http://bugzilla.spamassassin.org/show_bug.cgi?id=3936
--- Additional Comments From [EMAIL PROTECTED] 2004-10-31 15:54 ---
"It's whatever order the message path(s) are passed to AI."
actually that's not 100% true -- it's ordered spam, then ham, in whatever order
the message path(s) ar
http://bugzilla.spamassassin.org/show_bug.cgi?id=3917
--- Additional Comments From [EMAIL PROTECTED] 2004-10-31 15:23 ---
I found the firewall that was holding up my testing -- remnant of a VPN client I
had been using -- and captured the traffic from a test with spamc on a linux box
a
http://bugzilla.spamassassin.org/show_bug.cgi?id=3940
--- Additional Comments From [EMAIL PROTECTED] 2004-10-31 14:57 ---
Subject: Re: ArchiveIterator uses opt_j for two different things
On Sun, Oct 31, 2004 at 02:27:17PM -0800, [EMAIL PROTECTED] wrote:
> I'd strongly prefer (I'm pr
http://bugzilla.spamassassin.org/show_bug.cgi?id=3936
--- Additional Comments From [EMAIL PROTECTED] 2004-10-31 14:55 ---
Subject: Re: ArchiveIterator uses opt_n for two different things
On Sun, Oct 31, 2004 at 02:25:04PM -0800, [EMAIL PROTECTED] wrote:
> > I've enabled -n in my nig
http://bugzilla.spamassassin.org/show_bug.cgi?id=3941
--- Additional Comments From [EMAIL PROTECTED] 2004-10-31 14:28 ---
+1
--- You are receiving this mail because: ---
You are the assignee for the bug, or are watching the assignee.
http://bugzilla.spamassassin.org/show_bug.cgi?id=3940
--- Additional Comments From [EMAIL PROTECTED] 2004-10-31 14:27 ---
Subject: Re: New: ArchiveIterator uses opt_j for two different things
> I'd like to break those two apart, and keep opt_j as a backward
> compatibility option.
> I'd like to break those two apart, and keep opt_j as a backward
> compatibility option.
I'd strongly prefer (I'm probably -1 on creatingh two new options for
this one) to keep opt_j as the number of processes (it parallels "make
-j") and add a new option for the temporary file vs. in-memory opti
http://bugzilla.spamassassin.org/show_bug.cgi?id=3936
--- Additional Comments From [EMAIL PROTECTED] 2004-10-31 14:25 ---
Subject: Re: New: ArchiveIterator uses opt_n for two different things
> I've enabled -n in my nightly mass-check runs for non-Bayes, because
> the sorting is irr
> I've enabled -n in my nightly mass-check runs for non-Bayes, because
> the sorting is irrelevent without Bayes.
Not really true. Sorting is also used for --tail and --head. I use -n
and --tail every night.
Please post your proposal in the bug before committing it, I'd like to
hear what's plan
FYI to whoever approved these: these are all ancient emails from April,
so they should have been rejected.
Daniel
--
Daniel Quinlan ApacheCon! 13-17 November (3 SpamAssassin
http://www.pathname.com/~quinlan/ http://www.apachecon.com/ sessions & more)
http://bugzilla.spamassassin.org/show_bug.cgi?id=3931
[EMAIL PROTECTED] changed:
What|Removed |Added
Status|NEW |RESOLVED
Resolution|
http://bugzilla.spamassassin.org/show_bug.cgi?id=3924
[EMAIL PROTECTED] changed:
What|Removed |Added
CC||[EMAIL PROTECTED]
--- Additi
http://bugzilla.spamassassin.org/show_bug.cgi?id=3930
[EMAIL PROTECTED] changed:
What|Removed |Added
Status|NEW |RESOLVED
Resolution|
http://bugzilla.spamassassin.org/show_bug.cgi?id=3930
--- Additional Comments From [EMAIL PROTECTED] 2004-10-31 12:05 ---
+1 . I was wondering what Sidney was talking about ;)
--- You are receiving this mail because: ---
You are on the CC list for the bug, or are watching
We're made a document describing some of the general properties
which code using SURBLs should have in order to use the data as
it was designed and intended. We hope these comments may be
useful to developers. Our Implementation Guidelines are brief
and copied below.
http://www.surbl.org/impl
On Sunday, April 18, 2004, 11:50:17 PM, John Fawcett wrote:
> I clicked on a couple of tinyurl links which were from the original spams
> and
> got "terminated for spamming" notices. tinyurl seems to be responsive to
> spam complaints, which will deter spammers from signing up in the first
> place.
On Sunday, April 18, 2004, 6:58:14 PM, Simon Byrnand wrote:
> At 13:49 19/04/2004, Jeff Chan wrote:
>>The traditional solution to ccTLDs (Country Code TLDs) seems to
>>be to make a table of them, and make sure any extracted domains
>>are +1 domain levels longer. So for company.co.nz, don't take
>>
On Sunday, April 18, 2004, 6:08:11 PM, Simon Byrnand wrote:
> At 12:43 19/04/2004, Jeff Chan wrote:
>> >2. Extract base (registrar) domains from those URIs. This
>> > includes removing any and all leading host names, subdomains,
>> > www., randomized subdomains, etc. In order to determine the
>
On Friday, April 16, 2004, 5:17:54 PM, Jeff Chan wrote:
> OK This sounds like I should be asking our secondaries to carry
> the surbl.org parent domain also, right? Then I would update the
> root name servers to list all of them.
Sent to wrong list. Please pardon,
Jeff C.
Simon Byrnand, Eric Kolve and I were having a discussion of what
characters are legal in domain names, due to junk showing up
around URIs and apparently confusing some of the SpamAssassin URI
parsing code. Wanted to share some research and ask if anyone
has any other authoritative information on w
On Monday, April 12, 2004, 4:58:11 PM, Burnie Burnie wrote:
> (I also mentioned this on sa-users)
> Currently I get quite a few URIs which contains redirectors.
> I.e. http://drs.yahoo.com/incomplete/*http://spammer/address
> http://g.msn.com/0US!s5.31472_315529/HP.1001?http://spammer/address
Hello SURBL users,
Please note that the name of the SURBL derived from Bill Stearns'
sa-blacklist is being changed from sa.surbl.org to ws.surbl.org .
If you were using the old name in your rules or configs please
update them to the new name.
We will keep DNS queries up on the old name for a week
On Monday, April 12, 2004, 6:00:40 PM, Justin Mason wrote:
> Jeff Chan writes:
>> On Monday, April 12, 2004, 4:58:11 PM, Burnie Burnie wrote:
>> > Currently I get quite a few URIs which contains redirectors.
>> > I.e. http://drs.yahoo.com/incomplete/*http://spammer/address
>> > http://g.msn.c
On Sunday, April 11, 2004, 6:19:02 PM, Erick Calder wrote:
> oops, reading my mail in chronological order and I see the announcement was
> already made. anyway, maybe you want to at least include a link to the RPMs
> on the website.
Hi Erik,
We have not officially announced the new list because w
Here's the original proposed announcement for the additional SURBL
built from Bill's data. We can rename sa to sb or something else,
but what other changes would anyone recommend before I post it to
sa-users for example?
Jeff C.
__
http://www.surbl.org/ (with some live links)
New! More SUR
On Sunday, April 11, 2004, 12:29:43 AM, Daniel Quinlan wrote:
> Also, it would be better from our perspective if we could get multiple
> RBL results from a single query to reduce overhead. Any of multiple A
> (like NJABL, SBL/XBL, or SORBS), bitmask A (like OPM or RBL+), or
> multiple TXT (like SB
Hello SA Users and Developers,
Raymond Dijkxhoorn has very kindly set up three Mailman-powered
mailing lists for folks using or interested in SURBL:
http://lists.surbl.org/
Announce - SURBL Announcement list [READONLY]
This is an announcement-only list for SURBL users. Message
volume shou
On Sunday, April 11, 2004, 12:29:43 AM, Daniel Quinlan wrote:
> Jeff Chan <[EMAIL PROTECTED]> writes:
>> Can any 3.0 guys able to comment if I got the urirhsbl syntax correct:
> It's correct, but you might not need to get it correct because the rule
> will likely ship with 3.0 when it is released
On Monday, April 5, 2004, 7:50:16 PM, Justin Mason wrote:
> BTW, current SVN trunk now contains URIBL support for RHSBL lookups
> using the 'urirhsbl' command:
> =item urirhsbl NAME_OF_RULE rhsbl_zone lookuptype
> Specify a RHSBL-style domain lookup. C is the name of the rule
> to be used, C is
On Wednesday, April 7, 2004, 12:32:23 AM, Jeff Chan wrote:
> Could I ask you for a sample config or rule to cause urirhsbl
> to use SURBL? I'd like to add it to the quick start at the top
> of our web page to help get people using it easily.
I think I mostly answered my own question by spotting t
On Tuesday, April 6, 2004, 5:01:45 PM, Daniel Quinlan wrote:
> http://cvs.apache.org/viewcvs.cgi/incubator/spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/URIDNSBL.pm?rev=9881&root=Apache-SVN&view=markup
> which says:
>urirhsbl NAME_OF_RULE rhsbl_zone lookuptype
>Specify a RH
On Tuesday, April 6, 2004, 5:01:45 PM, Daniel Quinlan wrote:
> Jeff Chan <[EMAIL PROTECTED]> writes:
>> Thanks much for the test data Daniel! Can I ask for a clarification
>> of whether urirhsbl in URIBL is doing name resolution before comparing
>> to SURBL, or whether it's comparing "names to na
On Monday, April 5, 2004, 7:02:58 PM, Justin Mason wrote:
> Jeff Chan writes:
>> After watching the data for a while I think a longer general
>> retention of say 10 days might be a good idea to catch reports
>> over more than a week. For known spam gang domains/name
>> servers/IPs we could make th
On Tuesday, April 6, 2004, 4:52:54 AM, Daniel Quinlan wrote:
> Justin added a "urirhsbl" test to the URIBL module, so I retested on my
> last 4 days of spam (the ham here ranges from 0 to 10 months old) using
> SURBL and it exceeded my highest expectations.
> OVERALL% SPAM% HAM% S/O
On Monday, April 5, 2004, 7:36:47 AM, Marc Perkel wrote:
> Also - is there a way to feed back to the system new URIs for the list?
> A URI reporting system?
There is no way to report URIs directly to SURBL currently. The
best way is to report them in spams to SpamCop. It's indirect
but does the
On Saturday, April 3, 2004, 8:04:39 PM, Marc Perkel wrote:
> I've been doing something like this for the last 2 years - but I've
> built my own list and having to use Exim tricks to make it work.
> Nonetheless - it was my best rule.
> Having said that - this new one works better. I'm sure that's
On Sunday, April 4, 2004, 8:34:25 AM, Marc Perkel wrote:
> I've gotten very few but some false positives on this rule. And - I
> can't tell what link produced the false positive and what to do about it
> - which is a separate issue to address.
> The false positives are political in nature - most
On Friday, April 2, 2004, 4:42:34 PM, Jeff Chan wrote:
> Something like an inverse logarithmic function
> where the input is the spam count and the output is the
> number of days to keep it on the list
Correction that should be a log function.
A linear function like reports/10 + 1 could also work
After announcing SpamCopURI + SURBL on an ISP-internal newsgroup
we got the following positive response, followed by our reply:
http://sourceforge.net/projects/spamcopuri/ http://www.surbl.org/
On Sat, 03 Apr 2004 08:29:11 GMT, Daniel wrote:
I read your posting and thought I'd give it a try.
On Saturday, April 3, 2004, 1:29:44 AM, Jeff Chan wrote:
> On Saturday, April 3, 2004, 12:34:24 AM, Daniel Quinlan wrote:
>> domain name
>>check name servers in other blacklists
>>check registrar
>>check age of domain (SenderBase information)
>>check ISP / IP bl
On Saturday, April 3, 2004, 12:52:23 PM, Daniel Quinlan wrote:
> Jeff Chan <[EMAIL PROTECTED]> writes:
>> I agree with the content check, but will step on many toes here
>> by proclaiming that other blacklists (other than SBL), name
>> servers, registrars, ISP address blocks, and similar approaches
On Saturday, April 3, 2004, 12:34:24 AM, Daniel Quinlan wrote:
> Jeff Chan <[EMAIL PROTECTED]> writes:
>> Can you cite some examples of FP-prevention strategies?
> 1. Automated testing. We're testing URLs (web sites). That allows a
>large number of strategies which could be used from each a
On Friday, April 2, 2004, 9:02:59 PM, Loren Wilton wrote:
> Jeff, I had a look at your list at some random time a few days ago. I
> noticed that the top 90% or so of the reports looked pretty solid. At the
> instant I looked, the bottom 10% of the reports were most all highly
> suspect. This is
On Friday, April 2, 2004, 3:52:31 PM, Jeff Chan wrote:
> We have enough history built up that I should be able
> to see if they would have fallen off my lists at certain points
> due to our relatively short expiration. I might be able to use
> that information to tune the expirations better.
Afte
On Friday, April 2, 2004, 8:53:46 PM, Loren Wilton wrote:
>> On Friday, April 2, 2004, 3:27:13 PM, Justin Mason wrote:
>> > Jeff Chan writes:
>> >> Does anyone have any data about the persistence of spam URI
>> >> domains? I'll even settle for any data about spam web server
>> >> IP addresses. :-
On Friday, April 2, 2004, 4:23:51 PM, Daniel Quinlan wrote:
> [EMAIL PROTECTED] (Justin Mason) writes:
>> Side issue: why use easy removal without questions? Spammers do not have
>> the bandwidth to remove themselves from every list. If they *do* go to
>> the bother, and a URL does get removed, t
In case it's useful to anyone, Eric Kolve forwarded me a web site
with a list of ccTLDs:
http://www.bestregistrar.com/help/ccTLD.htm
It was missing a couple like com.br and there's a typo .IDV.TW
but it could otherwise be useful for people trying to parse
country code TLDs versus non country on
On Friday, April 2, 2004, 3:27:13 PM, Justin Mason wrote:
> Jeff Chan writes:
>> Does anyone have any data about the persistence of spam URI
>> domains? I'll even settle for any data about spam web server
>> IP addresses. :-)
> I've seen the same domain being used for several months.
Thanks muc
On Friday, April 2, 2004, 2:11:39 AM, Jeff Chan wrote:
> If it's the case that domains expire out of the SpamCop
> URI data sooner than the particular spam domains remain
> a problem, then I could definitely see a need for a longer
> expiration. Being somewhat new to the game, I don't
> have any d
On Thursday, April 1, 2004, 11:37:54 PM, Daniel Quinlan wrote:
> Jeff Chan <[EMAIL PROTECTED]> writes:
>> Would someone with access to large spam and ham corpi please give
>> SpamCopURI a try against their recent data, as Daniel Quinlan did with
>> URIDNSBL + SURBL, and kindly let us know what kin
I am pleased to announce that Eric Kolve has added SURBL support
to his SpamAssassin 2.63 plugin called SpamCopURI:
http://sourceforge.net/projects/spamcopuri/
In order to use the new RBL method, please comment out the the
previous tests SPAMCOP_URI and SPAMCOP_URI_HOST and increase
the score f
On Tuesday, March 30, 2004, 3:18:02 PM, Daniel Quinlan wrote:
> Jeff Chan <[EMAIL PROTECTED]> writes:
>> FWIW Here's an du -sk directory size summary of the reports
>> SURBL grabbed from SpamCop Spamvertised sites over the past
>> 4 days or so, stored by TLD or first octet of a numeric URI:
>>
>> K
On Tuesday, March 30, 2004, 3:58:13 PM, Jeff Chan wrote:
> We have lowered the threshold for inclusion of spam URI reports
> into SURBL from 20 down to 10. This has increased the number
> of domains in SURBL from about 250 to about 400. The expiration
> time of reports is currently unchanged at 4
We have lowered the threshold for inclusion of spam URI reports
into SURBL from 20 down to 10. This has increased the number
of domains in SURBL from about 250 to about 400. The expiration
time of reports is currently unchanged at 4 days. (I had said
the threshold was 24 earlier, but when I look
On Monday, March 29, 2004, 9:35:58 AM, Marc Perkel wrote:
> For what its worth - I've been blacklisting against my own URI list for
> over a year now and quite frankly - it's the best thing I have for
> trapping spam of anything I do. It's 100% accurate and if I see new spam
> getting through al
FWIW Here's an du -sk directory size summary of the reports
SURBL grabbed from SpamCop Spamvertised sites over the past
4 days or so, stored by TLD or first octet of a numeric URI:
KBytes TLD or first octet of numeric address
== =
7 140
7 163
7
On Monday, March 29, 2004, 2:57:53 AM, Daniel Quinlan wrote:
> Jeff Chan <[EMAIL PROTECTED]> writes:
>> For name-based URIs that's very different from my intended use for
>> SURBL so I may have been partially in error in suggesting that an
>> unmodified URIDNSBL use SURBL directly.
> Yeah, I didn
On Monday, March 29, 2004, 5:36:02 PM, Justin Mason wrote:
> Kai writes:
>> Justin: could you write a 5-liner saying what the final version of the
>> module does, and in what order?
> Sure, maybe when I get some free time ;)
> In the meantime, the POD docs in Mail::SpamAssassin::Plugin::URIBL
> s
On Monday, March 29, 2004, 10:01:59 AM, Marc Perkel wrote:
> Here's some of my initial thoughts.
> In the domain is what I would call the "real" part of the domain.
> farmsex.com
> farmsex.co.uk
> The part before the "farmsex" should be ignored. Anyone who controls the
> domains also probably c
On Sunday, March 28, 2004, 10:00:11 PM, Justin Mason wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Daniel Quinlan writes:
>> No FPs, but the SPAM% is rather low. I suspect the problem is that
>> SURBL is a direct listing of URIs whereas URIBL does the NS->A->RBL
>> mapping.
> It's also *very* new
On Monday, March 29, 2004, 3:35:07 AM, Tony Finch wrote:
> On Mon, 29 Mar 2004, Jeff Chan wrote:
>>
>> Yes Eric and I discussed this approach, and I know others have
>> also, but I tend to think it could be overbroad and could catch
>> too many innocent domains. For example, a non-rogue ISP who go
> Tony Finch wrote:
>>Yes, this is why you have to be careful about the nameservers that are
>>blacklisted. They must be controlled by spammers rather than merely used
>>by spammers, which is why the SBL is an appropriate blacklist for this
>>purpose.
On Monday, March 29, 2004, 10:41:39 AM, Marc P
On Monday, March 29, 2004, 2:15:27 AM, Tony Finch wrote:
> On Mon, 29 Mar 2004, Jeff Chan wrote:
>>
>> So a technique to defeat the randomizers greater count is to look
>> at the higher levels of the domain, under which SURBL will always
>> count the randomized children of the "bad" parent. In thi
Albert R. Timashev wrote:
My problem is how to configure SpamAssassin to make it recognize direct
mail from dial-up/dsl [... etc. ...]
This mailing list is used by SpamAssassin developers to discuss ongoing
development work on SpamAssassin. Your question has nothing to do with that.
Your questio
Hi everybody,
I have SpamAssassin 3.0.1 and Exim 4.43 with exiscan-acl patch revision 28
working together on FreeBSD 4.8.
My problem is how to configure SpamAssassin to make it recognize direct mail
from dial-up/dsl (and the like) pools received not only by my own server,
BUT BY THE TRUSTED RELAYS
http://bugzilla.spamassassin.org/show_bug.cgi?id=3929
[EMAIL PROTECTED] changed:
What|Removed |Added
Attachment #2490 is|0 |1
obsolete|
http://bugzilla.spamassassin.org/show_bug.cgi?id=3929
[EMAIL PROTECTED] changed:
What|Removed |Added
Severity|enhancement |minor
Priority|P4
http://bugzilla.spamassassin.org/show_bug.cgi?id=3851
--- Additional Comments From [EMAIL PROTECTED] 2004-10-31 01:41 ---
How about simply removing the rule which checks the Message-ID if the Client is
a Netscape Messager?
--- You are receiving this mail because: ---
You ar
68 matches
Mail list logo
