RE: TEXTAREA style="visibility: hidden"
So, what exactly is bayes poison? Best regards, JD Smith -Original Message- From: Magnus Holmgren [mailto:[EMAIL PROTECTED] Sent: Thursday, April 13, 2006 8:58 AM To: users@spamassassin.apache.org Subject: TEXTAREA style="visibility: hidden" I see a fair amount of spam using to hide bayes poison. Shouldn't a rule against that, or CSS-hidden text in general, be worthwile? I couldn't find any in the default 3.1.1 ruleset, nor at SARE. -- Magnus Holmgren
bayes db issue
I recently switched to using mysql bayes. I am getting a [1135] dbg: bayes: unable to initialize database for root user, aborting! When I do spamassassin -d --lint any idea what I need to change? Best regards, JD Smith
RE: SpamAssassin Woes
Does amavisd-new happen to have a pre-built front-end similar to MailWatch? If not then it's no use to me as I don't have time to build one from scratch, especially not after the time I've already spent customizing MailWatch. Best regards, JD Smith -Original Message- From: Sipos Gabor [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 11, 2006 4:40 AM To: users@spamassassin.apache.org Subject: Re: SpamAssassin Woes Hello, If you are using postfix, don't use mailscanner, it uses a non-documented (and therefore not supported) access to the postfix queue files. Use amavisd-new instead to integrate postfix and spamassassin. Anyways, the default rules in spamassassin will NOT get you anything much than 70% in caught spam - that's what bayes is for. Train it with YOUR spam, not someone else's! Gabor Sipos > Greetings List: > My name is JD Smith and I have been put in charge of setting up a spam > solution for my organization. I have chosen to go with MailScanner + > Postfix + SA + MailWatch. > I have everything pretty much setup and it is working, however my spam > filtering is far from the 90th percentile.. I think I'm actually only > catching around 70% or something which is worse than our old solution. > I trained the bayes with a corpus of common spam that was recommended to > me by someone somewhere (I forget) when I first got started. Maybe I > need new updated rules? Does anyone have any suggestions on where I > might find a list of good, suggested rules to implement? > Best regards, > JD Smith -- This message has been scanned for viruses and dangerous content by ShooSpam, and is believed to be clean.
RE: SpamAssassin Woes
That is what I was beginning to suspect. Is there a way to untrain the emails I ran through it? It was a pretty large selection.. A few thousand of both spam and ham. I turned on auto-learning so it should start to pick things up on it's own without needing me to train it, no? Training on a per user basis could be difficult as this is a gateway scanning and feeding mail on to around ten or so domains some of which are rather large such as the Caddo Parish School Board that puts through around 10,000 mails per day. Best regards, JD Smith -Original Message- From: Sander Holthaus [mailto:[EMAIL PROTECTED] Sent: Monday, April 10, 2006 9:51 AM To: JD Smith Cc: users@spamassassin.apache.org Subject: Re: SpamAssassin Woes -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 JD Smith wrote: > Greetings List: > > My name is JD Smith and I have been put in charge of setting up a spam > solution for my organization. I have chosen to go with MailScanner + > Postfix + SA + MailWatch. > > I have everything pretty much setup and it is working, however my spam > filtering is far from the 90th percentile.. I think I'm actually only > catching around 70% or something which is worse than our old solution. > > I trained the bayes with a corpus of common spam that was recommended to > me by someone somewhere (I forget) when I first got started. Maybe I > need new updated rules? Does anyone have any suggestions on where I > might find a list of good, suggested rules to implement? > > Best regards, > > JD Smith > > Training Bayes with common spam is not the best way. It should be learned with Spam that is specific for your mail-accounts (or better, on a per account basis). SARE has some very good rules. The SpamAssassin Wiki should help you out further. Kind Regards, Sander Holthaus -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.2 (MingW32) iD8DBQFEOnDiVf373DysOTURAgIFAJ47fscgLgPAWiCYHmQC3JkEHhMRgQCghOUU ow7Vf7Ho9UZytJt41kJOCRs= =iG6f -END PGP SIGNATURE- -- This message has been scanned for viruses and dangerous content by ShooSpam, and is believed to be clean.
FW: SpamAssassin Woes
Forwarding, I ws replying directly to Martin for some reason. -Original Message- From: JD Smith Sent: Monday, April 10, 2006 9:51 AM To: 'Martin Hepworth' Subject: RE: SpamAssassin Woes Aye, that's in my lint so I guess I do have that turned on. :) I don't have a 88_FVGT_headers.cf anywhere. Could I possibly be missing some rules that are distributed by default? I just updated my rule list with a selection from SARE, hopefully that increases my effectiveness a decent bit. Was training my SA with that corpus a bad idea? From what I just read in the FAQ it seems like SA is already fairly well trained on generic messages and that it will auto learn my specific spam better... Could I have possible done more harm than good? It seemed to be more effective pre training. Best regards, JD Smith -Original Message- From: Martin Hepworth [mailto:[EMAIL PROTECTED] Sent: Monday, April 10, 2006 9:24 AM To: JD Smith Subject: RE: SpamAssassin Woes Looks like you're already the URI-RBL...you can check by looking at the output of the --lint you should see something akin to.. [89163] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC [89163] dbg: plugin: registered Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8d92d90) And [89163] dbg: dns: name server: 127.0.0.1, family: 2, ipv6: 0 [89163] dbg: dns: testing resolver nameservers: 127.0.0.1 [89163] dbg: dns: trying (3) msn.com... [89163] dbg: dns: looking up NS for 'msn.com' [89163] dbg: dns: NS lookup of msn.com using 127.0.0.1 succeeded => DNS available (set dns_available to override) [89163] dbg: dns: is DNS available? 1 If you check 88_FVGT_headers.cf you'll find a test for non-reverse DNS already - you just need to adjust the score to be over your threshold. Personnally I'd be careful about single rule triggering spam as this can lead to false positives. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -Original Message- > From: JD Smith [mailto:[EMAIL PROTECTED] > Sent: 10 April 2006 15:14 > To: Martin Hepworth > Subject: RE: SpamAssassin Woes > > My boss wanted me to flag mail coming in that doesn't have a valid RDNS > as spam. > > How do I turn on the new uri-rbl? There is no information on it in the > two .pre files nor do I see anything in the .cf file. > > Thanks for the SARE link, I'm going through it now. > > Best regards, > > JD Smith > > -Original Message- > From: Martin Hepworth [mailto:[EMAIL PROTECTED] > Sent: Monday, April 10, 2006 9:11 AM > To: JD Smith > Subject: RE: SpamAssassin Woes > > > We all gotta start somewhere... > > There's two different types of RBL's - > > 1. the 'traditional' RBL that looks at where the email has come from by > looking at the headers. > > I only run a couple of these inside SA - giving the rest a zero score in > spam.assassin.prefs.conf which turns off that RBL. > > 2. and the 'new' URI-RBL that looks at URL's in the message body... > > as for the RDNS lookups, what 'check' are you going to do with the > information from the RNDS? > > > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > -Original Message- > > From: JD Smith [mailto:[EMAIL PROTECTED] > > Sent: 10 April 2006 15:05 > > To: Martin Hepworth > > Subject: RE: SpamAssassin Woes > > > > It says URIDNSRBL is turned on. The -lint showed it checking a list > of > > RBLs. I assume this is what you meant? > > > > Is there a way to get SA to do RDNS lookups and flag as spam based > upon > > that also? Or is that something that should be done by MailScanner or > > Postfix? I've had to learn basically everything about mail from > scratch > > since I started this project so some of my questions probably seem > > uninformed... Because they are. ;) > > > > Best regards, > > > > JD Smith > > > > -Original Message- > > From: Martin Hepworth [mailto:[EMAIL PROTECTED] > > Sent: Monday, April 10, 2006 8:58 AM > > To: JD Smith > > Subject: RE: SpamAssassin Woes > > > > Hi > > > > Check out the SARE and other rules at > > > > www.rulesemporium.org > > > > Also make sure you've got the URI-RBL plugin installed and working > > (check > > the /etc/mail/spamassassin/*.pre files to see if the plugin is > > uncommented, > > and run "spamassassin -D --lint" to make sure it's being used). > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State
FW: SpamAssassin Woes
Forwarding this as I was replying directly to martin for some reason. -Original Message- From: JD Smith Sent: Monday, April 10, 2006 9:14 AM To: 'Martin Hepworth' Subject: RE: SpamAssassin Woes My boss wanted me to flag mail coming in that doesn't have a valid RDNS as spam. How do I turn on the new uri-rbl? There is no information on it in the two .pre files nor do I see anything in the .cf file. Thanks for the SARE link, I'm going through it now. Best regards, JD Smith -Original Message- From: Martin Hepworth [mailto:[EMAIL PROTECTED] Sent: Monday, April 10, 2006 9:11 AM To: JD Smith Subject: RE: SpamAssassin Woes We all gotta start somewhere... There's two different types of RBL's - 1. the 'traditional' RBL that looks at where the email has come from by looking at the headers. I only run a couple of these inside SA - giving the rest a zero score in spam.assassin.prefs.conf which turns off that RBL. 2. and the 'new' URI-RBL that looks at URL's in the message body... as for the RDNS lookups, what 'check' are you going to do with the information from the RNDS? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -Original Message- > From: JD Smith [mailto:[EMAIL PROTECTED] > Sent: 10 April 2006 15:05 > To: Martin Hepworth > Subject: RE: SpamAssassin Woes > > It says URIDNSRBL is turned on. The -lint showed it checking a list of > RBLs. I assume this is what you meant? > > Is there a way to get SA to do RDNS lookups and flag as spam based upon > that also? Or is that something that should be done by MailScanner or > Postfix? I've had to learn basically everything about mail from scratch > since I started this project so some of my questions probably seem > uninformed... Because they are. ;) > > Best regards, > > JD Smith > > -Original Message- > From: Martin Hepworth [mailto:[EMAIL PROTECTED] > Sent: Monday, April 10, 2006 8:58 AM > To: JD Smith > Subject: RE: SpamAssassin Woes > > Hi > > Check out the SARE and other rules at > > www.rulesemporium.org > > Also make sure you've got the URI-RBL plugin installed and working > (check > the /etc/mail/spamassassin/*.pre files to see if the plugin is > uncommented, > and run "spamassassin -D --lint" to make sure it's being used). > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > -Original Message- > > From: JD Smith [mailto:[EMAIL PROTECTED] > > Sent: 10 April 2006 14:49 > > To: users@spamassassin.apache.org > > Subject: SpamAssassin Woes > > > > Greetings List: > > > > My name is JD Smith and I have been put in charge of setting up a spam > > solution for my organization. I have chosen to go with MailScanner + > > Postfix + SA + MailWatch. > > > > I have everything pretty much setup and it is working, however my spam > > filtering is far from the 90th percentile.. I think I'm actually only > > catching around 70% or something which is worse than our old solution. > > > > I trained the bayes with a corpus of common spam that was recommended > to > > me by someone somewhere (I forget) when I first got started. Maybe I > > need new updated rules? Does anyone have any suggestions on where I > > might find a list of good, suggested rules to implement? > > > > Best regards, > > > > JD Smith > > > > ** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ** > > > -- > This message has been scanned for viruses and > dangerous content by ShooSpam, and is > believed to be clean. > > ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ** -- This message has been scanned for viruses and dangerous content by ShooSpam, and is believed to be clean.
SpamAssassin Woes
Greetings List: My name is JD Smith and I have been put in charge of setting up a spam solution for my organization. I have chosen to go with MailScanner + Postfix + SA + MailWatch. I have everything pretty much setup and it is working, however my spam filtering is far from the 90th percentile.. I think I'm actually only catching around 70% or something which is worse than our old solution. I trained the bayes with a corpus of common spam that was recommended to me by someone somewhere (I forget) when I first got started. Maybe I need new updated rules? Does anyone have any suggestions on where I might find a list of good, suggested rules to implement? Best regards, JD Smith