emailreg.org (was: zen.spamhaus.org)

[SM]

Hi Rob,
At 12:52 07-04-2009, Rob McEwen wrote:

I had no idea that emailreg.org was owned and operated by Barracuda. I


http://www.barracudacentral.org/about/emailreg
http://www.emailreg.org/index.cgi?p=about


But, as the post you mentioned said, emailreg.org resolves to
64.235.146.64 and arin.net shows that 64.235.146.64 is clearly in
Barracuda's assigned address space. I'll tell you right now... this is
BIG and EASY money. Very BIG and very EASY money. I suspect they are
pulling in hundreds... maybe even thousands... of those $20 payments per
day.


The usage policy at http://www.emailreg.org/index.cgi?p=policy 
mentions that there is a $20 registration fee to "discourage domain 
tasters from sending spam and to further verify the contact information".



(if I seem upset about this... read between the lines... and you might
understand why)


Are you upset because people are paying money to a site with a domain 
owner hidden by the Whois privacy registration? :-)  Some antispam 
offers are big and easy money as there's always somebody ready to pay 
or to jump on the bandwagon because it is free.


Regards,
-sm 

Re: livejournal?

[Benny Pedersen]

On Fri, April 10, 2009 00:10, McDonald, Dan wrote:

[snip]
> If I were to add util_rb_2tld livejournal.com to local-foo.cf, would
> the presence of uridnsbl_skip_domain prevent it from being
> checked?  And if so, how do I "unskip" that domain?

no its just subdomain that might be blacklisted in url, and the
domain is still whitelisted

-- 
http://localhost/ 100% uptime and 100% mirrored :)

livejournal?

[McDonald, Dan]

I notice that uribl is listing livejournal.com as a util_rb_2tld host,
but http://daryl.dostech.ca/sa-update/sare/90_2tld.cf doesn't have
livejournal.com yet, and updates_spamassassin_org/25_uribl.cf has
livejournal.com listed in uridnsbl_skip_domain.

If I were to add util_rb_2tld livejournal.com to local-foo.cf, would the
presence of uridnsbl_skip_domain prevent it from being checked?  And if
so, how do I "unskip" that domain?




-- 
Daniel J McDonald, CCIE #2495, CISSP #78281, CNX
Austin Energy
http://www.austinenergy.com



signature.asc
Description: This is a digitally signed message part

Re: Spam Rats - does anyone know them?

[mouss]

Matus UHLAR - fantomas a écrit :
>>> What I am complaining about is that the IP is reported to be dynamic
>>> because it does not have hostname that follows kind of sick rules.
> 
> On 09.04.09 01:28, Mark wrote:
>> Their rules DO seem a mite odd:
>>
>> "Also remember, according to Best Practises, having a reverse DNS that
>> appears to be part of your upstream provider is not good enough for an
>> email server. adsl.23.204.205.upstream.com means that it is an IP address
>> they are responsible for."
>>
>> 'Having a reverse DNS that appears to be part of your upstream provider'
>> as opposed to what exactly? HELO? That's fixed easily enough. :) What they
>> seem to say, if I read them correctly, is that they'll reject when it
>> looks to be from a dynamic pool belonging to upstream.com.
> 
> Well, there's no "adsl", no part of IP, nothing that would indicate the
> address being dynamic. Generic, maybe. Dynamic, no way.
> 
>>> And if I'd send mail from a0.fantomas.cust.gts.sk, would it?
>> Well, that's the thing, ain't it? As opposed to what? If your PTR were
>> 'a0.fantomas.cust.gts.sk' and you sent mail with HELO
>> 'fantomas.fantomas.sk'? More likely, they'd just reject on the 'cust'
>> part, or the digits.
> 
> Their page does not say anything about the HELO string. The IP (of the
> format above, ok, let's say it's a0.fantomas.ba.cust.gts.sk) is now
> registered as dynamic and does not follow the "reverse hostname naming
> convention".
> 
>>> Even if that record would be listed in SPF?
>> SPF checks against the envelope-from domain part (or HELO, in certain
>> circumstances). So, with SPF you could authorize 'a0.fantomas.cust.gts.sk'
>> to send mail on behalf of 'fantomas.sk', but that will not prevent Spam
>> Rats from identifying 'a0.fantomas.cust.gts.sk' as appearing to be part
>> of your upstream provider; so they'd probably reject the connection
>> anyway.
> 
> That's the question. I do not object against listing of a spammer, but
> dynamic? naming convention? Will they block host if it spams, if it sends
> mail from gmail com and the hostname is qw-out-1920.google.com which looks
> like their upstream provider?
> 
> 
> OK, I don't want to bitch, I'm searching for some valid informations, mostly
> about their "best practices". 

the thing is: use your own name. avoid a name that may be used by a
spammer.

lte's take an example. look at:
mon75-10-82-239-111-76.fbx.proxad.net.
This is a generic IP. such names are used both for static and dynamic
IPs. and spam gets out of such hosts, be them static or dynamic (it
really doesn't matter). In short, the fact that it is dynamic or not is
irrelevant.

now, if you get spam from such hosts, you want to get infos about the
host. if it is 82.239.111.75, you do
$ host 82.239.111.75
75.111.239.82.in-addr.arpa domain name pointer ouzoud.netoyen.net.
you could either contact me or block my domain.

but if you get mail from *.$isp, you can contact the isp (good luck) or
block a large part (IP or domain).

BTW google for "ennemies list". it is used by some sites. (but it should
be "safer" than magiclinux...)

Re: Spam Rats - does anyone know them?

[mouss]

McDonald, Dan a écrit :
> On Wed, 2009-04-08 at 23:49 +0200, mouss wrote:
>> Matus UHLAR - fantomas a écrit :
>>> Even if that record would be listed in SPF?
>>>
>> SPF again? any spammer can buy a domain and add arbitrary IPs to the SPF
>> record. you know about fast flux, right?
> 
> You are thinking of SPF at the wrong layer.  

No, I am not. I was saying that the fact that one sets up SPF record
doesn't mean he can use generic hostnames. maybe I was too "concise".

> It is a "non-repudiation"
> tool.  When I create an SPF record, I am asserting that anything that
> matches that policy is my responsibility. 

Unfortunately, this is not the general case. or more precisely, people
claim responsibility too easily.

yes, I do use SPF "statically" (static whitelisting of IPs after I
checked their infos, or via whitelist_from_* in SA).

> Whether you might want to
> whitelist (or blacklist!) anything matching that policy is a function of
> my perceived reputation to you.
> 
> But at least it gives me a clue.  There is no reason to send a DSN in
> response to a message that fails SPF.  And there is no reason to accept
> a message on a whitelist if it fails SPF.
> 
> 

I don't check SPF at smtp time. so it is theoritically possible that I
return a bounce (disk full or so) but this shouldn't happen. and if it
does, it will be fixed, without regard to SPF. the rationale is:
- "bad" bounces shouldn't be sent even if the domain has no SPF record
- if things are done "right", bad bounces should rarely occur.

Re: Spam Rats - does anyone know them?

[Neil Schwartzman]

On 09/04/09 4:06 PM, "McDonald, Dan"  wrote:

> I won't block on it alone, but if someone wants a whitelist entry, they
> have to have rDNS correct.  And preferably an SPF or DKIM policy

Well, an Sender ID-compliant SPF record has long been a requirement for our
Certified and Safelist whitelists, and we are rolling out DKIM as a
requirement sometime this year.

-- 
Neil Schwartzman
Director, Accreditation Security & Standards
Certified | Safelist
Return Path Inc.
0142002038

Re: Spam Rats - does anyone know them?

[McDonald, Dan]

On Thu, 2009-04-09 at 15:55 -0400, Neil Schwartzman wrote:
> On 09/04/09 2:35 PM, "Matus UHLAR - fantomas"  wrote:
> 
> > That's the question. I do not object against listing of a spammer, but
> > dynamic? naming convention? Will they block host if it spams, if it sends
> > mail from gmail com and the hostname is qw-out-1920.google.com which looks
> > like their upstream provider?
> > 
> > 
> > OK, I don't want to bitch, I'm searching for some valid informations, mostly
> > about their "best practices".
> 
> Well there certainly has been some discussion on the MAAWG senders' list
> about naming conventions and clarity or rDNS resolution HELO, and so on and
> it is something *we* recommend to our certified and safelisted clients
> (beyond FQ rDSN which is a requirement), but blocking on something that is
> far far far from an industry standard? I'd suggest that is silly at best,
> but "do tell us how that works out for you" as the phrase goes.

I won't block on it alone, but if someone wants a whitelist entry, they
have to have rDNS correct.  And preferably an SPF or DKIM policy



-- 
Daniel J McDonald, CCIE #2495, CISSP #78281, CNX
Austin Energy
http://www.austinenergy.com



signature.asc
Description: This is a digitally signed message part

Re: Spam Rats - does anyone know them?

[Neil Schwartzman]

BWA HAHAHAHA

Someone here isn't just using SA.

Got a bounce saying I said a bad word. For the record, it wasn't me.

Microsoft Antigen for SMTP found a message matching a filter. The message is
currently Purged.
Message: "Re_ Spam Rats _ does anyone know them_"
Filter name: "KEYWORD= profanity: bitch;sexual discrimination: bitch"
Sent from: "Neil Schwartzman "
Folder: "SMTP Messages\Inbound"
Location: "psp/TRACYSV05"



On 09/04/09 3:55 PM, "Neil Schwartzman" 
wrote:

> On 09/04/09 2:35 PM, "Matus UHLAR - fantomas"  wrote:
> 
>> That's the question. I do not object against listing of a spammer, but
>> dynamic? naming convention? Will they block host if it spams, if it sends
>> mail from gmail com and the hostname is qw-out-1920.google.com which looks
>> like their upstream provider?
>> 
>> 
>> OK, I don't want to bitch, I'm searching for some valid informations, mostly
>> about their "best practices".
> 
> Well there certainly has been some discussion on the MAAWG senders' list
> about naming conventions and clarity or rDNS resolution HELO, and so on and
> it is something *we* recommend to our certified and safelisted clients
> (beyond FQ rDSN which is a requirement), but blocking on something that is
> far far far from an industry standard? I'd suggest that is silly at best,
> but "do tell us how that works out for you" as the phrase goes.

-- 
Neil Schwartzman
Director, Accreditation Security & Standards
Certified | Safelist
Return Path Inc.
0142002038

Re: Spam Rats - does anyone know them?

[Neil Schwartzman]

On 09/04/09 2:35 PM, "Matus UHLAR - fantomas"  wrote:

> That's the question. I do not object against listing of a spammer, but
> dynamic? naming convention? Will they block host if it spams, if it sends
> mail from gmail com and the hostname is qw-out-1920.google.com which looks
> like their upstream provider?
> 
> 
> OK, I don't want to bitch, I'm searching for some valid informations, mostly
> about their "best practices".

Well there certainly has been some discussion on the MAAWG senders' list
about naming conventions and clarity or rDNS resolution HELO, and so on and
it is something *we* recommend to our certified and safelisted clients
(beyond FQ rDSN which is a requirement), but blocking on something that is
far far far from an industry standard? I'd suggest that is silly at best,
but "do tell us how that works out for you" as the phrase goes.

-- 
Neil Schwartzman
Director, Accreditation Security & Standards
Certified | Safelist
Return Path Inc.
0142002038

Re: Spam Rats - does anyone know them?

[McDonald, Dan]

On Wed, 2009-04-08 at 23:49 +0200, mouss wrote:
> Matus UHLAR - fantomas a écrit :
> > Even if that record would be listed in SPF?
> > 
> 
> SPF again? any spammer can buy a domain and add arbitrary IPs to the SPF
> record. you know about fast flux, right?

You are thinking of SPF at the wrong layer.  It is a "non-repudiation"
tool.  When I create an SPF record, I am asserting that anything that
matches that policy is my responsibility.  Whether you might want to
whitelist (or blacklist!) anything matching that policy is a function of
my perceived reputation to you.

But at least it gives me a clue.  There is no reason to send a DSN in
response to a message that fails SPF.  And there is no reason to accept
a message on a whitelist if it fails SPF.


-- 
Daniel J McDonald, CCIE #2495, CISSP #78281, CNX
Austin Energy
http://www.austinenergy.com



signature.asc
Description: This is a digitally signed message part

Re: Spam Rats - does anyone know them?

[Matus UHLAR - fantomas]

> > What I am complaining about is that the IP is reported to be dynamic
> > because it does not have hostname that follows kind of sick rules.

On 09.04.09 01:28, Mark wrote:
> Their rules DO seem a mite odd:
> 
> "Also remember, according to Best Practises, having a reverse DNS that
> appears to be part of your upstream provider is not good enough for an
> email server. adsl.23.204.205.upstream.com means that it is an IP address
> they are responsible for."
> 
> 'Having a reverse DNS that appears to be part of your upstream provider'
> as opposed to what exactly? HELO? That's fixed easily enough. :) What they
> seem to say, if I read them correctly, is that they'll reject when it
> looks to be from a dynamic pool belonging to upstream.com.

Well, there's no "adsl", no part of IP, nothing that would indicate the
address being dynamic. Generic, maybe. Dynamic, no way.

> > And if I'd send mail from a0.fantomas.cust.gts.sk, would it?
> 
> Well, that's the thing, ain't it? As opposed to what? If your PTR were
> 'a0.fantomas.cust.gts.sk' and you sent mail with HELO
> 'fantomas.fantomas.sk'? More likely, they'd just reject on the 'cust'
> part, or the digits.

Their page does not say anything about the HELO string. The IP (of the
format above, ok, let's say it's a0.fantomas.ba.cust.gts.sk) is now
registered as dynamic and does not follow the "reverse hostname naming
convention".

> > Even if that record would be listed in SPF?
> 
> SPF checks against the envelope-from domain part (or HELO, in certain
> circumstances). So, with SPF you could authorize 'a0.fantomas.cust.gts.sk'
> to send mail on behalf of 'fantomas.sk', but that will not prevent Spam
> Rats from identifying 'a0.fantomas.cust.gts.sk' as appearing to be part
> of your upstream provider; so they'd probably reject the connection
> anyway.

That's the question. I do not object against listing of a spammer, but
dynamic? naming convention? Will they block host if it spams, if it sends
mail from gmail com and the hostname is qw-out-1920.google.com which looks
like their upstream provider?


OK, I don't want to bitch, I'm searching for some valid informations, mostly
about their "best practices". 
-- 
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
99 percent of lawyers give the rest a bad name. 

Re: bayes learn best practice

[Michael Scheidell]

Arthur Kerpician wrote:



I was thinking to increase bayes_auto_learn_threshold_spam to a higher 
number, so less spam is auto-learned. Is this ok?


I try to keep it a 10 to 1 ratio (dropping the _ham threshold and 
increasing the _spam threshold), basically, trying to mimic the global 
stats of a 10 to 1 spam/ham ratio.


No real reason for that, just superstition I guess!

--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNAP Network Security Corporation

   * Certified SNORT Integrator
   * 2008-9 Hot Company Award Winner, World Executive Alliance
   * Five-Star Partner Program 2009, VARBusiness
   * Best Anti-Spam Product 2008, Network Products Guide
   * King of Spam Filters, SC Magazine 2008


_
This email has been scanned and certified safe by SpammerTrap(r). 
For Information please see http://www.secnap.com/products/spammertrap/

_

Re: bayes learn best practice

[Arthur Kerpician]

Kai Schaetzl wrote:

Arthur Kerpician wrote on Thu, 09 Apr 2009 09:41:22 +0300:

  
The docs mention that after 5000 spam and ham learned, 
spamassassin doesn't improve spam detection much.



do they? What is meant is that once you reach some threshold the detection 
rate doesn't improve as good as before. You can't get any better as 
"nearly everything". But it will drop if no new tokens get added.


What is the best 
  
practice to optimize the bayes detection? Should I stop auto-learning 
after reaching the 5000 mark and than re-train from time to time from 
scratch?



No, keep the automatic training (unless there are too many FPs in the 
autotrained messages). Do a regular manual expire, so old tokens are 
purged out.
  
I don't get many FPs or FNs after upgrading to 3.2.5 and retraining 
bayes. But, if I keep auto-learning enabled, I should monitor the 
trained spam and ham levels and manual train ham when the spam exceeds 
it (as it will always exceed ham level). So from time to time I should 
feed ham manually to sa-learn, until it reaches the spam level again. Is 
this correct? If it is, I think it's rather time-consuming to always 
check the trained ham/spam and level them.


I was thinking to increase bayes_auto_learn_threshold_spam to a higher 
number, so less spam is auto-learned. Is this ok?

Re: unsubscribe

[Evan Platt]

As every header states:

list-unsubscribe: 


At 09:41 AM 4/9/2009, Juergen Boehm wrote:

unsubscribe

unsubscribe

[Juergen Boehm]

unsubscribe

Re: bayes learn best practice

[Kai Schaetzl]

Arthur Kerpician wrote on Thu, 09 Apr 2009 09:41:22 +0300:

> The docs mention that after 5000 spam and ham learned, 
> spamassassin doesn't improve spam detection much.

do they? What is meant is that once you reach some threshold the detection 
rate doesn't improve as good as before. You can't get any better as 
"nearly everything". But it will drop if no new tokens get added.

What is the best 
> practice to optimize the bayes detection? Should I stop auto-learning 
> after reaching the 5000 mark and than re-train from time to time from 
> scratch?

No, keep the automatic training (unless there are too many FPs in the 
autotrained messages). Do a regular manual expire, so old tokens are 
purged out.

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com

Re: Registry Barrier code

[Marc Perkel]

Thanks - that was what I was looking for.

Mark Martinec wrote:

Marc,

  

What source file is the registry barrier code in?



Mail/SpamAssassin/Util/RegistrarBoundaries.pm

but is slightly out of date, for example it does
not include registered IDN tld names:

XN--0ZWM56D
XN--11B5BS3A9AJ6G
XN--80AKHBYKNJ4F
XN--9T4B11YI5A
XN--DEBA0AD
XN--G6W251D
XN--HGBK6AJ7F53BBA
XN--HLCJ6AYA9ESC7A
XN--JXALPDLP
XN--KGBECHTV
XN--ZCKZAH

(source: http://data.iana.org/TLD/tlds-alpha-by-domain.txt)

  Mark

  

Re: Registry Barrier code

[Justin Mason]

On Thu, Apr 9, 2009 at 16:31, Justin Mason  wrote:
> On Thu, Apr 9, 2009 at 16:14, Mark Martinec  wrote:
>> Marc,
>>
>>> What source file is the registry barrier code in?
>>
>> Mail/SpamAssassin/Util/RegistrarBoundaries.pm
>>
>> but is slightly out of date, for example it does
>> not include registered IDN tld names:
>>
>> XN--0ZWM56D
>> XN--11B5BS3A9AJ6G
>> XN--80AKHBYKNJ4F
>> XN--9T4B11YI5A
>> XN--DEBA0AD
>> XN--G6W251D
>> XN--HGBK6AJ7F53BBA
>> XN--HLCJ6AYA9ESC7A
>> XN--JXALPDLP
>> XN--KGBECHTV
>> XN--ZCKZAH
>>
>> (source: http://data.iana.org/TLD/tlds-alpha-by-domain.txt)
>
>
> !!!
>
> can you open a bug?

oh wait --
http://en.wikipedia.org/wiki/Top-level_domain :

'RFC 2606 reserves the following four top-level domain names for
various purposes, with the intention that these should not be used in
production networks within the global domain name system:

* .example: reserved for use in examples
* .invalid: reserved for use in obviously invalid domain names
* .localhost: reserved to avoid conflict with the traditional use
of localhost
* .test: reserved for use in tests

In 2007 eleven other internationalized ".test" TLDs were created:[2][3]

   1. .xn--kgbechtv   Arabic (.إختبار)
   2. .xn--hgbk6aj7f53bba Persian (.آزمایشی)
   3. .xn--0zwm56dChinese, simplified (.测试)
   4. .xn--g6w251dChinese, traditional (.測試)
   5. .xn--80akhbyknj4f   Cyrillic (.испытание)
   6. .xn--11b5bs3a9aj6g  Hindi (.परीक्षा)
   7. .xn--jxalpdlp   Greek (.δοκιμή)
   8. .xn--9t4b11yi5a Korean (.테스트)
   9. .xn--deba0adYiddish (.טעסט)
  10. .xn--zckzah Japanese (.テスト)
  11. .xn--hlcj6aya9esc7a Tamil (.பரிட்சை)'

--j.

Re: Slightly OT: identifying IP source locations

[Kai Schaetzl]

John Rudd wrote on Wed, 8 Apr 2009 12:44:29 -0700:

> 1) Does anyone know of a convenient command line tool (perl library
> being ideal) that lets you give it an IP address, and it tells you the
> country and/or continent (and that's it)?

google for GeoIP.

> 
> 2) similarly, does anyone know of a command line tool where you can
> give it a country and/or continent, and it will generate concise IP
> addresses ranges (like A.B.C.D-E.F.G.H) that have been allocated to
> that country/continent? (and by "concise", I mean compacted into as
> few range statements as possible, to minimize the number of lines)

You want to block by country? milter-greylist has GeoIP support built-in 
and allows to black/grey/whitelist on country.

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com

Re: Registry Barrier code

[Justin Mason]

On Thu, Apr 9, 2009 at 16:14, Mark Martinec  wrote:
> Marc,
>
>> What source file is the registry barrier code in?
>
> Mail/SpamAssassin/Util/RegistrarBoundaries.pm
>
> but is slightly out of date, for example it does
> not include registered IDN tld names:
>
> XN--0ZWM56D
> XN--11B5BS3A9AJ6G
> XN--80AKHBYKNJ4F
> XN--9T4B11YI5A
> XN--DEBA0AD
> XN--G6W251D
> XN--HGBK6AJ7F53BBA
> XN--HLCJ6AYA9ESC7A
> XN--JXALPDLP
> XN--KGBECHTV
> XN--ZCKZAH
>
> (source: http://data.iana.org/TLD/tlds-alpha-by-domain.txt)


!!!

can you open a bug?

--j.

Re: Registry Barrier code

[Karsten Bräckelmann]

On Thu, 2009-04-09 at 07:25 -0700, Marc Perkel wrote:
> What source file is the registry barrier code in?

M::SA::Util::RegistrarBoundaries


-- 
char *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}

Re: Registry Barrier code

[Mark Martinec]

Marc,

> What source file is the registry barrier code in?

Mail/SpamAssassin/Util/RegistrarBoundaries.pm

but is slightly out of date, for example it does
not include registered IDN tld names:

XN--0ZWM56D
XN--11B5BS3A9AJ6G
XN--80AKHBYKNJ4F
XN--9T4B11YI5A
XN--DEBA0AD
XN--G6W251D
XN--HGBK6AJ7F53BBA
XN--HLCJ6AYA9ESC7A
XN--JXALPDLP
XN--KGBECHTV
XN--ZCKZAH

(source: http://data.iana.org/TLD/tlds-alpha-by-domain.txt)

  Mark

Re: bayes learn best practice

[John Hardin]

On Thu, 9 Apr 2009, Arthur Kerpician wrote:

I tried to manually keep both spam and ham at the same level in 
the bayes db but it seems that spamassassin is learning spam twice as 
fast as ham.


Not surprising, as raw email traffic has a very skewed spam:ham ratio. 
Surely you've heard the stats that "90% of all email is spam"?


The docs mention that after 5000 spam and ham learned, spamassassin 
doesn't improve spam detection much. What is the best practice to 
optimize the bayes detection? Should I stop auto-learning after reaching 
the 5000 mark and than re-train from time to time from scratch?


I'll let others comment on issues like disk space and scan time w/r/t 
bayes database size. For myself, I have a _very_ small userbase and do 
purely manual training with a small corpus. I have under 3000 tokens 
total and get good results.


Build good representative ham and spam corpa, and train any misses (FPs 
and FNs) going forward. Retain those messages. Unfortunately autolearn 
doesn't let you retain those messages.


Retraining from scratch is only really necessary if things have gone 
completely out of whack, and at that point you review your corpa carefully 
for misclassified messages, wipe and retrain. Bayes should only go bonkers 
if you have people manually training messages incorrectly, or (not too 
likely) if autolearn has taken a slightly-poor configuration and magnified 
the errors.


--
 John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
 jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org
 key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
---
  Gun Control enables genocide while doing little to reduce crime.
---
 4 days until Thomas Jefferson's 266th Birthday

Re: use_auto_whitelist error in lint

[realshock]

Jeff Mincy-2 wrote:
> 
>   
> 
> spamassassin -D --lint prints out the config files, eg:
>   spamassassin -D --lint 2>&1 | fgrep 'config: read file'
> 
> The use_auto_whitelist is in one of those config files.
> -jeff
> 
> 


Worked ... spamassassin --lint returning no errors > Rules update are back
to normal 

Thank you much for both :-)

-- 
View this message in context: 
http://www.nabble.com/use_auto_whitelist-error-in-lint-tp22963928p22972364.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.

Registry Barrier code

[Marc Perkel]

What source file is the registry barrier code in?

Thanks in advance.

Re: use_auto_whitelist error in lint

[Jeff Mincy]

   From: realshock 
   Date: Thu, 9 Apr 2009 06:56:05 -0700 (PDT)
   
   Matt Kettler-3 wrote:
   > Find out where else you've got "use_auto_whitelist 0" in your config,
   > and remove it. 
   > On the plus side, it does confirm you've correctly disabled the plugin.
   
   I searched all over the place, and following your directions, do you think
   this command will find where it is?
   # grep -iR use_auto_whitelist /*

spamassassin -D --lint prints out the config files, eg:
  spamassassin -D --lint 2>&1 | fgrep 'config: read file'

The use_auto_whitelist is in one of those config files.
-jeff

Re: use_auto_whitelist error in lint

[realshock]

Matt Kettler-3 wrote:
> 
> 
> Find out where else you've got "use_auto_whitelist 0" in your config,
> and remove it. 
> On the plus side, it does confirm you've correctly disabled the plugin.
> 
> 

I searched all over the place, and following your directions, do you think
this command will find where it is?
# grep -iR use_auto_whitelist /*

-- 
View this message in context: 
http://www.nabble.com/use_auto_whitelist-error-in-lint-tp22963928p22971450.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.

Re: The value chain of SpamAssassin

[Justin Mason]

hi --

I've answered a couple, and cc'd the message to the SA users list for more
feedback from other developers and contributors -- it's a lot of questions! ;)

--j.

On Wed, Apr 8, 2009 at 18:56, DEMBELE Mariam  wrote:
>
> Dear Mr Mason,
>
> I am doing my masters in "Information Management" at the University of
> Fribourg. I am doing a course called "Global Value Chain" given by Professor
> Pawel Dembinski, which analyzes the contribution of small and medium
> enterprises in creating value both nationally and globally.
>
> My working group is examining the value created by open source software
> programs. In order to do that, we need to choose a specific software program
> and use it as a use case. Your software program,SpamAssassin, retained our
> attention due to its well designed interface and the quality of its
> services.
>
> We visited your website in order to get some information, but we still have
> some questions about the model you applied. Your answers may be provided
> both in monetary value or percentages:
>
> - How do you assess the work force needed to produce SpamAssassin?

if you read the CREDITS file in the Spamassassin SVN repository that
will give an idea:
http://svn.apache.org/viewvc/spamassassin/trunk/CREDITS?view=markup

> - What expenses did you incur during the software production process?

For the most part, just our time ;)  although there may have been some travel
expenses that were borne by the individual contributors, too.

> - How do you describe the value created by your product?
> - How do you finance the development effort of this product?
> - Do you have intermediaries to distribute your product?
> - How do you benefit from this product, taking into consideration that it is
> free?
> - How frequently do you update your program?
> - What other parameters must be taken into account in the decomposition of
> the price of your software SpamAssassin?
>
> This information can help us understand the logic used in setting the
> pricing for software professionals and to show the completeness of the
> approach used. You would give us the opportunity to get a more practical
> insight of this course.
>
> Best regards,
>
> Mariam Dembélé.
>
>