On Tue, 13 Jan 2004 22:27:18 -0600 (CST), David B Funk wrote:
Also note that Habeas has an RBL listing all reported sources of
forged Habeas-mark messages (the Habeas Infringers List). SA
automatically queries this RBL and will ignore SWE signatures from
those sources.
Yep. Of the five spams
On Tue, 2004-01-13 at 15:08, Chris Santerre wrote:
Ladies and Gentlemen,
Not since eating popcorn covered in backhair in the weeds have I
been so excited about a ruleset. Fred, along with the rule writers
consortium, has developed a new ruleset called Tripwire. Much testing has
gone
Hello!
Some Norwegian character will come out with errors and we got
2.8 points from the language test. Is it possible to add this chars to a
list for the Norwegian language? How do go around it?
I have also a question about the time. Is there a large gap between our
e-mail server and the
-Original Message-
From: [EMAIL PROTECTED][EMAIL PROTECTED]
Sent: 1/13/04 10:19:12 PM
To: [EMAIL PROTECTED][EMAIL PROTECTED]
Subject: [SAtalk] not catching spam email yet
Hi to the group,
I am working on getting spamassassin to work
with qmail and vpopmail on
Top top post :)
Download the sa tarball. In the masses directory is a script called mass-check. Read
the top of the script for the little bit of documentation that exists.
--
Chris Thielen
Easily generate SpamAssassin rules to catch obfuscated spam phrases:
http://sandgnat.com/cmos/
Hi,
May someone explain me in few words what is the Bayes probability algorithm
and how is it used in SpamAssassin ?
Greetings.
---
Carles Xavier Munyoz Baldó
[EMAIL PROTECTED]
http://www.unlimitedmail.net/
---
---
This SF.net email is
On Wed, Jan 14, 2004 at 11:14:51AM +0100, Carles Xavier Munyoz Bald? wrote:
Hi,
May someone explain me in few words what is the Bayes probability algorithm
and how is it used in SpamAssassin ?
See 'man sa-learn' or use
http://www.spamassassin.org/doc/sa-learn.html
Chris Santerre Sent: Tuesday, January 13, 2004 4:09 PM
Not since eating popcorn covered in backhair in the weeds have I
been so excited about a ruleset. Fred, along with the rule writers
consortium, has developed a new ruleset called Tripwire. Much testing has
gone into this set. I've
check the links at
http://www.spamassassin.org/doc/Mail_SpamAssassin_Bayes.html
/robert
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Carles
Xavier Munyoz Baldó
Sent: Mittwoch, 14. Januar 2004 11:15
To: [EMAIL PROTECTED]
Subject: [SAtalk] Bayes.
Hi,
Hi,
is there a log analyser for amavis or spamassassin?
TIA
sascha
---
This SF.net email is sponsored by: Perforce Software.
Perforce is the Fast Software Configuration Management System offering
advanced branching capabilities and atomic
Sorry, been out of the office for a couple of days. Here are hte headers
To: [EMAIL PROTECTED]
Return-Path: [EMAIL PROTECTED]>
Received: by pickering.co.uk (CommuniGate Pro PIPE 4.1.5) with PIPE id 4554464; Fri, 09 Jan 2004 13:59:20 +
Received: from localhost [127.0.0.1] by Pickering
On Tue, Jan 13, 2004 at 08:36:56PM -0500, Tim B wrote:
Excellent News!
Chris Santerre wrote:
...
Tripwire has taken OBFU to the next level! It searches for 3
characters that shouldn't be together. This is based on the English
language.
Well, it might be very useful, but has somebody
I would like to start contributing to spamassassin and help to fight
spam.
http://au.spamassassin.org/hacking.html lists how to submit
mass-check results. I have a couple of questions:
* The CORPUS_POLICY lists that you should use hand-verified spam/ham
tiles, but the CORPUS_SUBMIT lists that
Kang , Joseph S. [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
I have a email gateway running spamassassin, amavisd-new and
postfix. I am blocking a good chunk of spam. However, I am
trying to figure out a good way to get the users involved in
creating our own blacklist (I
On Wednesday, January 14, 2004 12:27 PM [GMT+1=CET],
Chr. von Stuckrad [EMAIL PROTECTED] wrote:
On Tue, Jan 13, 2004 at 08:36:56PM -0500, Tim B wrote:
Excellent News!
Chris Santerre wrote:
...
Tripwire has taken OBFU to the next level! It searches for 3
characters that shouldn't be
Please have a look at the article at http://www.jerf.org/writings/
bayesReport.html from Jeremy Bowers. Jeremy has written a tool shown at
http://www.jerf.org/images/spam.writer.full.png that assists in writing spam
that does not trigger pure bayesian filters.
This emphasizes several points
On Wed, 14 Jan 2004, Sascha Huedepohl [EMAIL PROTECTED] wrote:
Hi,
is there a log analyser for amavis or spamassassin?
http://rekudos.net/amavis-stats/
--
Chris Hastie
---
This SF.net email is sponsored by: Perforce Software.
Perforce is
Is it possible for habeas to make their watermark not fakeable?
because it is naiv to believe that no one will misuse their watermark
because of law, and it is naiv to think that they can find and sue
everyone who misused their watermark. And for us they have rbl system
we can use to check
At 03:19 PM 1/14/04 +1100, [EMAIL PROTECTED] wrote:
3. edited /etc/mail/spamassassin/local.cf as
follows
required_hits 6.0
rewrite_subject 1
report_header 1
use_terse_report 1
defang_mime 1
dns_available yes
dcc_add_header 1
use_dcc 1
What version of SA are you using? defang_mime is illegal in any
I'd like to assign spam points to any message whose body does not
contain any one of several keywords. But unfortunately, I can't find a
body directive reads all body attachments. I tried body and rawbody
but there are still many body attachments that pass through unscanned.
Since my match
Yes, it is theoretically possible to do what you suggest..
The first drawback is resources...Habeas would have a fairly heavy-duty
server to generate and validate the signatures..
CPU time might be cheap on a single-user machine, but when you're talking
about global scales, a little bit of
On Tue, 13 Jan 2004, Smart,Dan wrote:
| I'm waiting for Greylisting too. Vernon's DCC stuff is being debugged for
| Greylisting which should soon be a reliable engine for this.
Note that the DCC greylisting feature is unlikely to become usable via the
SpamAssassin DCC interface. It'll need
At 09:15 AM 1/14/04 +0100, Jan Erik Skogsholm wrote:
Some Norwegian character will come out with errors and we got
2.8 points from the language test. Is it possible to add this chars to a
list for the Norwegian language?
Not sure how, but there appears to be a database called 'languages' in the
Hi,
I just installed Spam Assassin 2.61 on my Solaris 7 box. It interfaces with
sendmail and procmail for the delivery. Spam Assassin correctly flags the
e-mail as Spam and I can see this in my Solaris mail box and for all my
Unix users. Unfortunately, most of my users are using Outlook from
On Tue, 13 Jan 2004, Chris Santerre [EMAIL PROTECTED] wrote:
Tripwire has taken OBFU to the next level! It searches for 3 characters
that shouldn't be together.
Perfect timing. I've been tracking a particular piece of ratware, and
just this morning I had two FPs because it had morphed and
At 08:48 AM 1/14/04 -0500, Jeff Fulmer wrote:
I'd like to assign spam points to any message whose body does not contain
any one of several keywords. But unfortunately, I can't find a body
directive reads all body attachments. I tried body and rawbody but
there are still many body attachments
No. I wouldn't expect it to read PDFs. For example, just now it didn't
read these types:
[-- Type: text/plain, Encoding: 8bit, Size: 1.7K --]
[-- Type: text/plain, Encoding: 7bit, Size: 2.3K --]
[-- Type: text/html, Encoding: 7bit, Size: 4.3K --]
Cheers,
Jeff
O Wed, Jan 14, 2004 at 09:14:44AM
Teun Vink wrote:
Since the scores for these individual rules are low, I've added them to my
personal mailserver as well. I'm Dutch, so we'll see what it does to a mix
of English and Dutch :)
Teun
That was our plan, keep the scores low, there are so many rules, you are
likely to see an
-Original Message-
From: Brian Godette [mailto:[EMAIL PROTECTED]
Sent: Tuesday, January 13, 2004 6:05 PM
To: [EMAIL PROTECTED]
Subject: Re: [SAtalk] New HTML spam body obfuscation.
On Tuesday 13 January 2004 03:23 pm, Rose, Bobby wrote:
Why even allow javascript embedded
On Wed, 14 Jan 2004 13:48:00 +0100 Kristian Köhntopp [EMAIL PROTECTED] wrote:
Please have a look at the article at http://www.jerf.org/writings/
bayesReport.html from Jeremy Bowers. Jeremy has written a tool shown at
http://www.jerf.org/images/spam.writer.full.png that assists in writing spam
I am running MailScanner with SA 2.50 under RedHat 7.3. So far I had not been running
any network checks, but I wanted to try DCC. At first it worked only when SA was
invoked directly, but the check never ran from MailScanner. I found that there was a
path problem with /usr/local/bin, where
Greg Cirino - Cirelle Enterprises [EMAIL PROTECTED] wrote:
header SUBJECT_ENCODED_MY_TEST Subject:raw =~ /=\?.*\?=/i
catches anything starting with =? and ending with ?= no matter
what character set is embedded.
But don't rate it too high, since you'll get false positives
when people send
At 09:20 AM 1/14/04 -0500, Jeff Fulmer wrote:
No. I wouldn't expect it to read PDFs. For example, just now it didn't
read these types:
[-- Type: text/plain, Encoding: 8bit, Size: 1.7K --]
[-- Type: text/plain, Encoding: 7bit, Size: 2.3K --]
[-- Type: text/html, Encoding: 7bit, Size: 4.3K --]
Pierre Thomson wrote:
I am running MailScanner with SA 2.50 under RedHat 7.3. So far I had not been running any network checks, but I wanted to try DCC. At first it worked only when SA was invoked directly, but the check never ran from MailScanner. I found that there was a path problem with
I answered my own question. It WAS a MailScanner problem, and I found the fix on
their discussion list:
http://www.jiscmail.ac.uk/cgi-bin/wa.exe?A2=ind0301L=mailscannerP=R59912I=-1
Apparently something in the DCC check code changed the umask value, and MailScanner
assumed it wouldn't...
Thanks all, I hope they work great for everyone and at the
time I am writing
this, I don't see anymore spam with this stuff in it, now it's all
high-level bayes busting words..
Isn't that project #105738 for us? Bayes poison here we come ;)
Yeah this is strictly based on english. SO
You could also do something a little different... They can create client
caches. Think about local DNS caching servers. Apply the same concept
here and you would find that the load, though great at first, wouldn't
be so bad.
But $750,000 on the low end still isn't bad. As a small ISP it's
I wrote some new habeas rules, which take care of the recents
Habeas forgery :
# Jan 2004 : Fake Habeas
header __HABEAS_SWEeval:message_is_habeas_swe( )
header __HAB_FORGE_BOUNDContent-Type =~ /boundary=--[0-9]{15,20}/
header __HAB_FORGE_MID Message-ID =~
At 13:16 -0700 on 01/13/2004, Brian Godette wrote about [SAtalk] New
HTML spam body obfuscation.:
This is a new one to me, seems the spammers are starting to learn javascript
now. I suppose a rule for detecting document.write() usage could be used as a
spam-sign.
[JavaScript Snipped]
In case
Hi there!
especially bob, who answered to my mail recently :)
Now I am subscribed to this list *phew*
Konstantin Kletschke wrote:
mails which mostly contained only a html message, which mutt does
display as an attachement, if ever.
This is off topic, but in mutt if you press 'v' it will view
Quoting Raquel Rice [EMAIL PROTECTED]:
Why not use procmail to remove anything with that header?
That's so crazy, it just might work...
DaC
---
This SF.net email is sponsored by: Perforce Software.
Perforce is the Fast Software
Hi!
I have:
# cat /etc/spamassassin/local.cf
rewrite_subject 0
# report_safe 1
# trusted_networks 212.17.35.
report_safe 0
use_terse_report 1
auto_learn 0
always_add_report 0
always_add_headers 0
required_hits 10
report_contact [EMAIL PROTECTED]
add_header all Level _STARS(*)_
score HABEAS_SWE
Quoting Bart Schaefer [EMAIL PROTECTED]:
It's usually easier to promptly re-learn a false negative as spam than
it
is to re-learn a false positive as ham, because FNs probably go right
into
your mailbox while FPs are dropped in a quarantine (or worse). Unless
you're not paying attention, a
snip...
That was our plan, keep the scores low, there are so many rules, you are
likely to see an average of 5-15 hit on a spam message. This is still
low
but it's safe for testing. We've done lots of mass-checks against english
ham and spam but we do not have access to any other language
I have a rule which looks for keywords in the body of a message. If
those words are NOT present it scores spam points. However, my
directives are not forcing spam assassin to read all body types. I'm
using body and rawbody
At first I thought it wasn't reading all 8-bit MIME attachments, but
Hello,
(new to this list, so please notify me if this has already been
discussed or should be posted elsewhere. I've checked the mailing list
archives but didn't find anything.)
I've been quite satisfied with SpamAssassin so far (first 2.53, now
2.61). It's blocking a modest 100 spam mails a
No
worries mate - a bunch of people were posting the same question - with none of
the information needed to see the provlem...
If
that's all your headers, then the new outlook is a lot CLEANER than 2000 /
XP.
Here
is what mine look like (less the received and other common
stuff:
Date:
This ruleset went off hard on an email advertising airfare from a major provider. While the spamminess of said email is open to discussion, it is something to watch our for. Every airport has a three letter short name that hits on these rules.AndrewGerry Doris [EMAIL PROTECTED]Sent by: [EMAIL
Hi Group,
Suppose I have SA set to be called from Amavisd, which is called from
Postfix. If I wanted to tell it to tag spam, would I do that in the
amavisd.conf file, the spamassassin.cf file, the main.cf file (for
postfix) or somewhere else that I am missing? Currently it is defined
in both the
Hi,
You want http://kepler.acns.bethel.edu/~bjn/spamassassin/rnd_uc_char.cf
Works great!
Brad
On Wed, 14 Jan 2004, Hein Zelle wrote:
Hello,
(new to this list, so please notify me if this has already been
discussed or should be posted elsewhere. I've checked the mailing list
archives
On Tue, 13 Jan 2004, Matthew Cline wrote:
It is interesting that this spam attack appears to be originating
from a distributed set of zombie cable/DSL modems that someone
likely took over in a past virus attack.
If the spammers are using zombies, then couldn't both the spammers and the
Some examples:
Re: FQCDW, thousand years waiting
Yes, I've seen them.. my bayes training is chewing them up... DNSBLs and
the popcorn rules seem helpful too.
Note that I personally run the popcorn ruleset collapsed into one rule. It
contributes less score overall because it doesn't cascade,
At 03:57 PM 12/19/2003, Kenneth Porter wrote:
I'm seeing a lot of spam with this as the X-Mailer. Is this a real program or
ratware?
(better late reply than never).
This seems to be a somewhat uncommon, but is occasionally used for
legitimate mail (I've only seen it used by Russian posters).
Title: [SAtalk] Which conf file?
Spamassassin isloaded by amavisd upon startup
as long as you have turned on spam filtering in your amavisd.conf
file.It also sounds like you may have a postfix problem that's
causing all mail to be rejected as undeliverable. I would take a look
at:
On Wed, Jan 14, 2004 at 08:27:48AM -0800, Mark Squire wrote:
Hi Group,
Suppose I have SA set to be called from Amavisd, which is called from
Postfix. If I wanted to tell it to tag spam, would I do that in the
amavisd.conf file, the spamassassin.cf file, the main.cf file (for
postfix) or
Has anyone create a button (or some other way) that i can install on a
client outlook that will submit the email to the my bayes learning account?
The current process to resend the message is above most of my users and
button would be much easier.
Thanks for any help
Paul
i've noticed very very very low hits on that as a ham, i'm currently
building my own rules (the first one being this mixed with that cable tv
thing (split by bad html /randomword or being a generic 'V-word' spam)
my rules (as i build will be available here)
http://snowchyld.org/snowchyld.cf
I sent this to Habeas Technical Support. But I think I'll get a better
response on this mailing list. This seems like an obvious idea. There must
be something wrong with it. But what?
Here is a technical suggestion. I think your business plan works by using
legal action against
Hi,
I am looking to create a relaying smarthost for my network that uses
spamassassin as it's content filter. I have found various howto's on this
subject except that they either talk about Exim, Postfix or Qmail. I am
using Sendmail very happliy and was wondering if there is such a solution
for
I've noticed a few false positives in one of the extended rulesets, the
file is /etc/mail/spamassassin/90_FVGT.cf, and the rule is
FVGT_u_DOM_START_NUM. Unforch, our domain (valid for 7 years now) is
30below.com, and a few people who like to send jokes to one another are
getting flagged (the
-Original Message-
From: John Hall [mailto:[EMAIL PROTECTED]
Sent: Wednesday, January 14, 2004 6:15 AM
To: [EMAIL PROTECTED]
Subject: [SAtalk] Re: Exchange and autolearn
I found that Exchange 2000 changed the headers too much and
mime-encoded the body and so this approach wasn't
Title: Message
Good
tips, Rich, and Jean-Christophe. I also found this:
http://groups.google.com/groups?q=%22sa_spam_modifies_subj%22hl=enlr=ie=UTF-8oe=UTF-8safe=offselm=be04ft%242h5q%241%40FreeBSD.csie.NCTU.edu.twrnum=2
I will
start with those settings, and move on from there.
Thanks
On Wednesday 14 January 2004 08:33 am, Brent J. Nordquist wrote:
On Tue, 13 Jan 2004, Larry Starr [EMAIL PROTECTED] wrote:
uri FCS_URI_NODOTS /^[^\.]*$/
describeFCS_URI_NODOTS URI found with no Dots (.)
score FCS_URI_NODOTS 3.0
Thanks for this; I have
Ok, I just had my first spam with a remove link *AND* what appears to be
a valid address company name.
As usual, they claim You have received this notice by request or may
have recently become a member of one of our network websites or simply
signed up for this service. If you no longer wish
On Wed, Jan 14, 2004 at 05:26:40 +, John Ruttenberg wrote:
I sent this to Habeas Technical Support. But I think I'll get a better
response on this mailing list. This seems like an obvious idea. There must
be something wrong with it. But what?
Here is a technical suggestion. I
At 02:09 AM 1/14/2004, Maxime Ritter wrote:
I wrote some new habeas rules, which take care of the recents
Habeas forgery :
I did something similar, except that instead of redefining the HABEAS_SWE
rule, I created an offset, and I focused on the URLs rather than the
boundaries.
uri
I tried to accomidate for those names while I was generating the regex's. I
remembered the large ones like NWA, AA, and a few others I can't think of
now. But please send me examples so I can fix these rules up!
When I created these, I had 3 letter combos in my brain for weeks, I kept
thinking
On Wed, 14 Jan 2004, Larry Starr [EMAIL PROTECTED] wrote:
On Wednesday 14 January 2004 08:33 am, Brent J. Nordquist wrote:
uri BCS_URI_2E_OBFU /=2[Ee]/
A posting from David Funk, correctly points out that =2E is valid
Quoted-Printable, and is decoded correctly by
http://www.orbitz.com/App/flight/airport_codes_popup.jsp
And that is just US airports...
now. But please send me examples so I can fix these rules up!
---
This SF.net email is sponsored by: Perforce Software.
Perforce is the Fast
I work with a company that is currently using a combination
of mimedefang/sendmail/spamassassin to relay their incoming
email. It serves their purpose, and the use of mimedefang allows
for personal configuration options at a later date if so
desired. (www.mimedefang.org)
Todd Adamson
[EMAIL
Mat Harris wrote:
Hi,
I am looking to create a relaying smarthost for my network that uses
spamassassin as it's content filter. I have found various howto's on this
subject except that they either talk about Exim, Postfix or Qmail. I am
using Sendmail very happliy and was wondering if there is
Apparently the fix is to use the 2000 box at the outside MTA that
forwards to 5.5.. The munging doesn't seem to happen that way.
Bad fix, but it is reported to work.. :)
Steven
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kang
, Joseph S.
Sent:
On Wed, 14 Jan 2004, Jonathan Nichols wrote:
Did the CAN-SPAM act really take away a citizen's right to sue spammers?
No. It just took away the right to sue under certain state laws that make
explicit reference to commercial email. Actions are still possible under
other sorts of laws.
I'd
-Original Message-
From: SRH-Lists [mailto:[EMAIL PROTECTED]
Sent: Wednesday, January 14, 2004 11:44 AM
To: 'Fred'; [EMAIL PROTECTED]
Subject: RE: [SAtalk] New Ruleset Available!!! TRIPWIRE! You
don't want to
http://www.orbitz.com/App/flight/airport_codes_popup.jsp
And
Mat Harris:
this sounds like a heavily commercialized version of pgp/gpg. It would be
just as easy to adapt MTAs to filter spam based on pgp keys (i'm not
suggesting we do).
I was imagining it would just use pgp/gpg and not reinvent that wheel. The
idea was just to have habeas actually
Got my first false positive :-/
Backhair scored on a .pdf...
Any hints how to avoid these?
X-Spam-Status: Yes, hits=12.0 tagged_above=3.0 required=5.3
tests=J_BACKHAIR_11, J_BACKHAIR_12, J_BACKHAIR_13, J_BACKHAIR_14,
J_BACKHAIR_21, J_BACKHAIR_22, J_BACKHAIR_31, J_BACKHAIR_32, J_BACKHAIR_36,
The problem is that gpg/pgp aren't very well supported. Getting people to add
a few header lines is pretty easy (I've considered it a few times, but never
got around to it), but getting people to sign their mail is much harder. After
all, that's the reason we aren't all using pgp and gpg
Worldwide codes are here:
http://flyaow.com/citycodea.htm
Andreas
On Wed, 14 Jan 2004, SRH-Lists wrote:
Date: Wed, 14 Jan 2004 11:43:45 -0600
From: SRH-Lists [EMAIL PROTECTED]
To: 'Fred' [EMAIL PROTECTED],
[EMAIL PROTECTED]
[EMAIL PROTECTED]
Subject: RE: [SAtalk] New Ruleset
Adam D. Lopresto:
The problem is that gpg/pgp aren't very well supported. Getting people to
add a few header lines is pretty easy (I've considered it a few times, but
never got around to it), but getting people to sign their mail is much
harder. After all, that's the reason we aren't all
*snip*
Could anyone tell me if the followup rule to offset the
30below.com domain
is coded right, and if not, could you hit me with a clue-by-4?
Thanks!
Roger Merch Merchberger
=-=-=-=-=-=-=-=-=-=
Follows: Rule that spanks us:
uri FVGT_u_DOM_START_NUM
On Wed, Jan 14, 2004 at 12:57:13PM -0500, John Ruttenberg wrote:
1. Licensed mail sender has private pgp/gpg key provided by Habeas and
uses it to sign outgoing mail. (Also adds haiku for legal purposes.)
I think you've just outlined the Verisign method of stamping out spam.
At
*snip*
It may be a coincidence, but all these emails have a subject like
that. The body of the mail is just a random collection of words, about
4 lines long. Some examples:
Re: FQCDW, thousand years waiting
Re: YAS, here the investigator
Re: SAHQSC, of the gift
Re: IN, that you learne
--On Tuesday, January 13, 2004 11:39 AM -0800 Brian May
[EMAIL PROTECTED] wrote:
IF spammers use the
Habeas headers, and the message is in fact spam, they will be sued.
And as soon as SA is upgraded to recognize when a lawsuit is pending, I
might turn the HABEAS_SWE rule back on. Until then, a
--On Tuesday, January 13, 2004 3:07 PM -0600 Rich Puhek
[EMAIL PROTECTED] wrote:
Be patient. Use additional rules/tools to catch the latest spammers
(clue: most come from spam zombie processes). Report the Habeas violators
(more $$$ out of the spammers pockets!). Let's keep the Habeas marks as a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Chris Thielen writes:
Top top post :)
Download the sa tarball. In the masses directory is a script called mass-check.
Read the top of the script for the little bit of documentation that exists.
There's a little more on the Wiki nowadays, too.
-
-Original Message-
From: Rolf Kraeuchi
Sent: Wednesday, January 14, 2004 10:05 AM
Got my first false positive :-/
Backhair scored on a .pdf...
Any hints how to avoid these?
X-Spam-Status: Yes, hits=12.0 tagged_above=3.0 required=5.3
tests=J_BACKHAIR_11, J_BACKHAIR_12,
Install bayes. Also set up two rules in your local.cf (mine
triggered on the message body you forwarded):
#the regex is one line and goes on the same line as the body
#look for bayes poison and score it higher
bodyCP_WORDWORD_10
/(?:\b(?!(?:from|even|more|were|with)\b)[a-z]{4,12}\s+){
10}/
Seems like any attachment, especially a binary such as a pdf would go over
the maximum size to be scanned by SA. This must have been one tiny pdf, or
you have set your SA instance to scan messages over the max size (default
250k) Most pdf's are much larger than this.
Andreas
On Wed, 14 Jan 2004,
On Wed, 14 Jan 2004 08:44:00 -0800
[EMAIL PROTECTED] wrote:
This is an automated response.
There were problems with the email commands you sent to Mailman via
the administrative address
[EMAIL PROTECTED].
To obtain instructions on valid Mailman email commands, send email to
[EMAIL
-Original Message-
From: Andreas Stollar [mailto:[EMAIL PROTECTED]
Sent: Wednesday, January 14, 2004 12:39 PM
To: Rolf Kraeuchi
Cc: SA
Subject: Re: [SAtalk] FP with backhair
Seems like any attachment, especially a binary such as a pdf
would go over the maximum size to be
This will be correct in 2.7 when SA starts using their own custom MIME
parser. There are some issues with the current MIME parser, so answer to Q
is a fix is coming soon in the flavor of SA 2.7.
Frederic Tarasevicius
Internet Information Services, Inc.
http://www.i-is.com/
810-794-4400
At 01:44 PM 1/14/2004, Gary Funck wrote:
I'd asked this before (with no answer on the 'dev' list),
Not surprising.. unless it's part of active development work ie: discussion
of methods to fix a bug, coding, test results, etc, a post of a general
question to sadev will generally be ignored as
On Wed, Jan 14, 2004 at 10:39:15AM -0800, Andreas Stollar wrote:
Seems like any attachment, especially a binary such as a pdf would go over
the maximum size to be scanned by SA. This must have been one tiny pdf, or
you have set your SA instance to scan messages over the max size (default
250k)
See 'man sa-learn' or use
http://www.spamassassin.org/doc/sa-learn.html
http://wiki.spamassassin.org/w/BayesInSpamAssassin
This doesn't say much about HOW it's used in SA, though. For instance,
does SA bayes score URI tokens higher than it does general body tokens?
(if not, it should) What
I've done a fair amount of digging and haen't found
an answer for this. The short story is that when I run procmail and SA on
a per-user basis via a .procmailrc script in the user directory, everything
works fine. As soon as I remove the .procmailrc script and add
/etc/procmailrc, the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
PieterB writes:
http://au.spamassassin.org/hacking.html lists how to submit
mass-check results. I have a couple of questions:
* The CORPUS_POLICY lists that you should use hand-verified spam/ham
tiles, but the CORPUS_SUBMIT lists that you should
Hi!
Does somebody have/know a rule to catch 'unnecessary encodings'?
I saw a mail with the following subject:
ENCODED: Subject: =?ISO-8859-1?B?RG8geW91cnNlbGYgYSBmYXZvciEgTG9vayBhdCB0aGlz?=
REAL:Subject: Do yourself a favor! Look at this
As there isn't any 'non standard ascii' in the
Matt replied (in part):
I thought it was only supposed to scan text/html attachments?
I've never heard anyone claim such.
Here's what the current docs. say:
body SYMBOLIC_TEST_NAME /pattern/modifiers
Define a body pattern test. pattern is a Perl regular expression.
The 'body' in this case
--On Wednesday, January 14, 2004 8:28 AM -0600 Bob Apthorpe
[EMAIL PROTECTED] wrote:
IDP broadband
providers that give their customers direct access to port 25 on remote
systems by default.
Why should I have to pay extra for a business-class DSL line just so I can
avoid using the ISP's heavily
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Matt Kettler writes:
At 01:44 PM 1/14/2004, Gary Funck wrote:
I'd asked this before (with no answer on the 'dev' list),
Not surprising.. unless it's part of active development work ie: discussion
of methods to fix a bug, coding, test results,
1 - 100 of 186 matches
Mail list logo