On Friday 30 January 2004 11:17 am, Jennifer Wheeler wrote:
> My bad. I just posted a change to body rule with the set, but it has to
> be rawbody. I realized this as soon as I hit send. (oops) Now... I
> dont know if rawbody looks at the headers... ?? If that doesn't fix
> it, I wouldn't kno
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Pedro Sam writes:
>Hi all,
>
>I received the following mail from a yahoo web mail user, but the
>FAKE_HELO_YAHOO keeps on hitting. Is this a false positive?
The problem is this:
> Received: from 216.136.128.122 (HELO web10409.mail.yahoo.com) (216.
Hello,
I haven't seen one like this before. It got through with a pretty low
score. The body looked like this:
--
Men Men Men
Vye agrah corrects erection problem in minutes
You will be able to have sex *AGAIN* like a 20 year old young man!
Guaranteed and recognized throughout the world
SAT
On Wed, 28 Jan 2004, Peggy Kam wrote:
> Hi,
>
> I am trying to install SpamAssassin 2.63 under SunOS 5.9 by making
> libsnp.a; however, I keep encountering the following error:
>
> gcc -I. -c -o snprintf.o snprintf.c
> snprintf.c: In function `__uqtoa':
> snprintf.c:183: error: conversion to no
At 02:15 PM 1/30/2004, Sloan, Craig wrote:
>Aoccdrnig to a rscheearch at Cmabrigde Uinervtisy, it
>deosn't mttaer in waht oredr the ltteers in a wrod
>are, the olny iprmoetnt tihng is taht the frist and
>lsat ltteer be at the rghit pclae. The rset can be a
>total mses and you can sitll raed it wout
On January 30, 2004 14:06, Justin Mason wrote:
> Normally there's a "delivery *from* yahoo" step, which works fine, but
> that doesn't seem to be the case here. are you POPping it directly from
> Yahoo!?
I see... I use YahooPops to "download" mail from yahoo via the http protocol.
(instead of th
At 11:42 AM 1/30/2004, Chris Barnes wrote:
X-Spam-Status: No, hits=5.0 required=5.0
tests=HTML_60_70,HTML_IMAGE_ONLY_04,
HTML_MESSAGE,HTML_WEB_BUGS,LOCAL_PERLMX_TAG_80,MSGID_FROM_MTA_HEADER
autolearn=no version=2.61
It met the required hit total (exactly) to be classified as spam.
No, the _round
Dan,
What happens if you manually run a mail through with spamc? We saw this
sort of problem when spamd was taking too long and spamc timed out and
returned the mail unprocessed. We resolved it by using the -t flag
with spamc.
-Original Message-
From: Dan O'Brien [mailto:[EMAIL PROTECTED
Take a look at this subject masking:
Original subject:
=?iso-8859-1?B?T3Zlcm5pZ2h0IERlbGl2ZXJ5IC0gWW91IGdldCBtb3JlIGZvciBsZXNzIQ==?
=
Un-masked subject: Overnight delivery - you get more for less!
Any suggestions for regex?
---
D r e n i k N e t w o r k s / S e r b i a / B e l g r a d
I believe the idea is right but your example is wrong. 4.92 rounds to 4.9,
not to 5.0
It may have been any number between 4.95 and 4...., say 4.983
> I think the hits= is a rounded number. So it may have been
> 4.92 for example.
>
> >>> "Chris Barnes" <[EMAIL PROTECTED]> 01/30/04 11:42AM >
Hello,
I use spamassassin 2.54 and just turned on bayesian filtering. I saved
over 1000 recent spams and hams and trained the filter on those emails.
However, when an email is scored with BAYES_99 it is only get a 3.0 from
that hit. I know I can maunally change the score of BAYES_99 but I'm
wond
Folks --
given the *massive* numbers of issues with this list in its current
home, I suggest we may be better off moving it to Apache.org sooner
rather than later.
Currently, our status in Apache is that we are in the Incubator there,
which means that the list has an @incubator.apache.org suffix,
what is up with the SA list? Seems like its choking a lot more frequently
lately.
JR
---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. Februar
Sweet.. thanks man, I've been meaning to run mass-check on it myself..
I've been wondering about the FPs in the MALEDYSFUNCTION rules.. it's
obvious all the FPs hit both it and obfu, which is weird.
I've had several technical mails hit, but upon trying to re-test them and
get them to hit, they
On Mon, 12 Jan 2004, Alex Satrapa wrote:
> MMoose wrote:
> > What I'd like to know is what are the real
> > implications of removing this switch?
>
> removing the taint-checking means that you no longer have any checks in
> place to prevent malicious parties from tricking the program into
> execu
From: Jonathan Nichols <[EMAIL PROTECTED]>
Date: Fri, 30 Jan 2004 10:10:43 -0800
>Some of these spams are *so* mixed up that I have absolutely no idea
>what they're even trying to hawk in the first place. It might as well be
>written in Klingon.
I just put up a private webmail for our clients.
On Fri, Jan 30, 2004 at 04:03:33PM +0200, Johann Spies wrote:
> I have installed Spamassassin 2.61-2 on Debian Sarge, but I can't get
> the daemon to run. Running "/etc/init.d/spamassassin start" does not
> complain about any error, but nothing happens.
>
> There is no spamd process running. I
Hey folks,
Like a most of you I have received a lot af SPAM mails with faked Habeas
headers. Thus I adjusted the HABEAS_SWE rule and excluded their headers
from Bayes.
I haven't seen those SPAMs for days now -- thus I wonder if those
adjustments are still justified.
My question to you fellow SPA
All,
I think I've seen this discussed before, but I can't seem to find it in the
archives.
I'm running SA on a FreeBSD/Postfix box, and I'm interested in starting a
second instance of postfix.
The SA box is only an inbound gateway for my Exchange 5.5 server, and what I
want to do is run all of m
Is this a moderated list? It sure is taking a while to get updates here
lately.
I am an ISP and I would be happy to donate the use of our list server for
the list if it was not too massive a list. Email turn arounds for the lists
that I already host average from 10-60 seconds. I am not intereste
I know Razor2 needed patching to work with SA 2.6x, I'm not sure about
Pyzor or DCC though. You could simply disable those within your SA
config for the time being.
Ryan Moore
--
Perigee.net Corporation
704-849-8355 (sales)
704-849-8017 (tech)
www.perigee.net
Marc G. Fournier wrote:
On
> Yesterday, at approximately 5:20pm, my server stopped filtering spam... it
> just decided to happily pass it along to its intended recipient. All the
> processes appeared to be running. /var/log/maillog shows calls to spamd,
> and it responding to connections, just doesn't seem to be doing any
On Wed, 28 Jan 2004 [EMAIL PROTECTED] wrote:
> How is the resource useage with clamav? I'm tempted to install it, but
> the cpus on that server are already pretty stressed just dealing with
> spamc (I already offloaded spamd to another box) and everything else it
> has to do, and am hesitant to
Whenever I try to run sa-learn --spam /path/to/dir i get the following
error
Can't locate object method "init_learner" via package "Mail::SpamAssassin" at
/usr/local/lib/perl5/site_perl/5.005/Mail/SpamAssassin/CmdLearn.pm line 163.
Can anyone help me please? I cant figure out what the problem is
> -Original Message-
> Now he has re-written how the mail is sent and most scores under 5.
>
> However those mails that score over 5 seem to always score 5.07
> and boy that
> has him wound up.
This is why I started using SA on my server. A customer forwarded their SA
output headers to me
On Fri, 30 Jan 2004, Theo Van Dinter wrote:
> On Fri, Jan 30, 2004 at 07:24:57PM -0400, Marc G. Fournier wrote:
> > Pyzor -> check failed: Insecure $ENV{PATH} while running with -T switch at
> > /usr/local/lib/perl5/site_perl/5.005/Mail/SpamAssassin/Dns.pm line 870.
> > DCC -> check failed: Insec
This ended up being a local firewall issue that I have resolved. Thanks
for looking.
At 10:21 AM 1/28/2004, James Ervin wrote:
I have two mail servers running spamassassin. One has spamd running and uses:
# send mail through spamassassin
:0fw
| /usr/bin/spamc
This works and I get a nice log in
On Fri, Jan 30, 2004 at 04:18:06PM -0500, Adam Denenberg wrote:
> these are all mails that get learned about 30 days after being stored on
> the system. Basically people have 30 days to clean up their mail.. if
> not a FP, then we learn it as spam. So all learned mail is about 30
> days old to the
Hello people,
lots of chatting with Mr. Don, the kind guru behind sa_filter, has revealed
that
I need to do a lot of studying.
However, I was wondering if there is a chance of getting an example from
any chaps out there using SpamAssassin and sa_filter maybe ???
Any takers ?
any help welcome,
Peggy wrote:
> I have posted this message earlier, however, for some strange reasons, it was
> never posted. Here it is again:
I think I saw your question on this list before.
> I am trying to install SpamAssassin 2.63 under SunOS 5.9 by making libsnp.a;
Why do you try to build libsnp.a on
Top Post, sue me.
Fine with me.
Rick
Justin Mason wrote:
Folks --
given the *massive* numbers of issues with this list in its current
home, I suggest we may be better off moving it to Apache.org sooner
rather than later.
Currently, our status in Apache is that we are in the Incubator there,
wh
Looks like the list server is having some difficulty. I could
swear this post of mine appeared previously.
Analysis of the "Received" headers indicates this copy was
substantially delayed within Sourceforge. Wish I'd kept
the previous copy which I believe I received from SF.
- Forwarded mes
Thanks for the help and reply, but I still am unable to run spamc without having the
SUID bit set. I created a user and group spamd and added the following to my start
scipt:
spamd -d -a -c -u spamd -D
and still nothing. I put the nessary files in /etc/mail/spamassassin and changed
ownership
Hello Regis,
Monday, January 26, 2004, 1:56:56 PM, you wrote:
RW> Got some new variants on the "justified text" ratware. By going to 66 chars,
RW> they have slipped through the rule. So I've fixed it up a bit. Please test
RW> and let me know, etc.
I split your rule into multiple, each with a
Had a spate of unwanted emails, apparently empty body, very short message
ids.
Built a set of rules:
headerRM_hm_ShortMsgid06 Message-ID =~ /^.{1,6}$/
describe RM_hm_ShortMsgid06 Message ID is too short to be valid. Possible
spam/virus sign
score RM_hm_ShortMsgid06 0.800 #
Hi List.
I have a client who sends mail to me ia a SpamAssassin server. I receive
the mail
via My SA server but I am getting wierd results in the headers.
Is there a way to disable scans on mails that have been scanned already?
Regards,
Tom Kinghorn
-
At Wed Jan 28 23:01:48 2004, Brett Dikeman wrote:
>
> Martin Radford wrote:
>
> > It might be because you get the occasional false positive that you
> > want to avoid (but all the rest come under your threshold). You
> > probably would want these autolearned as ham.
>
> Actually, at the moment
Just happened to be browsing my maillog and came across this. Anyone
know whats going on here? Does this mean Digest::SHA1cant be found, or
it is obsolete and I need to update it?
Jan 30 14:35:23 mail spamd[14427]: Use of inherited AUTOLOAD for
non-method Digest::SHA1::sha1_hex() is deprecate
On Fri, 30 Jan 2004, Jennifer Wheeler wrote:
> > 'Bigevil.cf' -- never once seen in ham.
> > 'Maybeevil.cf' -- a small number of hits in ham
Here's a suggestion:
Rather than try to filter into two files, leave Bigevil as-is. Place
questionable domains that appear in Bigevil into another file (I
At 11:59 AM 1/30/2004, PieterB wrote:
Shouldn't a message that is identified as spam by the bayesian
filter of spamassassin (BAYES_90 or BAYES_99 in my case) never be
used as a message that is learned as ham? (I would expect it
not to be used for learning because it wouldn't improve the
bayesfilte
At Fri Jan 30 22:33:27 2004, Kareem Dana wrote:
>
> Hello,
>
> I use spamassassin 2.54 and just turned on bayesian filtering. I saved
> over 1000 recent spams and hams and trained the filter on those emails.
Well, you really ought to be using a later version than 2.54. The
current version is 2
>Aoccdrnig to a rscheearch at Cmabrigde Uinervtisy, it
>deosn't mttaer in waht oredr the ltteers in a wrod
>are, the olny iprmoetnt tihng is taht the frist and
>lsat ltteer be at the rghit pclae. The rset can be a
>total mses and you can sitll raed it wouthit porbelm.
>Tihs is bcuseae the huam
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Evan Platt writes:
>> It met the required hit total (exactly) to be classified as spam.
>
>I think we need a FAQ entry for this - this is covered QUITE often.
we have one. people don't read it ;)
- --j.
-BEGIN PGP SIGNATURE-
Version: GnuPG
At 01:10 PM 1/30/2004, Bob George wrote:
Are the spammers using some sort of filter to obscure the text
into something consistently decipherable? The messages I'm seeing
lately remind me of the 'haxor', 'jive', 'chef' and 'kraut'
filters (http://www2.dystance.net:8080/software/talkfilters/).
While
44 matches
Mail list logo