RE: Personal Rule

2005-09-29 Thread Mike Spamassassin 
I used the second option and had a couple of problems.
First problem was quickly solved; double underscores needed to stop the
header rules adding to the score.
Second problem is that the "blank" name is scoring the same as if it were
the wrong name.

> From: Mike Spamassassin [mailto:[EMAIL PROTECTED]
>>
>> This is working pretty well so far.
>> Thanks for you help with this.
>>
>> I would like to enhance it to cater for the situations where I am
>> not in the "To" address (e.g. I am in CC: to Bcc: or the "mailing
>> list" situation.
>>
>> How would I do a test of the form:
>>
>> If To: email address contains ernstoff.net then check for To: real
>> name contains Mike or Michael or is blank?
>
> That is a bit more complex.  Meta rules may be the best way to go
> here.
>
> header _TO_MYEMAIL To:addr =~ /ernstoff\.net/i
> header _CC_MYEMAIL Cc:addr =~ /ernstoff\.net/i
>
> header _TO_MYNAME To:name =~ /\b(?:Mike|Michael)\b|^$/i
> header _CC_MYNAME Cc:name =~ /\b(?:Mike|Michael)\b|^$/i
>
> meta NOT_MY_NAME (_TO_MYEMAIL && ! _TO_MYNAME)
>  || (_CC_EMAIL && ! _CC_MYNAME)
> describe NOT_MY_NAME My email address, but not my name
> score NOT_MY_NAME 1
>
> (Note that the meta command should be all on one line)
>
> The rule names that start with an underscore are defined as sub-rules
> and are not scored separately.
>
> Also, keep in mind that the :addr and :name modifiers only grab the
> first address or real name on the line.  If there are multiple
> addresses or real names, they are ignored.  You may have better
> results just leaving off the :addr and :name modifiers and accepting
> that it will miss a few by matching the name inside the email address
> ([EMAIL PROTECTED], for example).
>
> header _TO_MYEMAIL To =~ /ernstoff\.net/i
> header _CC_MYEMAIL Cc =~ /ernstoff\.net/i
>
> header _TO_MYNAME To =~ /\b(?:Mike|Michael)\b(?!\@)|^$/i
> header _CC_MYNAME Cc =~ /\b(?:Mike|Michael)\b(?!\@)|^$/i
>
> meta NOT_MY_NAME ( _TO_MYEMAIL && ! _TO_MYNAME )
>  || ( _CC_EMAIL && ! _CC_MYNAME )
> describe NOT_MY_NAME My email address, but not my name
> score NOT_MY_NAME 1
>
> The extra stuff on the name regex ensures that the name is not
> immediately followed by an "@" to try to avoid matching on obvious
> email addresses.
>
> It is possible to parse it all out, but as there are quite a few valid
> formats, this would be far more trouble than it is worth.
>
> Bowie
>
>

RE: Personal Rule

2005-09-27 Thread Mike Spamassassin 
This is working pretty well so far.
Thanks for you help with this.

I would like to enhance it to cater for the situations where I am not in
the "To" address (e.g. I am in CC: to Bcc: or the "mailing list"
situation.

How would I do a test of the form:

If To: email address contains ernstoff.net then check for To: real name
contains Mike or Michael or is blank?

> From: Mike Spamassassin [mailto:[EMAIL PROTECTED]
>>
>> > From: Mike Spamassassin [mailto:[EMAIL PROTECTED]
>> >>
>> >> I have seen a rule to identify that the "From" address does not
>> >> have a "real name", which I presume is the description (i.e. in
>> >> my case "Mike Spamassassin").  I would like to have a rule which
>> >> identifies emails where the "To" address does not contain either
>> >> "Mike" or "Michael".  Has anyone created a similar rule, or can
>> >> anyone point me in the right direction.
>> >
>> > As has been pointed out before, this is generally a bad idea.
>> > There are lots of newsletters and mailing lists (including this
>> > one) that do not put your name in the "To" field.
>> >
>> > If you want to try it, you can use a rule such as this:
>> >
>> > header NOT_MY_NAME To:name !~ /\b(?:Mike|Michael)\b/i
>> > score NOT_MY_NAME 0.5
>> > describe NOT_MY_NAME To does not contain Mike or Michael
>> >
>> > Adjust the score to your liking.  Don't put it too high until you
>> > are sure it's not going to produce too may false positives.
>> >
>> > If you do this, you may need to whitelist some of your mailing
>> > lists and newsletters.
>>
>> Thanks for your help.
>> I will try this out, and see how it goes.
>> Presumably it could be amended to check for Mike, Michael or blank to
>> avoid the problem you mentioned.
>> I will look up the regular expression syntax and see if I can
>> suss it out.
>
> I'm not quite sure how to check for the absence of a real name.  I
> guess I could go find the rule that checks the From line, but I'm too
> lazy at the moment. :)
>
> This might work:
>
> header NOT_MY_NAME To:name !~ /\b(?:Mike|Michael)\b|^$/i
>
> It is still susceptible to false positives, tho.  How about this
> example:
>
> To: "Mailing List" <[EMAIL PROTECTED]>
>
> Since SA uses Perl regular expressions, these two pages may be useful:
>
> Perl Regular Expressions Quick Start
> http://perldoc.perl.org/perlrequick.html
>
> Perl Regular Expressions Tutorial
> http://perldoc.perl.org/perlretut.html
>
> Bowie
>
>

Re: Personal Rule

2005-09-22 Thread Mike Spamassassin 
So far so good.

I have given this rule a score of 1.
4 is classified as spam and 2 is filtered into a MaybeSpam folder.

I have implemented the rule to allow blank/Mike/Michael

> From: "Mike Spamassassin" <[EMAIL PROTECTED]>
>
>>I have seen a rule to identify that the "From" address does not have a
>> "real name", which I presume is the description (i.e. in my case "Mike
>> Spamassassin").
>> I would like to have a rule which identifies emails where the "To"
>> address
>> does not contain either "Mike" or "Michael".
>> Has anyone created a similar rule, or can anyone point me in the right
>> direction.
>
> You'll be sooorr! The idea is extremely susceptible to
> false positives and negatives.
>
> {o.o}
>
>
>

RE: Personal Rule

2005-09-21 Thread Mike Spamassassin 
Thanks for your help.
I will try this out, and see how it goes.
Presumably it could be amended to check for Mike, Michael or blank to
avoid the problem you mentioned.
I will look up the regular expression syntax and see if I can suss it out.

> From: Mike Spamassassin [mailto:[EMAIL PROTECTED]
>>
>> I have seen a rule to identify that the "From" address does not have a
"real name", which I presume is the description (i.e. in my case "Mike
Spamassassin").  I would like to have a rule which identifies emails
where the "To" address does not contain either "Mike" or "Michael". 
Has anyone created a similar rule, or can anyone point me in the right
direction.
>
> As has been pointed out before, this is generally a bad idea.  There are
lots of newsletters and mailing lists (including this one) that do not
put your name in the "To" field.
>
> If you want to try it, you can use a rule such as this:
>
> header NOT_MY_NAME To:name !~ /\b(?:Mike|Michael)\b/i
> score NOT_MY_NAME 0.5
> describe NOT_MY_NAME To does not contain Mike or Michael
>
> Adjust the score to your liking.  Don't put it too high until you are
sure it's not going to produce too may false positives.
>
> If you do this, you may need to whitelist some of your mailing lists and
newsletters.
>
> Bowie
>
>

Personal Rule

2005-09-21 Thread Mike Spamassassin 
I have seen a rule to identify that the "From" address does not have a
"real name", which I presume is the description (i.e. in my case "Mike
Spamassassin").
I would like to have a rule which identifies emails where the "To" address
does not contain either "Mike" or "Michael".
Has anyone created a similar rule, or can anyone point me in the right
direction.

Thanks in advance

Mike

Re: sa-learn error message

2005-06-05 Thread Mike Spamassassin 
>> Everything seems to work OK, but I get one error message.
>> When I run sa-learn --sync I get
>> "Parameter to use lib must be directory, not file at
>> $HOME/local/lib/perl5/i386-linux/Razor2/Client/Agent.pm line 13"
>
> Just from the error message, I would assume you had set up Razor, or at
> least enabled the razor rules.  And there is something wrong with the way
> you set it up.  It looks like you have to specify a path someplace (maybe
> in
> razor configuration?) and you have pointed to a file instead of a
> directory.
>
> Loren
>
>
Thanks Loren and Theo, both for the suggestions and for responding so
quickly.

I had assumed the lib was the name of some kind of a perl variable.
Once you pushed me in the direction of it being the name of a file or
directory I did a "find" from local and found two occurrences, one being a
file the other being a directory. The first one, the lib file was not part
of SpamAssassin or razor so I moved it, and now the error message has
gone.

Mike

sa-learn error message

2005-06-05 Thread Mike Spamassassin 
I have installed SpamAssassin 3.0.3 on Debian Linux using the
SingleUserUnixInstall instructions on the SpamAssassin Wiki, as I do not
have root access.
Perl version is 5.6.1

Everything seems to work OK, but I get one error message.
When I run sa-learn --sync I get
"Parameter to use lib must be directory, not file at
$HOME/local/lib/perl5/i386-linux/Razor2/Client/Agent.pm line 13"

I had the same problem with SpamAssassin 3.0.2

Can anyone point me in the right direction?
I know Unix but not much Linux and very little perl.

Thanks in advance

Mike

Re: Is there such a test?

2005-03-16 Thread Mike Spamassassin 
I'd take that bet.
While you are almost certainly correct with the likes of those who
subscribe to this group, who often have multiple email addresses,
out there in [EMAIL PROTECTED] land, and hotmail world, most people have a 
single
email address strongly related to their name.

Back to the original question:
Regardless of whether anyone thinks it is a good test or not, has anyone
yet created such a test?

> Mike Spamassassin wrote:
>
>>Point taken, but I still think it would be a valid test.
>>Like all SpamAssassin tests it should only be one of many indicators.
>>
>
> No, not really. There's a minimum useful S/O ratio for spam rules.
>
> I'd bet $5.00 that this rule would have a S/O under 0.80 in the
> corpus.(ie: no more 80% of it's hits were spam, and at least 20% were ham)
>
>

Re: Is there such a test?

2005-03-15 Thread Mike Spamassassin 
Point taken, but I still think it would be a valid test.
Like all SpamAssassin tests it should only be one of many indicators.
In particular all the ones that I receive I would expect to have "Mike" or
"Michael" in the description of my email address.
I would also like to be able to pick out those from "Microsoft Support"
which are not from microsoft.com and other typical phishing mails.

> At 10:00 AM 3/15/2005, Mike Spamassassin wrote:
>>I have just received spam from 
>> [EMAIL PROTECTED]
>>Is there a test which identifies that the description (Esmeralada
>>Bouchard) bears no resemblance to the given sender's address?
>
> No.. It's quite common for normal people to have that.
>
> For example, take a look at Theo Van Dinter's email address. The only
> letters in common between his name and his email username are t,i, and e.
> (The username part is "felicity", and the domain has no resemblance to his
> name either.. "kludge")
>
> And what about Paul Shupak, who uses "List Mail User" as a description,
> and
> "track" as a username?
>
> Or these other combinations from this mailing lists (domains removed to
> reduce harvesting problems)
>
> "Ben Wylie" sasssin@
>   "Kai Schaetzl"   maillists@
> "Matt Yackley"   sare@
> "Matthias Keller" linux@
>
>
>

Is there such a test?

2005-03-15 Thread Mike Spamassassin 
I have just received spam from  [EMAIL PROTECTED]
Is there a test which identifies that the description (Esmeralada
Bouchard) bears no resemblance to the given sender's address?
Similarly I sometimes receive spam mail to my email address but with a
completely unrecognisable description.

Are there any tests to identify these discrepancies between the email
addresses and their descriptions?