ust block
name=*.scr and name=*.exe
you should probably be blocking these anyways.
Anyone who needs to send an exe can easily just zip it.
Here is my procmail rule:
:0B
* Content-Type: application|Content-Type: audio
* name=.*.pif|name=.*.scr|name=.*.exe|name=.*.com
/tmp/viruses
Cheers,
Just block
name=*.scr and name=*.exe
you should probably be blocking these anyways.
Anyone who needs to send an exe can easily just zip it.
Here is my procmail rule:
:0B
* Content-Type: application|Content-Type: audio
* name=.*.pif|name=.*.scr|name=.*.exe|name=.*.com
/tmp/viruses
Cheers,
Just block
name=*.scr and name=*.exe
you should probably be blocking these anyways.
Anyone who needs to send an exe can easily just zip it.
Here is my procmail rule:
:0B
* Content-Type: application|Content-Type: audio
* name=.*.pif|name=.*.scr|name=.*.exe|name=.*.com
/tmp/viruses
Cheers,
The correct way to do this is not nslookup sitefinder.verisign.com,
but rather nslookup www.safsdafdsfadsfsdafadsfdsaf.com or some
other garbage address.
If you program spamassassin to do this, you can easily keep up
with any ip changes that might happen.
Jon.
On Wednesday 17 September 2003
Nope, it returns them all on my box.
i.e. when i type nslookup www.yahoo.com i get about 20 ip addresses.
So presumably, looking up a garbage address should also work
even with round-robin.
Jon.
On Wednesday 17 September 2003 01:18 pm, Daniel Quinlan wrote:
Jon Gabrielson [EMAIL PROTECTED
The correct way to do this is not nslookup sitefinder.verisign.com,
but rather nslookup www.safsdafdsfadsfsdafadsfdsaf.com or some
other garbage address.
If you program spamassassin to do this, you can easily keep up
with any ip changes that might happen.
Jon.
On Wednesday 17 September 2003
The correct way to do this is not nslookup sitefinder.verisign.com,
but rather nslookup www.safsdafdsfadsfsdafadsfdsaf.com or some
other garbage address.
If you program spamassassin to do this, you can easily keep up
with any ip changes that might happen.
Jon.
On Wednesday 17 September 2003
Is there a way to change this behavior?
It seems to me that a high bayes score also shows that it is spam
and it might be possible to grab a few new tokens from the spam
which you otherwise wouldn't get.
Jon.
On Friday 29 August 2003 12:22 pm, Tom Meunier wrote:
Somebody already answered the
Is there a way to tell bayes to require at least X number of hits?
I received a piece of ham that was flagged the following:
BAYES_99 (3.0 points) BODY: Bayesian classifier says spam probability is
99 to 100%
[score: 0.9990, hits: 'N:H*r:N.NN.NN':1,]
I would like to set the
The correct syntax for your local.cf file is:
scoreBAYES_99 5.0
scoreBAYES_90 4.0
etc
Cheers,
Jon.
On Friday 29 August 2003 11:42 am, [EMAIL PROTECTED] wrote:
Greetings,
I'd like to increase the score for certain bayes
confidence levels. My understanding is
This is exactly what I have been looking for. Does
anyone know of any other MTAs that support these
types of features? If not, I will probably be switching
to exim. (i'm currently running postfix, but the SPAM
features listed below would be worth the pain of
switching)
Thanks,
Jon.
Drav
To my knowledge, spamassassin only uses blacklists on
headers, i think that it should use it on urls in the body as well.
EVERY piece of spam out there has contact info, or they can't
sell their product, and that contact info is probably one of the hardest
things to keep changing. If there were
Justin Mason wrote:
BTW, just met with some researchers in Trinity College here in Dublin for
lunch, an AI guy and a distributed-systems peer-to-peer guy, they're
*both* looking at starting anti-spam projects.
So, wondering -- does anyone have good ideas for new systems in those
Are there any blacklists for spamfriendly urls?
Or is there a way to make spamassassin use the
existing blacklists to check out the ips of urls in
the body of the message. Most of my spam seems
to have bogus email addresses, but at the same
time have valid urls to either buy their product or to
This is a REALLY bad idea, 3+ is not very high.
Both my discover card statement and the slashdot newsletter
have both been flagged by razor with ac 3.
My discover card statement came in at a 5.
IF you insist on doing this, pick a reasonable number like 15
To set the number, set the ac value in
Schroeder [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: [SAtalk] bouncing as an alternative to /dev/null
On 2002-11-24 17:05:47 -0600, Jon Gabrielson wrote:
Anyways, i thought that I would throw up a page
explaining how I bounce spam instead. I bounce
Automatically bouncing spam
I received a FP today that had the following header:
X-Declude-Sender: [EMAIL PROTECTED] [192.168.1.20]
X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for
spam.
I have also noticed other commercial filters in headers before.
Would adding a rule that gives a few positive
On Sunday 24 November 2002 18:32, Dark Alchemist wrote:
Jon Gabrielson wrote:
It seems to be a common question to ask how to
/dev/null high scoring spam. This should probably
be in the FAQs (as well as a few safer methods).
Anyways, i thought that I would throw up a page
explaining how
So, what that is saying is that if the subject does not contain 332762
then send it to /etc/smrsh/bounceSPAM $4 $2
correct.
(I have no idea what the 4th and 2nd argument would be).
The 4th and 2nd argument happen to be username and email address
respectively(from the arguments passed
I have two questions:
1) How can you see what words are generating the spam phrase
hits and how can you disable individual words?
2) shouldn't the below numbers be in order?
ie. why does 00_01 score higher that 01_02 and
why is 55_XX the second lowest?
50_scores.cf:score
Here is a false negative i received today.
I already reported it to razor.
Is this the best place to report it for spamassassin?
Jon.
---BeginMessage---
Dear Sirs/Madam
We found your company on www.directfreight.com's website and believe that
our Hong Kong Fax Line service will assist your
Does spamassassin give higher scores to items
in the razor database with a higher confidence
level? If not, is this something that is even possible?
Jon.
---
This sf.net email is sponsored by: To learn the basics of securing
your web site
Last night I installed DCC and pyzor, and now
spamc is hanging. I have restarted spamd
several times, but spamc still hangs.
spamassassin still works, with the same command
line options, and spamassassin --lint is clean.
Any ideas why this is happening, or how I can
diagnose the problem? Before
-- Listed in DCC, see http://rhyolite.com/anti-spam/dcc/
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Jon
Gabrielson
Sent: Tuesday, November 12, 2002 10:51 AM
To: [EMAIL PROTECTED]
Subject: [SAtalk] 2 more false negatives.
Attached are 2 more false
As far as I can tell, nonlocal tests only raise
the score, never lower it. If this is the case, it
might be nice to be able to skip nonlocal tests
if the score is already above the threshold.
Jon.
---
This sf.net email is sponsored by:
To
I have a false positive where the presense of
a [u in the subject line i.e. [unknown] or [usa]
causes:
SPAM: UNDESIRED_LANGUAGE_BODY (4.0 points) BODY: Written in an undesired
language
When i remove [u from the subject line this rule no longer
triggers.
Can someone explain to me why this is
I have been getting a huge amount of false negatives
since i upgraded spamassassin. Attached is
one of the more obvious false negatives. Any suggestions
about why this message got through spamassassin?
It is loaded with tons of pornographic keywords, etc...
Thanks,
Jon.
---BeginMessage---
Several people have been asking how to redirect mail
straight to /dev/null I personally would be interested in
knowing what the simplest way to bounce messages
above a certain threshold would be. I do not want to
delete a message without at least warning the recipient
that their message was not
28 matches
Mail list logo
