to be learned as spam. That causes ham to get higher scores. Are you sure of this? Have you also trained these ham messages to counter this effect? Not too long ago we were in the same situation. I have autolearn enabled but I have adjusted the thresholds to avoid learning false positives/negatives. We were getting ham (although arguably - they were newsletter type ham) that was hitting BAYES_99. As soon as i started training them as ham the problem went away. Spam is still detected correctly by bayes and these newsletters no longer hit bayes_99. -Jim What I think my problem might be is that I have done so much work prescreening messages with Exim that what's left isn't good stock for autolearn. I think what I need is a separate dedicated learner server that is selective and smart about what it learns. This is quite possible. I have heard other stories of people using things like greylisting and rbls to reject at smtp time that the only things that eventually made it to SA were so limited that it would produce odd results for bayes. From my experience, the more you throw at bayes, the better it gets. The more selective you are, the less it has to work with. Jim
Re: FUZZY_OCR find not existent words on images
Rejaine Monteiro wrote: I'm using FuzzyOcr plugin, version 2.3b and have some problems with Fuzzy-OCR false/positives: 12 FUZZY_OCR BODY: Mail contains an image with common spam text inside Words found: news in 5 lines money in 1 lines million in 1 lines trade in 1 lines levitra in 1 lines product in 1 lines (10 word occurrences found) So, message was targed as spam.. But the image on this message have NOT any words above (have only brazilian portuguese words) Any tip? The problem is that you are using (probably) the default setting for fuzzy match, in that old version of FuzzyOcr it was set to high so it matched where it should not. Solutions are many: - You can globally adjust that factor (I don't remember what it was called in that old version, in the new one it is focr_threshold with a default of 0.25, perhaps it is the same); - You can edit your words list, FuzzyOcr.words, and adjust the factor for individual words, I use a value of 0.1 for short words and those I prefer a close match, a bigger value for longer words or nothing to just use the global default; - You can upgrade to the latest version, it has different factors and more functionality but, the downside is that you will have to upgrade the pnm stuff and probably other perl modules. -- René Berber
Socket.pm errors
I recently updated SA on our machines from 3.1.1 to 3.1.8 and I started noticing a new issue crop up. I also noticed that someone else had a similar problem and reported it on this last back in January [1], but it never got an answer back about it. I've looked elsewhere online and have yet to find a solution yet. Here is a log excerpt of what I see: Mar 23 11:50:48 spamfilter5 spamd[28398]: Use of uninitialized value in subroutine entry at /usr/lib/perl5/5.8.5/i386-linux-thread-multi/Socket.pm line 370. Mar 23 11:50:48 spamfilter5 spamd[28398]: Bad arg length for Socket::unpack_sockaddr_in, length is 0, should be 16 at /usr/lib/perl5/5.8.5/i386-linux-thread-multi/Socket.pm line 370. Mar 23 11:50:48 spamfilter5 spamd[28398]: spamd: error: Bad arg length for Socket::unpack_sockaddr_in, length is 0, should be 16 at /usr/lib/perl5/5.8.5/i386-linux-thread-multi/Socket.pm line 370. Mar 23 11:50:48 spamfilter5 spamd[28398]: , continuing at /usr/bin/spamd line 924. Mar 23 11:50:48 spamfilter5 spamd[25791]: prefork: child states: BBBB Mar 23 11:50:48 spamfilter5 spamd[25791]: prefork: server reached --max-children setting, consider raising it During the time I get these errors, I seem to have emails go through the system without getting tagged with any X-Spam* tags. Yet, I can find in the log that the email was tagged and was done under the timeout setting we have for spamc. These errors seem to be related to the amount of load the machine is having at the time (i.e. higher loads tends to bring these errors out more). They also seem to be transient in that after a few minutes they seem to go away and things are back to normal (probably when the load goes down). I'm no programmer, but from my point of view it seems as though the child algorithms used to clean up connections is getting confused when they're close to their max setting. Now, some background on our setup. We have a pool of seven servers that are behind a BigIP running spamassassin (running mostly RHAS4, but we also have two Solaris 10 amd64 machines). We have a pool of mail delivery servers running sendmail and invoking procmail which then invokes spamc to connect to the virtual IP. I do not see any timeout errors in the logs from spamc during these periods of errors. About a month ago, we were running into a resource limit on our oracle database server (where all the user prefs are stored). I found the persistent DB plugin on the wiki site [2] and added it to all our servers. It fixed the resource issue and no other issue came up at that time. However, I did notice after adding the plug-in that a lot of spamd children weren't dying and were staying active. So I suspect this plug-in might be a source of the problem. Now since I've upgraded to the latest version, I'm seeing these problem of non-tagged email. Now, my actual questions: * Does anyone have any idea what might be causing this problem? * Do I need to upgrade perl (currently running 5.8.5 on RHAS4)? * Is the persistent DB plug-in causing the issue? I just updated one of the Solaris 10 machines and haven't noticed the error yet. It does have a newer version of perl on it (5.8.8). Anyways, any help would be appreciated! Thanks! [1] http://article.gmane.org/gmane.mail.spam.spamassassin.general/94500 [2] http://wiki.apache.org/spamassassin/DBIPlugin -- Lance Albertson [EMAIL PROTECTED] Unix System AdministratorKansas State University Computing Telecommunications Services / Enterprise Server Technologies Work: 532-3067 PGP Key: 0x27F4B742 GPG Fingerprint 0423 92F3 544A 1282 5AB1 4D07 416F A15D 27F4 B742 signature.asc Description: OpenPGP digital signature
Re: Is Bayes Dead? Have the spammers won?
But with a good purge of bayes, a rebuild, and the addition of sa-update rules, How do you safely purge bayes anyway? Matt
Re: FUZZY_OCR find not existent words on images
At 10:13 AM 3/23/2007, Rejaine Monteiro wrote: I'm using FuzzyOcr plugin, version 2.3b and have some problems with Fuzzy-OCR false/positives: 12 FUZZY_OCR BODY: Mail contains an image with common spam text inside Words found: news in 5 lines money in 1 lines million in 1 lines trade in 1 lines levitra in 1 lines product in 1 lines (10 word occurrences found) So, message was targed as spam.. But the image on this message have NOT any words above (have only brazilian portuguese words) Any tip? Put the image on a website and put the link to this list. Otherwise, we're only guessing.
Re: Socket.pm errors
Lance Albertson wrote: I recently updated SA on our machines from 3.1.1 to 3.1.8 and I started noticing a new issue crop up. I also noticed that someone else had a similar problem and reported it on this last back in January [1], but it never got an answer back about it. I've looked elsewhere online and have yet to find a solution yet. Here is a log excerpt of what I see: Mar 23 11:50:48 spamfilter5 spamd[28398]: Use of uninitialized value in subroutine entry at /usr/lib/perl5/5.8.5/i386-linux-thread-multi/Socket.pm line 370. Mar 23 11:50:48 spamfilter5 spamd[28398]: Bad arg length for Socket::unpack_sockaddr_in, length is 0, should be 16 at /usr/lib/perl5/5.8.5/i386-linux-thread-multi/Socket.pm line 370. Mar 23 11:50:48 spamfilter5 spamd[28398]: spamd: error: Bad arg length for Socket::unpack_sockaddr_in, length is 0, should be 16 at /usr/lib/perl5/5.8.5/i386-linux-thread-multi/Socket.pm line 370. Mar 23 11:50:48 spamfilter5 spamd[28398]: , continuing at /usr/bin/spamd line 924. Mar 23 11:50:48 spamfilter5 spamd[25791]: prefork: child states: BBBB Mar 23 11:50:48 spamfilter5 spamd[25791]: prefork: server reached --max-children setting, consider raising it During the time I get these errors, I seem to have emails go through the system without getting tagged with any X-Spam* tags. Yet, I can find in the log that the email was tagged and was done under the timeout setting we have for spamc. These errors seem to be related to the amount of load the machine is having at the time (i.e. higher loads tends to bring these errors out more). They also seem to be transient in that after a few minutes they seem to go away and things are back to normal (probably when the load goes down). I'm no programmer, but from my point of view it seems as though the child algorithms used to clean up connections is getting confused when they're close to their max setting. Now, some background on our setup. We have a pool of seven servers that are behind a BigIP running spamassassin (running mostly RHAS4, but we also have two Solaris 10 amd64 machines). We have a pool of mail delivery servers running sendmail and invoking procmail which then invokes spamc to connect to the virtual IP. I do not see any timeout errors in the logs from spamc during these periods of errors. About a month ago, we were running into a resource limit on our oracle database server (where all the user prefs are stored). I found the persistent DB plugin on the wiki site [2] and added it to all our servers. It fixed the resource issue and no other issue came up at that time. However, I did notice after adding the plug-in that a lot of spamd children weren't dying and were staying active. So I suspect this plug-in might be a source of the problem. Now since I've upgraded to the latest version, I'm seeing these problem of non-tagged email. Now, my actual questions: * Does anyone have any idea what might be causing this problem? * Do I need to upgrade perl (currently running 5.8.5 on RHAS4)? * Is the persistent DB plug-in causing the issue? I just updated one of the Solaris 10 machines and haven't noticed the error yet. It does have a newer version of perl on it (5.8.8). Anyways, any help would be appreciated! Thanks! [1] http://article.gmane.org/gmane.mail.spam.spamassassin.general/94500 [2] http://wiki.apache.org/spamassassin/DBIPlugin I would see if you could maybe get a fresher version of IO::Socket The latest on CPAN is 1.2301 (http://search.cpan.org/CPAN/authors/id/G/GB/GBARR/IO-1.2301.tar.gz) I would *not* try to upgrade Perl. In doing so, you could cause you machine to laps in an error-log extravaganza. -=Aubrey=-
Just a general question
I've been on this mail list only for a few months now, and am wondering if I am the smallest guy here. I often have questions, and usually find the answer just by browsing in past mails, which is really cool. I see most of the folks that are questioning/replying are admins of rather large systems, many ISPs. I only run a little bitty server with under 100 users. Are there any others like that here? The reason I ask is, I think that running a single-domain server, with under 100 users gives a little more room for testing, and general mis configuring errors, and would like to know of some methods that maybe other small guys like myself have come up with to trouble-shoot. -=Aubrey=-
Socket error
I'm running SA-3.1.8 on FreeBSD 6.x and getting the following error in the maillog: pinnacle spamd[67334]: spamd: could not create INET socket on 127.0.0.1:783: Permission denied This doesn't seem to affect the operation, but I'd like to fix the problem. Does anyone have a suggestion? Spamd *IS* running as root. TIA Beech -- --- Beech Rintoul - Port Maintainer - [EMAIL PROTECTED] /\ ASCII Ribbon Campaign | FreeBSD Since 4.x \ / - NO HTML/RTF in e-mail | http://www.freebsd.org X - NO Word docs in e-mail | Latest Release: / \ - http://www.freebsd.org/releases/6.2R/announce.html ---
RE: Is Bayes Dead? Have the spammers won?
Are you sure of this? Have you also trained these ham messages to counter this effect? Not too long ago we were in the same situation. I have autolearn enabled but I have adjusted the thresholds to avoid This is quite possible. I have heard other stories of people using things like greylisting and rbls to reject at smtp time that the only things that eventually made it to SA were so limited that it would produce odd results for bayes. From my experience, the more you throw at bayes, the better it gets. The more selective you are, the less it has to work with. Jim So are you saying for these purposes that you do not use RBLs or greylisting or other similar tools that cut down on the obvious cycle consuming garbage? - rh -- Robert - Abba Communications http://www.abbacomm.net/
Re: FUZZY_OCR find not existent words on images
This image, for example, was targed as spam... http://rejaine.multiply.com/photos/photo/5/1 Content analysis details: (6.4 points, 5.0 required) pts rule name description -- -- -2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1% [score: 0.] 0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay 9.0 FUZZY_OCR BODY: Mail contains an image with common spam text inside Words found: news in 3 lines stock in 1 lines international in 1 lines service in 1 lines penis in 1 lines (7 word occurrences found) Evan Platt escreveu: Put the image on a website and put the link to this list. Otherwise, we're only guessing.
Re: Just a general question
maillist wrote: I've been on this mail list only for a few months now, and am wondering if I am the smallest guy here. I often have questions, and usually find the answer just by browsing in past mails, which is really cool. I see most of the folks that are questioning/replying are admins of rather large systems, many ISPs. I only run a little bitty server with under 100 users. Are there any others like that here? The reason I ask is, I think that running a single-domain server, with under 100 users gives a little more room for testing, and general mis configuring errors, and would like to know of some methods that maybe other small guys like myself have come up with to trouble-shoot. Well... I run a server that has only about 5 mail users. We use it to run a couple of dozen email lists, with a total of perhaps 2000 subscribers.
RE: Just a general question
I've been on this mail list only for a few months now, and am wondering if I am the smallest guy here. No, you're not. I often have questions, and usually find the answer just by browsing in past mails, which is really cool. I see most of the folks that are questioning/replying are admins of rather large systems, many ISPs. I would think larger sites would have more issues by nature (more people to complain to them, hardware that struggles to keep up with high loads and the need to please everyone). I only run a little bitty server with under 100 users. Are there any others like that here? Yep. The reason I ask is, I think that running a single-domain server, with under 100 users gives a little more room for testing, and general mis configuring errors, and would like to know of some methods that maybe other small guys like myself have come up with to trouble-shoot. -=Aubrey=- In general, I think you already found that the mailing list is the best resource. It keeps you aware of most new developments - both good and bad and it familiarizes you with debugging. Gary V _ Its tax season, make sure to follow these few simple tips http://articles.moneycentral.msn.com/Taxes/PreparationTips/PreparationTips.aspx?icid=HMMartagline
RE: Just a general question
maillist wrote: I've been on this mail list only for a few months now, and am wondering if I am the smallest guy here. I often have questions, and usually find the answer just by browsing in past mails, which is really cool. I see most of the folks that are questioning/replying are admins of rather large systems, many ISPs. I only run a little bitty server with under 100 users. Are there any others like that here? The reason I ask is, I think that running a single-domain server, with under 100 users gives a little more room for testing, and general mis configuring errors, and would like to know of some methods that maybe other small guys like myself have come up with to trouble-shoot. Well... I run a server that has only about 5 mail users. We use it to run a couple of dozen email lists, with a total of perhaps 2000 subscribers. I'm single domain as well- approx 70 users
RE: Just a general question
At 01:06 PM 3/23/2007, Gary V wrote: I've been on this mail list only for a few months now, and am wondering if I am the smallest guy here. No, you're not. Oh me me me! 1 domain, 1 user. :)
Re: Just a general question
Count me in. 1 domain, 1 user. Why? Just because I can. Evan Platt wrote: At 01:06 PM 3/23/2007, Gary V wrote: I've been on this mail list only for a few months now, and am wondering if I am the smallest guy here. No, you're not. Oh me me me! 1 domain, 1 user. :)
Re: Socket error
Beech Rintoul wrote: I'm running SA-3.1.8 on FreeBSD 6.x and getting the following error in the maillog: pinnacle spamd[67334]: spamd: could not create INET socket on 127.0.0.1:783: Permission denied This doesn't seem to affect the operation, but I'd like to fix the problem. Does anyone have a suggestion? Spamd *IS* running as root. The most common cause of this is a user calling spamd, rather than spamc, from procmail. Daryl
Re: Just a general question
Jonathan M Metts wrote: Count me in. 1 domain, 1 user. Why? Just because I can. Evan Platt wrote: At 01:06 PM 3/23/2007, Gary V wrote: I've been on this mail list only for a few months now, and am wondering if I am the smallest guy here. No, you're not. Oh me me me! 1 domain, 1 user. :) At home: 1 domain, 2 users At work: 3 domains, 25,000 users
Re: Just a general question
At home. 1 domain, 5 users. At work? I do tech support for Sun mail servers. . . . . . . jay John Rudd wrote: Jonathan M Metts wrote: Count me in. 1 domain, 1 user. Why? Just because I can. Evan Platt wrote: At 01:06 PM 3/23/2007, Gary V wrote: I've been on this mail list only for a few months now, and am wondering if I am the smallest guy here. No, you're not. Oh me me me! 1 domain, 1 user. :) At home: 1 domain, 2 users At work: 3 domains, 25,000 users
Re: Socket error (Fixed)
On Friday 23 March 2007, Daryl C. W. O'Shea said: Beech Rintoul wrote: I'm running SA-3.1.8 on FreeBSD 6.x and getting the following error in the maillog: pinnacle spamd[67334]: spamd: could not create INET socket on 127.0.0.1:783: Permission denied This doesn't seem to affect the operation, but I'd like to fix the problem. Does anyone have a suggestion? Spamd *IS* running as root. The most common cause of this is a user calling spamd, rather than spamc, from procmail. Daryl Thank you! That was it. Beech -- --- Beech Rintoul - Port Maintainer - [EMAIL PROTECTED] /\ ASCII Ribbon Campaign | FreeBSD Since 4.x \ / - NO HTML/RTF in e-mail | http://www.freebsd.org X - NO Word docs in e-mail | Latest Release: / \ - http://www.freebsd.org/releases/6.2R/announce.html ---
Re: Is Bayes Dead? Have the spammers won?
Jim Maul wrote: Marc Perkel wrote: Jim Maul wrote: Marc Perkel wrote: Perhaps what I need to do is to get rid of autolearn and write my own learning system that strips out the body of messages with images and just learns the headers. My problem is that when users get image spam they put it in the spam folders and they get learned. But the text in the image spam causes ham type text to be learned as spam. That causes ham to get higher scores. Are you sure of this? Have you also trained these ham messages to counter this effect? Not too long ago we were in the same situation. I have autolearn enabled but I have adjusted the thresholds to avoid learning false positives/negatives. We were getting ham (although arguably - they were newsletter type ham) that was hitting BAYES_99. As soon as i started training them as ham the problem went away. Spam is still detected correctly by bayes and these newsletters no longer hit bayes_99. -Jim What I think my problem might be is that I have done so much work prescreening messages with Exim that what's left isn't good stock for autolearn. I think what I need is a separate dedicated learner server that is selective and smart about what it learns. This is quite possible. I have heard other stories of people using things like greylisting and rbls to reject at smtp time that the only things that eventually made it to SA were so limited that it would produce odd results for bayes. From my experience, the more you throw at bayes, the better it gets. The more selective you are, the less it has to work with. Jim Yes - I think that's what's happening to me. I also create an automatic whitelisting system that shaves off about 1/2 of ham bypassing SA. What I need to do is fork off a copy of a lot of email that's bypassing SA and stuff it into the learner. Like I said originally, bayes used to be my best tool. I'd like to get that back.
Who is awews.org ?
The don't seem to have any contact info. Anyone know anything about them?
Re: Who is apews.org ?
Marc Perkel wrote: The don't seem to have any contact info. Anyone know anything about them? Whoops - typo. - I mean apews.org
Re: Who is apews.org ?
Marc Perkel wrote: Marc Perkel wrote: The don't seem to have any contact info. Anyone know anything about them? Whoops - typo. - I mean apews.org They seem to be an attempt to clone spews. 99.99% of the website was directly copied from spews.org From the website at http://www.apews.org/?page=news 12/28/06 APEWS was foundet by some People thinking SPEWS is dead but their work was great. So we decide to countinue their great work and present a new up to date list in SPEWS-style, and even make it better. (note: all typo's original) There's a lot of good discussion here: http://groups.google.gg/group/news.admin.net-abuse.email/browse_thread/thread/4035a054652987ec/89c81a5772218583?lnk=gstq=spewsrnum=8 Personally, I think spews was useful as an informational tool, but was absolute crap as a spam filtering tool. Given that apews seems to be a less-literate group of operators (or at least ones who don't know how to use a spell checker), I'd venture to speculate this list is list will ultimately meet some of the following speculations: - be as rabid as spews, if not more so - have stronger barriers to communication than spews. - be highly prone to errors in entry (judging from the typos in the little original text, I expect the same in the zonefile..)
Re: Who is apews.org ?
Marc Perkel wrote: Marc Perkel wrote: The don't seem to have any contact info. Anyone know anything about them? Whoops - typo. - I mean apews.org Dunno. Tar-pit?
Re: Just a general question
On Fri, 23 Mar 2007, maillist wrote: I only run a little bitty server with under 100 users. Are there any others like that here? Since I stopped monking at work I only support SA for 4 users. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ [EMAIL PROTECTED]FALaholic #11174 pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- A sword is never a killer, it is but a tool in the killer's hands. -- Lucius Annaeus Seneca (Martial) 4BC-65AD --- 592 days until the Presidential Election
