Re: What multibyte character encoding convention is this?

[Robert Nicholson]

Yesterday I posted the wrong notation as I posted what my Terminal  
client renders them as where as what it looks like thru cat -v is


From: "M-6M-sM-

does anybody recommend this?

On Jan 6, 2009, at 12:56 PM, BChasm wrote:


They almost look like chord notations...

On Tue, Jan 6, 2009 at 5:31 AM, Kai Schaetzl  
 wrote:

Robert Nicholson wrote on Mon, 5 Jan 2009 23:25:00 -0600:

> What is the convention being used here for encoding these mulitbyte
> chars?

I'd say none :-)

Kai

--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com






--
http://beckoningchasm.com

Re: Alternative to Postfix header_checks?

[John Hardin]

On Tue, 6 Jan 2009, Gerald Turner wrote:


Not with header_checks (http://www.postfix.org/header_checks.5.html),
although there is a REPLACE action, it still couldn't operate on a
combination of headers.


Think two passes, one to check for the SA score and another to check for 
the presence of the mailing list headers.


--
 John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
 jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org
 key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
---
  W-w-w-w-w-where did he learn to n-n-negotiate like that?
---
 11 days until Benjamin Franklin's 303rd Birthday

Re: New spam-to me-and how do I stop.

[Benny Pedersen]

On Tue, January 6, 2009 21:31, Bob McClure Jr wrote:

> Directly from our local.cf:
> = 8< snip -
> # We've (or at least the webmaster has) had a problem with spam
> # from aim.com users, coming from AOL servers.  After much training,
> # they hit BAYES_99, but not enough other rules to go over the edge.
> # These are designed to handle that.
> header __RLM_RCVD_FROM_AOL Received =~ /from .*\.aol\.com/
> header __RLM_FROM_AIM_USER From =~ /\...@aim\.com/
> meta RLM_AIM_SPAM (__RLM_RCVD_FROM_AOL && __RLM_FROM_AIM_USER)
> # Most of this already scores 3.5.
> score RLM_AIM_SPAM 1.6
> = 8< snip -
>
> Set your score to push them over the threshold.  Much more than that
> and you risk FPs.

use spf
http://old.openspf.org/wizard.html?mydomain=aim.com&submit=Go!

-- 
Benny Pedersen
Need more webspace ? http://www.servage.net/?coupon=cust37098

Re: Alternative to Postfix header_checks?

[Gerald Turner]

LuKreme  writes:

> On 6-Jan-2009, at 15:39, Gerald Turner wrote:
>> Unfortunately Postfix header_checks can only process one header at a
>> time, there's no way to compound conditions of multiple headers.
>> I've searched and can't seem to come up with any possibility of
>> configuring Postfix to conditionally discard rather than bounce.  I'm
>> on the verge of customizing an example Perl milter to do the job, but
>> it seems like something that should be built-in to either Postfix,
>> spampd, or perhaps amavisd-new - any suggestions?
>
> Can't you rewrite a header based on conditions?
>

Not with header_checks (http://www.postfix.org/header_checks.5.html),
although there is a REPLACE action, it still couldn't operate on a
combination of headers.

> The other thing you could do is setup a separate submission port for
> tested messages?  Or a policy server?
>

Yeah, that's kind of what I'm thinking with writing a hacked up Perl
milter.

Thanks.

-- 
Gerald Turner  Email: gtur...@unzane.com  JID: gtur...@jabber.unzane.com
GPG: 0xFA8CD6D5  21D9 B2E8 7FE7 F19E 5F7D  4D0C 3FA0 810F FA8C D6D5

Re: Alternative to Postfix header_checks?

[LuKreme]

On 6-Jan-2009, at 15:39, Gerald Turner wrote:

Unfortunately Postfix header_checks can only process one header at a
time, there's no way to compound conditions of multiple headers.  I've
searched and can't seem to come up with any possibility of configuring
Postfix to conditionally discard rather than bounce.  I'm on the verge
of customizing an example Perl milter to do the job, but it seems like
something that should be built-in to either Postfix, spampd, or  
perhaps

amavisd-new - any suggestions?



Can't you rewrite a header based on conditions?

That is, check for spam score of 4-8, and if true, then write a header

X-myexample-test: True

Then test for, say, mailing list header and if found, rewrite x- 
myexample-test to


X-myexample-test: True, Maillist

The other thing you could do is setup a separate submission port for  
tested messages?  Or a policy server?


--
Not that I condone fascism, or any -ism for that matter. -Ism's in
my opinion are not good. A person should not believe in an
-ism, he should believe in himself. I quote John Lennon, "I
don't believe in The Beatles, I just believe in me." Good point
there. After all, he was The Walrus. I could be The Walrus and
I'd still have to bum rides off of people.

Alternative to Postfix header_checks?

[Gerald Turner]

Hello, I have been using SpamAssassin integrated with Postfix via spampd
SMTP proxy and I have the following header_checks file:

  /^X-Spam-Level: \*{8,}/ DISCARD Spam score 8+
  /^X-Spam-Level: \*{4,}/ REJECT Spam score 4+

There are cases where I'd rather DISCARD the low score mail (>= 4, < 8)
than REJECT, for instance:

   When the mail contains mailing-list headers - some mailing lists
   unsubscribe after too many bounces, particularly Debian with
   open/unmoderated lists.

   When the mail was sent to a quasi-spamtrap address - I'm aliased on a
   few hosts with webmas...@example.com type addresses, some of which
   will generate bounce warnings to mailer-daemon who is aliased to
   several people, evil!

Unfortunately Postfix header_checks can only process one header at a
time, there's no way to compound conditions of multiple headers.  I've
searched and can't seem to come up with any possibility of configuring
Postfix to conditionally discard rather than bounce.  I'm on the verge
of customizing an example Perl milter to do the job, but it seems like
something that should be built-in to either Postfix, spampd, or perhaps
amavisd-new - any suggestions?

-- 
Gerald Turner  Email: gtur...@unzane.com  JID: gtur...@jabber.unzane.com
GPG: 0xFA8CD6D5  21D9 B2E8 7FE7 F19E 5F7D  4D0C 3FA0 810F FA8C D6D5

Re: more habeas spam

[LuKreme]

On 6-Jan-2009, at 08:51, Greg Troxel wrote:

I realize that HABEAS_ACCREDITED_SOI has or had a reasonable ruleqa
value.  But, I wonder if SA should apply higher standards than that,  
and

not give negative scores to databases that don't behave reasonably.



This has been brought up on the list in the past (there was a long  
thread on it last February).  The best suggestion I saw in that thread  
was


score HABEAS_ACCREDITED_COI -1.0
score HABEAS_ACCREDITED_SOI -0.5
score HABEAS_CHECKED 0

The other suggestion that seemed reasonable was setting all scores to  
0.  Some people suggested setting the scores to positive numbers.  
Based on my own mail, a small positive score for Habeas is reasonable:


score HABEAS_ACCREDITED_COI 0.5
score HABEAS_ACCREDITED_SOI 1.0
score HABEAS_CHECKED 0

It's about 90% Spam for my own mailspool. It used to be used a lot  
more, at least in my mail.  A lot of commercial or semi-commercial  
mailing-lists that I was on tried it out back around 2003-2005, iirc.  
Since then, all have stopped using it. The last one to remove them was  
the TidBITS mailing list which dropped them on 1-Jan-2007.  Certainly  
having the very low scores (are they still defaulting to -4.5 and  
-8.0?) seems like a spectacularly bad idea.


If you want the real history of Habeas in a nutshell, the company went  
to hell when Anne Mitchell left (the same Anne Mitchell who was part  
of MAPS back in the day).  She's now at the Institute for Spam and  
Internet Public Policy .  What habeas  
became after she left was something quite different from what it had  
been under her stewardship.



--
I hear hurricanes a-blowing, I know the end is coming
soon. I fear rivers over-flowing. I hear the voice
of rage and ruin.

Re: New spam-to me-and how do I stop.

[Kai Schaetzl]

Craig wrote on Tue, 06 Jan 2009 14:07:38 -0600:

> X-Spam-Flag:YES

who added this? Maybe just act on it ...

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com

Re: more habeas spam

[John Hardin]

On Tue, 6 Jan 2009, Rob Foehl wrote:

The last complaint filed with Habeas was answered with something like 
"this customer appears to be following their business model"


Oh for pete's sake. If that's their criteria for acceptability then Habeas 
is useless. After all, a spammer's business model is to send huge volumes 
of unsolicited commercial email...


--
 John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
 jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org
 key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
---
  Any time law enforcement becomes a revenue center, the system
  becomes corrupt.
---
 11 days until Benjamin Franklin's 303rd Birthday

Re: more habeas spam

[Rob Foehl]

On Tue, 6 Jan 2009, Greg Troxel wrote:


In https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5902 I asked
why HABEAS_ACCREDITED_SOI still got a negative score, and after posting
in public did get a response from habeas.  But my experience has been
that non-public complaints are ignored.


My experiences with Habeas have been so poor that I've actually been 
toying with the idea of assigning fairly large positive scores to the 
HABEAS_ACCREDITED_* rules.  There is a rather stunning overlap with URIBL 
hits here, and no evidence of a useful effect on legitimate mail.


The last complaint filed with Habeas was answered with something like 
"this customer appears to be following their business model", which was 
namely that they "contact people who have posted on certain web sites". 
I wonder if they're willing to accredit everyone with that particular 
business model...



I realize that HABEAS_ACCREDITED_SOI has or had a reasonable ruleqa
value.  But, I wonder if SA should apply higher standards than that, and
not give negative scores to databases that don't behave reasonably.


HABEAS_ACCREDITED_SOI still earns a -4.3 in the default scores for 3.2.5. 
I'd love to know why this is still the case.


-Rob

Re: New spam-to me-and how do I stop.

[Randy]

Craig wrote:



>>> Randy  1/6/2009 2:18 PM >>>
Craig wrote:
> Hello All-
> 
> I have recently been getting MANY spam slipping through Spamassassin

> and I am looking for help on how to stop.  I have used Spamassassin
> with Bayes successfully for many years now and once I train the system
> on new spam, the system does an excellent job of stopping. These
> messages are very short and include a link.  The subject is usually
> regarding watches, or are thinly disguised viagra ads. Many are sent
> from aim.com Below is header info and below that is the Spamassassin
> output of an email that has slipped through.
>
>
>  0.0 BAYES_50   BODY: Bayesian spam probability is 40 to 60%
> [score: 0.5000]
Content analysis details:   (3.3 points, 5.0 required)

Train the messages as spam with sa-learn which should add 3.5 to the 
score.


3.5+3.3=6.8
6.8 > 5.0 = spam
 
thanks for your quick reply-
 
You are correct if I teach the system this email it will score as 
spam.  But, I have trained a lot of spam over the last 2 weeks that 
are very similar to this one and unfortunately the new messages are 
getting through.


Post 3 similar messages on pastbin so that we can determine a common 
factor between them. Use pastbin, not this list to post the message.

Re: New spam-to me-and how do I stop.

[Craig]

>>> Randy  1/6/2009 2:18 PM >>>
Craig wrote:
> Hello All-
>  
> I have recently been getting MANY spam slipping through Spamassassin 
> and I am looking for help on how to stop.  I have used Spamassassin 
> with Bayes successfully for many years now and once I train the system 
> on new spam, the system does an excellent job of stopping. These 
> messages are very short and include a link.  The subject is usually 
> regarding watches, or are thinly disguised viagra ads. Many are sent 
> from aim.com Below is header info and below that is the Spamassassin 
> output of an email that has slipped through. 
>
>
>  0.0 BAYES_50   BODY: Bayesian spam probability is 40 to 60%
> [score: 0.5000]
Content analysis details:   (3.3 points, 5.0 required)

Train the messages as spam with sa-learn which should add 3.5 to the score.

3.5+3.3=6.8
6.8 > 5.0 = spam
 
thanks for your quick reply-
 
You are correct if I teach the system this email it will score as spam.  But, I 
have trained a lot of spam over the last 2 weeks that are very similar to this 
one and unfortunately the new messages are getting through.

Re: New spam-to me-and how do I stop.

[Evan Platt]

Scored a 6.2 on my system. Were those the full headers?


Content analysis details:   (6.2 points, 5.0 required)

 pts rule name  description
 -- --
-1.4 ALL_TRUSTEDPassed through trusted hosts only via SMTP
 3.3 TVD_RCVD_IP4   TVD_RCVD_IP4
 1.6 TVD_RCVD_IPTVD_RCVD_IP
 2.7 MISSING_MIME_HB_SEPBODY: Missing blank line between MIME header and
body


At 12:07 PM 1/6/2009, you wrote:

Hello All-

I have recently been getting MANY spam slipping through Spamassassin 
and I am looking for help on how to stop.  I have used Spamassassin 
with Bayes successfully for many years now and once I train the 
system on new spam, the system does an excellent job of stopping. 
These messages are very short and include a link.  The subject is 
usually regarding watches, or are thinly disguised viagra ads. Many 
are sent from aim.com Below is header info and below that is the 
Spamassassin output of an email that has slipped through.


Specs:
SA 3.17
With Bayes integration, DNS testing.

Thanks
Craig

To: gillian.gr...@btinternet.com
Subject: Private Message.
Date: Tue, 06 Jan 2009 14:36:43 -0500
X-AOL-IP: 81.37.21.218
X-MB-Message-Source: WebUI
MIME-Version: 1.0
From: omqdwc63...@aim.com
X-MB-Message-Type: User
Content-Type: multipart/alternative;
 boundary="MB_8CB3E4D3D238A60_FE4_95E_Webmail-mg02.sim.aol.com"
X-Mailer: AIM WebMail 40627-STANDARD
Received: from 81.37.21.218 by Webmail-mg02.sim.aol.com 
(64.12.142.150) with HTTP (WebMailUI); Tue, 06 Jan 2009 14:36:43 -0500
Message-Id: 
<8cb3e4d3d212802-fe4-...@webmail-mg02.sim.aol.com>

X-Spam-Flag:YES


--MB_8CB3E4D3D238A60_FE4_95E_Webmail-mg02.sim.aol.com
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"

Don't fail in the bed games. Try THIS.

50 percent add present

>>>?http://www.ecbdollar.com/sp.php?<<<;


___


Spam detection software, running on the system 
"spam_server.unitedwayqc.lcl", has

identified this incoming email as possible spam.  The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email.  If you have any questions, see
ccanfi...@unitedwayqc.org for details.

Content preview:  Breakthrough formula for men 50 percent add present
  >>>?http://www.canada-cz.com/sp.php?<<<; [...]

Content analysis details:   (3.3 points, 5.0 required)

 pts rule name  description
 -- --
 1.0 NO_REAL_NAME   From: does not include a real name
 2.2 FROM_HAS_MIXED_NUMSFrom: contains numbers mixed in with letters
 0.0 UNPARSEABLE_RELAY  Informational: message has unparseable 
relay lines

 0.1 HTML_50_60 BODY: Message is 50% to 60% HTML
 0.0 HTML_MESSAGE   BODY: HTML included in message
 0.0 BAYES_50   BODY: Bayesian spam probability is 40 to 60%
[score: 0.5000]

Re: New spam-to me-and how do I stop.

[Bob McClure Jr]

On Tue, Jan 06, 2009 at 02:07:38PM -0600, Craig wrote:
> Hello All-
>  
> I have recently been getting MANY spam slipping through Spamassassin and I am 
> looking for help on how to stop.  I have used Spamassassin with Bayes 
> successfully for many years now and once I train the system on new spam, the 
> system does an excellent job of stopping. These messages are very short and 
> include a link.  The subject is usually regarding watches, or are thinly 
> disguised viagra ads. Many are sent from aim.com Below is header info and 
> below that is the Spamassassin output of an email that has slipped through.  
>  
> Specs:
> SA 3.17
> With Bayes integration, DNS testing.
>  
> Thanks
> Craig
>  
> To: gillian.gr...@btinternet.com 
> Subject: Private Message.
> Date: Tue, 06 Jan 2009 14:36:43 -0500
> X-AOL-IP: 81.37.21.218
> X-MB-Message-Source: WebUI
> MIME-Version: 1.0
> From: omqdwc63...@aim.com 
> X-MB-Message-Type: User
> Content-Type: multipart/alternative; 
>  boundary="MB_8CB3E4D3D238A60_FE4_95E_Webmail-mg02.sim.aol.com"
> X-Mailer: AIM WebMail 40627-STANDARD
> Received: from 81.37.21.218 by Webmail-mg02.sim.aol.com (64.12.142.150) with 
> HTTP (WebMailUI); Tue, 06 Jan 2009 14:36:43 -0500
> Message-Id: <8cb3e4d3d212802-fe4-...@webmail-mg02.sim.aol.com>
> X-Spam-Flag:YES
>  
> 
> --MB_8CB3E4D3D238A60_FE4_95E_Webmail-mg02.sim.aol.com
> Content-Transfer-Encoding: 7bit
> Content-Type: text/plain; charset="us-ascii"
>  
> Don't fail in the bed games. Try THIS.
>  
> 50 percent add present
>  
> >>>?http://www.ecbdollar.com/sp.php?<<<;
>  
>  
> ___
>  
>  
> Spam detection software, running on the system "spam_server.unitedwayqc.lcl", 
> has
> identified this incoming email as possible spam.  The original message
> has been attached to this so you can view it (if it isn't spam) or label
> similar future email.  If you have any questions, see
> ccanfi...@unitedwayqc.org for details.
>  
> Content preview:  Breakthrough formula for men 50 percent add present
>   >>>?http://www.canada-cz.com/sp.php?<<<; [...] 
>  
> Content analysis details:   (3.3 points, 5.0 required)
>  
>  pts rule name  description
>  -- --
>  1.0 NO_REAL_NAME   From: does not include a real name
>  2.2 FROM_HAS_MIXED_NUMSFrom: contains numbers mixed in with letters
>  0.0 UNPARSEABLE_RELAY  Informational: message has unparseable relay lines
>  0.1 HTML_50_60 BODY: Message is 50% to 60% HTML
>  0.0 HTML_MESSAGE   BODY: HTML included in message
>  0.0 BAYES_50   BODY: Bayesian spam probability is 40 to 60%
> [score: 0.5000]

Directly from our local.cf:
= 8< snip -
# We've (or at least the webmaster has) had a problem with spam
# from aim.com users, coming from AOL servers.  After much training,
# they hit BAYES_99, but not enough other rules to go over the edge.
# These are designed to handle that.
header __RLM_RCVD_FROM_AOL Received =~ /from .*\.aol\.com/
header __RLM_FROM_AIM_USER From =~ /\...@aim\.com/
meta RLM_AIM_SPAM (__RLM_RCVD_FROM_AOL && __RLM_FROM_AIM_USER)
# Most of this already scores 3.5.
score RLM_AIM_SPAM 1.6
= 8< snip -

Set your score to push them over the threshold.  Much more than that
and you risk FPs.

Cheers,
-- 
Bob McClure, Jr. Bobcat Open Systems, Inc.
b...@bobcatos.com http://www.bobcatos.com
My son, do not despise the LORD's discipline and do not resent his
rebuke, because the LORD disciplines those he loves, as a father the
son he delights in.  Proverbs 3:11-12 (NIV)

Re: New spam-to me-and how do I stop.

[Randy]

Craig wrote:

Hello All-
 
I have recently been getting MANY spam slipping through Spamassassin 
and I am looking for help on how to stop.  I have used Spamassassin 
with Bayes successfully for many years now and once I train the system 
on new spam, the system does an excellent job of stopping. These 
messages are very short and include a link.  The subject is usually 
regarding watches, or are thinly disguised viagra ads. Many are sent 
from aim.com Below is header info and below that is the Spamassassin 
output of an email that has slipped through. 



 0.0 BAYES_50   BODY: Bayesian spam probability is 40 to 60%
[score: 0.5000]

Content analysis details:   (3.3 points, 5.0 required)

Train the messages as spam with sa-learn which should add 3.5 to the score.

3.5+3.3=6.8
6.8 > 5.0 = spam

Re: more habeas spam

[rafa]

Jason Bertoch wrote:

-Original Message-
From: Kai Schaetzl [mailto:mailli...@conactive.com]
Sent: Tuesday, January 06, 2009 1:31 PM
To: users@spamassassin.apache.org
Subject: Re: more habeas spam



There is also bug 5977 for BSP who still doesn't have a clear way to file a
complaint.  I just received a spam matching both RCVD_IN_BSP_TRUSTED and
RCVD_IN_DNSWL_LOW.  Personally, I'd prefer to see all of these white list
rules go away.


You can request DNSWL to move that IP to NONE.

RE: more habeas spam

[Jason Bertoch]

> -Original Message-
> From: Kai Schaetzl [mailto:mailli...@conactive.com]
> Sent: Tuesday, January 06, 2009 1:31 PM
> To: users@spamassassin.apache.org
> Subject: Re: more habeas spam
> 

There is also bug 5977 for BSP who still doesn't have a clear way to file a
complaint.  I just received a spam matching both RCVD_IN_BSP_TRUSTED and
RCVD_IN_DNSWL_LOW.  Personally, I'd prefer to see all of these white list
rules go away.

Re: What multibyte character encoding convention is this?

[BChasm]

They almost look like chord notations...

On Tue, Jan 6, 2009 at 5:31 AM, Kai Schaetzl wrote:

> Robert Nicholson wrote on Mon, 5 Jan 2009 23:25:00 -0600:
>
> > What is the convention being used here for encoding these mulitbyte
> > chars?
>
> I'd say none :-)
>
> Kai
>
> --
> Kai Schätzl, Berlin, Germany
> Get your web at Conactive Internet Services: http://www.conactive.com
>
>
>
>


-- 
http://beckoningchasm.com

Bayes and last journal sync atime

[Kai Schaetzl]

I find that "last journal sync atime" is 0 on my Bayes setups that use 
MySQL. So, can I assume that there is no journal (well, there's no table 
and file for it, anyway) and stuff is added directly to the database? 
(which makes sense).
However, looking at my setups that still use dbm files I find that the 
"last journal sync atime" is completely wrong on them. e.g. if I do a
sa-learn --sync the "last journal sync atime" doesn't change and it's 
months old.

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com

Re: more habeas spam

[Kai Schaetzl]

Greg Troxel wrote on Tue, 06 Jan 2009 10:51:57 -0500:

> In https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5902 I asked

I read that bug report now and followed the link to the ruleqa. I have a 
slightly 
different twist on that: should rules with such a low hit rate (whatever they 
hit) 
have such high
scores? I mean, just a few hits on the "other side" will "out-balance" such
a rule quickly. Should such a rule be allowed to have such a great influence?
It appears to me that the HABEAS rules are hitting only a very tiny fraction of 
mail, many of the nightly mass-checks don't have a hit at all (or is it that 
those 
checks don't contain any network checks?). The aggregated view shows no hits at 
all 
for these rules. 
I'm not sure if I'm reading the ruleqa correctly, although I read it's help.
1. I'm wondering why many rules show a score of 0.0
2. do I understand it correctly that a nightly check contains only the spam
received over the last 24 hours?
3. I don't see any explanation for s/o and rank. (Rank seems to be some sort of 
ranking according to the hit rate, but I find it hardly understandable that a 
rule 
that hits a lot of messages, like URIBL_SURBL, scores 1.0 as rank and a rule 
that 
hits almost no messages still scores at half of that. s/o seems to show the 
ham/spam ratio cleanliness?)

There's also something wrong with the ruleqa.cgi. When I click a rule to get 
the 
explanation I get a software error at the bottom, for instance:
http://ruleqa.spamassassin.org/20090103-r730938-n/HABEAS_ACCREDITED_SOI/detail

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com

more habeas spam

[Greg Troxel]

I have once again been spammed by a habeas-accredited sender.  This time
it's also in senderbase, and thus got a whopping -8.6 from those two
combined.  Perhaps one rule should be dropped - two rules controlled by
the same organization having additive scores doesn't seem right.

spample and SA output at

  http://www.lexort.com/spam/birthday.txt
  http://www.lexort.com/spam/birthday.out

I looked at http://www.senderscorecertified.com and was unable to find a
complaint address.

On December 6, I got another spam that was habeas-accredited and
complained

  To: safel...@returnpath.net,complai...@habeas.com

See the "rewards" msg at http://www.lexort.com/spam/.  This is pretty
egregious spam, with the usual fraudulent claim that I signed up.  I
have heard nothing back and the sender is still accredited, but now as
SOI rather than COI.

In https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5902 I asked
why HABEAS_ACCREDITED_SOI still got a negative score, and after posting
in public did get a response from habeas.  But my experience has been
that non-public complaints are ignored.

I realize that HABEAS_ACCREDITED_SOI has or had a reasonable ruleqa
value.  But, I wonder if SA should apply higher standards than that, and
not give negative scores to databases that don't behave reasonably.


pgpnbwBIu5Ymv.pgp
Description: PGP signature

Re: Change the score of BAYES_9*

[Ned Slider]

Matt Kettler wrote:

The Doctor wrote:
I wish to make a system-wide change for BAYES_95 and BAYES_99 to 
score 1000.0 .  999.999% of those e-mail scoringthat high 
are worthy of GTUBE status.


How can make that change systemwide?
  

in local.cf add:

score BAYES_95 1000.0
score BAYES_99 1000.0

If you use spamd or an API level tool that caches a Mail::SpamAssassin
object (ie: MailScanner), it will need to be restarted to read the new
config.

However, I will warn you this is a bit dangerous. Theoretically, the
false positive rate of those two should be 5%. (ie: 5% of the mail they
match is nonspam mail).

That said, I also don't understand why such a strong score. That's
higher than a manual whitelisting will compensate for (-100). Do you
really want this to be so high that it over-rides your explicit
whitelists? Why not use something like 20 or 50?

GTUBE is scored so high because it needs to over-ride any whitelisting.
But nothing else should ever need such a high score.




I agree that in the case of a well trained Bayes system it's useful to 
increase the scores for BAYES_99 and BAYES_95 (and likewise maybe 
increase the negative scores for BAYES_00 and BAYES_05), but I typically 
set these to around the spam threshold score so hits against them should 
have the mail marked as spam but there is also scope for hits against 
any negatively scoring rules to correct against any FP hits on Bayes 
(which in my experience are extremely rare - YMMV).


As Matt says, I see little advantage to setting Bayes scoring much above 
the spam threshold.

Re: Change the score of BAYES_9*

[Matt Kettler]

The Doctor wrote:
> I wish to make a system-wide change for BAYES_95 and BAYES_99 to 
> score 1000.0 .  999.999% of those e-mail scoringthat high 
> are worthy of GTUBE status.
>
> How can make that change systemwide?
>   
in local.cf add:

score BAYES_95 1000.0
score BAYES_99 1000.0

If you use spamd or an API level tool that caches a Mail::SpamAssassin
object (ie: MailScanner), it will need to be restarted to read the new
config.

However, I will warn you this is a bit dangerous. Theoretically, the
false positive rate of those two should be 5%. (ie: 5% of the mail they
match is nonspam mail).

That said, I also don't understand why such a strong score. That's
higher than a manual whitelisting will compensate for (-100). Do you
really want this to be so high that it over-rides your explicit
whitelists? Why not use something like 20 or 50?

GTUBE is scored so high because it needs to over-ride any whitelisting.
But nothing else should ever need such a high score.

Change the score of BAYES_9*

[The Doctor]

I wish to make a system-wide change for BAYES_95 and BAYES_99 to 
score 1000.0 .  999.999% of those e-mail scoringthat high 
are worthy of GTUBE status.

How can make that change systemwide?

-- 
Member - Liberal International  
This is doc...@nl2k.ab.ca   Ici doc...@nl2k.ab.ca
God, Queen and country! Beware Anti-Christ rising! 
Birthdate: 29 Jan 1969 Redhill Surrey England

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Re: What multibyte character encoding convention is this?

[Kai Schaetzl]

Robert Nicholson wrote on Mon, 5 Jan 2009 23:25:00 -0600:

> What is the convention being used here for encoding these mulitbyte  
> chars?

I'd say none :-)

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com