It's great, I run it at the MTA level and it drops tons of junk without
any false positives to date (after about 4 months usage).
Chris
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dan
Wilder
Sent: Monday, January 26, 2004 5:50 PM
To: Spamassassin Lis
Your Bayes must be hosed if what you think is spam gets BAYES_00.
Chris
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Paul
Diaguila
Sent: Monday, January 26, 2004 10:44 AM
To: [EMAIL PROTECTED]
Subject: [SAtalk] too much spam...
Greetings
Us
Why does it take your SA 69 seconds to process an email? Our systems
take about 3 seconds, using network tests and bayes with
Postfix/amavisd-new.
Chris
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Thomas Kinghorn
Sent: Friday, January 23, 2004 5:32
How did you setup all *SPAM* messages to get moved automatically
to a Spam folder? Is it setup by the users or system-wide? I'd love to
do that system-wide but it's too much to train every user to create
rules, etc. so I have mail redirected to a public spam folder for
periodic review by
Unfortunately the problem with SpamAssassin is that all the spam we
should be complaining to ISPs about we are simply silently accepting and
ignoring (perhaps reporting to DCC, Pyzor, Razor and Bayes...) and
/dev/null, that's it. For spammers, SA, it "only makes them stronger"
so to speak.
Mayb
Try using amavisd-new instead of spamd:
http://www.ijs.si/software/amavisd/
Here's a how-to:
http://www.geocities.com/scottlhenderson/spamfilter.html
Chris
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dan
Spray
Sent: Tuesday, December 16, 2003 2:17
On my site DCC hits approximately 20% of False Positives also (that is,
of the 1-2% of false positives, 20% have Razor hits), so don't give it
too much weight. Razor2 is the worse for that (50% of false
positives)... but I've weighted my scoring accordingly.
Chris
-
Use amavisd-new and configure emails over a certain tag
level to be redirected to a spam mailbox (in a mail-enabled public folder, for
instance).
Chris
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
gentianSent: Monday, December 08, 2003 8:50 AMTo:
[EMAIL PROTECTED]Subjec
Use amavisd-new with Postfix as a content-filter and have all spam
scoring over your threshold redirected to a mail-enabled Public folder
for review.
Also create a public folder for end users to drop in (with Outlook, move
the message) false negatives. Then create an IMAP script to remove and
s
Definitely FPs. I think SA has a very difficult time with solicited
commercial email, even with Bayes feeding. I had to up my site-wide
installation to 10.0 to get only the worst of the worst and to stop
people's solicited Princeline / Day's Inn, etc. hotel confirmations and
travel/real estate de
My way is easier:
http://www.plusone.com/gaptuning/postfix
Chris
---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more
Autoresponder list spam? That's a good idea actually, until the list
finds out which address is causing these bounce spams. The best part of
the idea is that it could potentially be unintentional (someone could've
let their domain expire and pool.com bought it up and auto-replies).
Chris
> This
Rather than reducing the values of those scores, why don't you:
1) Have outgoing email not get checked by SA (what's the point of that
anyway?)
or
Read the FAQ:
2) Create a rule subtracting 50 points for a message received from your
webserver.
http://spamassassin.taint.org/faq/index.cgi?req=s
It's probably a TMDA or pay-for-email service.
Chris
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Nigel Metheringham
Sent: Wednesday, October 22, 2003 4:45 AM
To: [EMAIL PROTECTED]
Subject: Re: [SAtalk] Looking for some interview subjects
On Wed, 200
Is there any spam correlation between a message using a Message-ID from
my own domain vs. its own Message-ID? I've noticed some in my corpus
uses my MX's Message-IDs vs. their own.
I also saw this rule on Chris Santerre's website:
header MY_MSGID_MX01 Message-ID =~ /\.mx01\.com/i
score MY_MSGID_
-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Thursday, October 09, 2003 5:35 PM
To: Covington, Chris
Cc: [EMAIL PROTECTED]
Subject: RE: [SAtalk] deploying SpamAssassin on MTA level for only some recipient
addresses
Chris,
Quoting "Covington, Chris" <[EMAIL PROTECTED
Amavisd-new can do that.
Chris
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Thursday, October 09, 2003 3:59 PM
To: [EMAIL PROTECTED]
Subject: [SAtalk] deploying SpamAssassin on MTA level for only some
recipient addresses
Hi,
Why don't you try Amavisd-new? You wouldn't have the problem of waiting
for SA before incoming email gets accepted.
Chris
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mike
Van Pelt
Sent: Thursday, October 09, 2003 11:23 AM
To: [EMAIL PROTECTED]
Subjec
I disabled RBL checks because valid Cable/DSL users in DHCP pools would
use their valid mail servers but trip the DHCP pool RBLs based on the
first IP address in the received chain. I believe this is a bug though;
it shouldn't be checking the very first IP address under those
circumstances.
Chris
Hi all,
I'd like to remove the headers from any email in my organization that
refer to its internal network structure, however when I do this with
postfix header_checks (xxx /IGNORE) SpamAssassin can no longer see the
LOCAL_RCVD header which adds negative points to users sending from my
domain.
T
So what is the solution for this problem? sa-learn --rebuild? I'm
getting a lot of FPs from it too, even though my threshold is 8.
Chris
---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_
That's nothing, I had an 82 once. I wish I had saved it though.
Chris
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kai
Risku
Sent: Friday, October 03, 2003 9:24 AM
To: [EMAIL PROTECTED]
Cc: Mike Carlson
Subject: RE: [SAtalk] Highest Score
65.489 usi
Make sure that the SA account has permission to run the pyzor
executable. For months I would run spamassassin -tD and Pyzor would
run, but SA was being run systematically as another user who didn't have
permission to execute Pyzor. Needless to say I never got any Pyzor hits
until I chowned/chmodd
Why is this test deprecated in 2.60?
I've had to disable RBLs all together because of too many FPs from
people who have DHCP/Cable Modems (on RBLs) and use their legitimate ISP
SMTP servers (not on RBLs). This setting would fix the problem if it
weren't disabled.
I'd like to un-disable RBLs
You guys are forgetting that dnsbl.sorbs.net has also been taken down
after a DDoS. One too many...
Chris
---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_
Hi all,
I keep getting numerous FPs from not-so-savvy people who have DSL/Cable
(ie their machine is usually in some kind of DSL/Cable DHCP pool RBL,
though their ISP mail server isn't), use predominantly HTML mail with
big colors and weird fonts (i.e. hit HTML_* rules), hit
FROM_ENDS_IN_NUMS, NO_
-Original Message-
>From: J. S. Townsley [mailto:[EMAIL PROTECTED]
>Note the date on that first letter.
>
>--JST
* Covington, Chris [Tue, 16 Sep 2003]
> From: "Covington, Chris" <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Subject: RE: [SAtalk]
All interested parties should read:
http://www.iab.org/Documents/icann-vgrs-response.html
I just hope Verisign doesn't read this as "OK, we'll change an aspect or
two of how the new system works."
Chris
---
This sf.net email is sponsored by:T
-Original Message-
>It looks as though the same trademark atty Joseph G Adams has
>attempted to register it for deersoft and for network
>associates.
>I see his phone number is at the bottom of the listing if
>anyone is interested:
>http://tarr.uspto.gov/servlet/tarr?regser=serial&entry=
-Original Message-
> Could very well be that your own mail relay (or that of a common
> uplink) is listed in the blacklist.
>
>We tried using sorbs lookups at the mta level and they consistenly
>returned dns lookup errors. I also tried connecting to their website
>with no success.
I've d
-Original Message-
From: Tony Hoyle [mailto:[EMAIL PROTECTED]
>Since there isn't a standard for received headers, no rule will work
for
>Everyone...
>MS Exchange:
>Received: from mail.magenta-netlogic.com ([192.168.1.2]) by
ireland.local.mnl
>with Microsoft SMTPSVC(5.0.2195.5329);
>
This is what I'm now using w/Postfix (should work for any MTA):
header NO_RDNS Received=~ /\(unknown[ ]\[/
describe NO_RDNS Sending MTA has no reverse DNS
score NO_RDNS 2.5
header NO_RDNS2 Received=~ /\(\[.*\]\)/
describe NO_RDNS2 Sending MTA has no reverse DNS
score NO_RDNS2 2.5
--
> -Original Message-
> From: Tony Hoyle [mailto:[EMAIL PROTECTED]
>
> It's actually quite a good spam sign, but you I don't think
> you can get that information From the MTA (I used to block on
> it for a while, which had only a handful of FPs in over 6
> months... A way to assign poin
> -Original Message-
> I've noticed that Columbia University has an SA rule for no
> reverse DNS: CU_NO_RDNS on
> http://www.columbia.edu/acis/email/filters/spamscore.html
I'd imagine I'd only give it minimal points.
Chris
---
This s
Hello,
I've noticed that Columbia University has an SA rule for no reverse DNS:
CU_NO_RDNS on http://www.columbia.edu/acis/email/filters/spamscore.html
Does anyone know how to implement this rule?
thanks
Chris
---
This sf.net email is sponsor
Remove .utf-8 from your system's $LANG variable.
Chris
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Lance Ware
Sent: Wednesday, September 03, 2003 11:35 PM
To: [EMAIL PROTECTED]
Subject: [SAtalk] RH 9.0 issues
Hi folks,
Sorry for bothering the list
I've been using Pyzor for awhile now, but I can't remember ever getting
a hit from it. So just for grins and sh$ts I ran spamassassin -tD <
testspam.txt and got the following:
debug: executable for pyzor was found at /usr/bin/pyzor
debug: Pyzor is available: /usr/bin/pyzor
debug: entering helper-
> -Original Message-
> how sucessfull is pyzor in detecting spam? Any experiences?
> I'm alread
> using razor, which works quite nice. Would I get better results using
> pyzor instead or should I use a combination of both?
I've been using SA w/Pyzor for about 2 months now with ~600 or s
I have Postfix configured to reject any incoming SMTP that HELOs with my
IP addresses. I suppose you could make a custom rule for that in SA if
you don't use Postfix. So far that rule has never blocked any
legitimate email.
Chris
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL
x27;s very simple to
learn and administer. Check out www.postfix.org and the postfix mailing
list.
Chris
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Christopher M. Iarocci
Sent: Tuesday, August 19, 2003 4:56 PM
To: Covington, Chris; [EMAIL PROTECTED]
Why don't you consider Postfix and Amavisd-new, since you're switching
to a new mailer anyway?
http://www.geocities.com/scottlhenderson/spamfilter.html
Chris
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Christopher M. Iarocci
Sent: Tuesday, August 19,
Oh boy, I thought this kind of problem was reserved for the luser/MCSE
lists...
Chris
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Friday, August 15, 2003 2:02 PM
To: [EMAIL PROTECTED]
Subject: [SAtalk] Brian Platt/Hgsi is out o
Hi all,
I'm trying to install SA 2.55 on a Solaris shell account I have which
uses AFS in an institutional (.edu) setting. I'm able to compile SA
with the following options:
perl Makefile.PL PREFIX=~/utils/sausr SYSCONFDIR=~/utils/saetc
INSTALLSITELIB SITELIBEXP
make
make install
But when I run
-Original Message-
From: Tom Meunier [mailto:[EMAIL PROTECTED]
>
>I don't know how you're doing this, but my Ham and Spam public folders
work exactly as
>specified. Are you certain your users aren't forwarding them there,
but rather dragging
>& dropping from Outlook? Are your users conne
To answer my own question, it looks like I have to use
$final_spam_destiny = D_DISCARD with Postfix in order to not bounce
spams. I have them quarantined.
Chris
-Original Message-
>>The Postfix program
>>
><[EMAIL PROTECTED]>: host localhost[127.0.0.1] said: 550
Guys,
FYI I have upgrade to Exchange 2003 and there is no longer a problem
with full headers being retrieved by IMAP, even if some messages are
"posts" in the public folders and others are "notes." And also,
PR_INTERNET_CONTENT still disappears on messages moved to the public
folders, but it does
Tony et al. I guess I'll let the cat out of the bag. Tom Meunier
discovered the M$-known issue. The problem is
http://support.microsoft.com/?id=817809 which is basically that public
folders' emails are treated as PR_MESSAGE_CLASS IPM.Note instead of
IPM.Post.
Those of you who don't have the pro
-Original Message-
>From: Martin Bene [mailto:[EMAIL PROTECTED]
>
>Headers are still there; I haven't used a "normal mail client, instead
>I use teh perl script posted on the list earlier this year:
>http://marc.theaimsgroup.com/?l=spamassassin-talk&m=104806917615490&w=2
>
>The downloade
You and every spammer out there would love to know from a simple web
page what SA would think of their messages... Why don't you just save a
copy of the full message you've received on an outside account and then
spamassassin -tD < testmessage?
Chris
-Original Message-
From: Rickard Ande
Does anyone know how to prevent amavisd-new w/postfix from bouncing
SPAM?
I have the following defaults set in amavisd.conf:
>$final_virus_destiny = D_BOUNCE; # (defaults to D_BOUNCE)
>$final_banned_destiny = D_BOUNCE; # (defaults to D_BOUNCE)
>$final_spam_destiny = D_REJECT;
Hi all,
Does amavisd-new pick up local.cf whitelist_from(s) or only its own map
{ $whitelist_sender{lc($_)}=1 } (qw());?
thanks
Chris
---
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals,
-Original Message-
>From: Tony Hoyle [mailto:[EMAIL PROTECTED]
>Unfortunately that's not it... Your message for example shows
>up as an IPM.Note, and when I copy it to the public spam folder
>it remains an IPM.Note, except exchange deletes the
>PR_INTERNET_CONTENT property while copying.
-Original Message-
From: Martin Bene [mailto:[EMAIL PROTECTED]
>If I tell you that it "just worked" for me, this probably isn't very
helpful.
>Still:
> * I created the public folder in Outlook and selected "email" as
folder type.
> * mail dropped in the new folder apears as a
-Original Message-
From: Ryan Bingham [mailto:[EMAIL PROTECTED]
>Tony (or anyone else in the know),
>
>Could you post more details about how you were able to handle the
>headers problem in Exchange 2000? I have had the same problems as
Chris
>extracting meaningful header information fro
I just want to know how long it's going to take for spammers to learn to
spoof MAIL FROM: <[EMAIL PROTECTED]> and get by a
few filters. ;)
Chris
-Original Message-
From: Jonathan Nichols [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 06, 2003 11:33 PM
To: [EMAIL PROTECTED]
Subject: [
Hi all,
RH 9, amavisd-new 06162003, Postfix 2.0.13, SA 2.55.
I've been using the wonderful script from:
http://marc.theaimsgroup.com/?l=spamassassin-talk&m=105622875610715&w=2
I instruct users to move undetected SPAM to Public Folders.
But I've noticed that Exchange 2000 Public Folders in IMAP
Hi all,
Has anyone thought of/found an automated solution to removing messages
from an Exchange system and cronning sa-learn on them? Right now I have
users move spam that makes it past SA/Postfix into a Public Folder, and
then I move that into a special user's mailbox, run pine, export the
messa
Hi all,
I'm running SA 2.55 on two RH 9 servers each with Postfix 2.0.13 and
amavisd-new (20030616) installed in default locations. Though SA is
running great with its default settings, it seems that the local.cf file
in /etc/mail/spamassassin isn't being used (IE it's ignored), though it
has 644
58 matches
Mail list logo