Hi Regis,
> -Original Message-
> From: [EMAIL PROTECTED]
[mailto:spamassassin-talk-
> [EMAIL PROTECTED] On Behalf Of Regis Wilson
> Sent: Monday, January 26, 2004 4:57 PM
> To: [EMAIL PROTECTED]
> Subject: [SAtalk] [RD] Justified text
>
> Got some new variants on the "justified text" ratw
> On Thu, Jan 22, 2004 at 02:37:09AM -0500, Larry Gilson wrote:
> > Hi Bob,
> >
> > Along the same lines, I had the following:
> >
> > describe MY_RBDY_INVTXTSZ1 MY: Invisible text size
> > rawbody MY_RBDY_INVTXTSZ1 /font\s+.*\bsize=.-\d\D/i
> > score
> -Original Message-
> From: Robert Menschel [mailto:[EMAIL PROTECTED]
> Sent: Thursday, January 22, 2004 8:13 PM
> To: Larry Gilson
> Cc: Spamassassin-Talk (E-mail)
> Subject: Re[2]: [SAtalk] SA missed an 'invisible font'?
>
> Hello Larry,
>
>
Hi Bob,
Along the same lines, I had the following:
describe MY_RBDY_INVTXTSZ1 MY: Invisible text size
rawbody MY_RBDY_INVTXTSZ1 /font\s+.*\bsize=.-\d\D/i
scoreMY_RBDY_INVTXTSZ1 0.5
describe MY_RBDY_INVTXTSZ2 MY: Invisible text size with style
rawbody MY_RBDY_INVTXTSZ2 /size=.-\d\D sty
> -Original Message-
> From: [EMAIL PROTECTED]
[mailto:spamassassin-talk-
> [EMAIL PROTECTED] On Behalf Of Chris Santerre
> Sent: Wednesday, January 21, 2004 11:27 AM
> To: '[EMAIL PROTECTED]';
[EMAIL PROTECTED]
> Subject: RE: [SAtalk] [OT] - The current state spam.
>
> Yeah, we have had t
Thanks Chris!
--Larry
> -Original Message-
> From: [EMAIL PROTECTED]
[mailto:spamassassin-talk-
> [EMAIL PROTECTED] On Behalf Of Chris Santerre
> Sent: Tuesday, January 20, 2004 3:39 PM
> To: Spamassassin-Talk (E-mail)
> Subject: [SAtalk] Bigevil updated again :)
>
> Just posted 2.06M w
Thanks for clarifying Justin!
--Larry
> -Original Message-
> From: [EMAIL PROTECTED]
> Sent: Monday, January 19, 2004 11:35 PM
> To: Larry Gilson
> Cc: 'Ross Vandegrift'; [EMAIL PROTECTED]
> Subject: Re: [SAtalk] Bayes mis-learning problem
> Larry Gi
Hi Scott,
I tried the link and wound up with a 404 page not found error message.
Thanks,
Larry
> -Original Message-
> From: [EMAIL PROTECTED]
[mailto:spamassassin-talk-
> [EMAIL PROTECTED] On Behalf Of Scott Lambert
> Sent: Monday, January 19, 2004 7:32 PM
> To: [EMAIL PROTECTED]
> Cc:
> -Original Message-
> From: Ross Vandegrift [mailto:[EMAIL PROTECTED]
> Sent: Monday, January 19, 2004 4:07 PM
> To: Larry Gilson
> Cc: [EMAIL PROTECTED]
> Subject: Re: [SAtalk] Bayes mis-learning problem
>
> On Mon, Jan 19, 2004 at 03:21:06PM -0500, Larr
Look at:
http://useast.spamassassin.org/doc/Mail_SpamAssassin_Conf.html#learning%20op
tions
bayes_ignore_header header_name
If you receive mail filtered by upstream mail systems, like a spam-filtering
ISP or mailing list, and that service adds new headers (as most of them do),
these headers may
Thanks Matt!
--Larry
> -Original Message-
> From: [EMAIL PROTECTED]
[mailto:spamassassin-talk-
> [EMAIL PROTECTED] On Behalf Of Matt Yackley
> Sent: Monday, January 19, 2004 11:57 AM
> To: [EMAIL PROTECTED]
> Subject: [SAtalk] New Ruleset: EvilNumbers
>
> Inspired by classic hits such a
> CONGRADULATIONS to all the devs!! You deserve it!
Yes congratulations - and thanks for your hard work and dedication!
> I can't think of any other program that has made me happier
> the SA. OK, maybe MacPlaymate ;)
You dog!
---
This SF.
Round 2 . . .
Does anyone have an idea about this?
Thanks,
Larry
> -Original Message-
> From: Larry Gilson
> Sent: Wednesday, December 17, 2003 10:17 AM
> To: Spamassassin-Talk (E-mail)
> Subject: SORBS in SA 2.55?
>
>
>
> Is it possible to implement the
Sorry about that Chris, I forgot your disclaimer! Apologies!
--Larry
> -Original Message-
> From: Larry Gilson [mailto:[EMAIL PROTECTED]
> Sent: Friday, December 19, 2003 2:18 PM
> To: 'Chris Santerre'; [EMAIL PROTECTED]
> Subject: RE: [SAtalk] Bigevil 2.05 p
Hi Chris,
I still see smartbargains.com (BigEvilList_152) and qksrv.net
(BigEvilList_139) which hit from a Upromise newsletter.
--Larry
> -Original Message-
> From: Chris Santerre [mailto:[EMAIL PROTECTED]
> Sent: Friday, December 19, 2003 2:08 PM
> To: Spamassassin-Talk (E-mail)
> Sub
> -Original Message-
> From: S. M. C. Butler [mailto:[EMAIL PROTECTED]
>
> Thx for the info larry. Can I place a blacklists.cf file in
> /etc/mail/spamassassin and will it be read in conjunction to
> any blacklist information I place in my ~/.spamassassin/local.cf
> file?
Yes, SA wil
> -Original Message-
> From: Matt Kettler [mailto:[EMAIL PROTECTED]
>
> At 12:07 PM 12/19/2003, Gilson, Larry wrote:
> >I am confused. Mail::SpamAssassin::Conf states the following:
> >
> > "This operates additively, so a trusted_networks line
> > after another one will result i
You will want to put your custom .cf files in /etc/mail/spamassassin. You
can put them in /usr/share/spamassassin but they will be deleted during an
upgrade so it really does not make sense. The rules will not be seen in
~/.spamassassin/.
Review the "Priveleged Settings" section of
http://useast
Hi Matt,
I am confused. Mail::SpamAssassin::Conf states the following:
"This operates additively, so a trusted_networks line
after another one will result in all those networks
becoming trusted."
What does this really mean?
--Larry
> -Original Message-
> From: Matt Ket
Hi Marc,
Do you see control characters when you open the message with a text editor?
I am wondering if Outlook is converting the text message to a .msg format
during the copy.
--Larry
> -Original Message-
> From: Marc Steuer [mailto:[EMAIL PROTECTED]
--snip--
> Let me put in my $.02
ound with for a while now.
>
> Thanks
>
> Alan
>
> -Original Message-
> From: Larry Gilson [mailto:[EMAIL PROTECTED]
> Sent: 18 December 2003 22:29
> To: 'Alan Munday'
> Cc: 'Spamassassin-List'
> Subject: RE: [SAtalk] Source RPMs - Razor2
Sounds like you are trying to mix RPM and CPAN installations. If you are
using a .src.rpm with a .spec file that includes lines like:
BuildRequires: perl(URI), perl(Time::HiRes)
BuildRequires: perl(File::Copy), perl(File::Copy)
BuildRequires: perl(Digest::Nilsimsa), perl(Digest::SHA1)
BuildRequir
Thanks Kris!
--Larry
> -Original Message-
> From: Kris Deugau [mailto:[EMAIL PROTECTED]
> Sent: Thursday, December 18, 2003 2:38 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [SAtalk] Source RPMs - Razor2 and DCC
>
>
> Larry Gilson wrote:
> > Does anyone h
; Are you on the GO yet?
> What about those you know, are they on the GO?
> 513.934.2800
> 1.888.ON.GO.YET
>
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On
> Behalf Of Larry Gilson
> Sent: Thursday, December 18, 2003 12:58 P
I was thinking of tackling this problem from the other end. Below are some
options from the Exchange list I subscribe to. I asked the question as to
how to extract the message to a text file. Presumably, the message would be
raw. The thought is that the extraction method would be a solution mor
Thanks Theo!
--Larry
> -Original Message-
> From: Theo Van Dinter [mailto:[EMAIL PROTECTED]
>
> I have Razor at
> http://www.kluge.net/ftp/pub/felicity/SRPMS/razor-agents-2.36-1tvd.src.rpm
>
---
This SF.net email is sponsored by:
Does anyone have up-to-date source RPMs for DCC (1.2.22) and Razor2 (2.36
including the patch)?
Thanks,
Larry
---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills. Sign up for IBM's
Just find the testname:
http://useast.spamassassin.org/tests.html
I'll just use SORBS as an _example_:
Test name: RCVD_IN_SORBS
local.cf or custom .cf entry:
score RCVD_IN_SORBS 0
Setting the score to 0 will prohibit the test from running.
--Larry
> -Original Message-
> From: Ri
Is it possible to implement the SORBS tests in 2.55? I am a little confused
looking at the tests. I normally see 'eval:check_rbl' but I notice that
2.61 also uses 'eval:check_rbl_sub'. Should I remove the '_sub' or not
implement the tests?
Thanks and Regards,
Larry
---
> -Original Message-
> From: Fred
>
> Hello,
> I am out the door on my way to work but we need a rule for a
> new IE exploit just released, Visit this page, the exploit is
> harmless but to the spoofer, it's man's best friend.
>
> http://www.zapthedingbat.com/security/ex01/vun1.htm
>
Hi Mitchell,
> -Original Message-
> From: Mitchell Baker
>
> I am wanting to setup that any message from systems within
> our domain don't get sent to spamd... I have the following
> in the /etc/procmailrc
> file:
>
> :0:
> * [EMAIL PROTECTED]
> ${DEFAULT}
> # From system.rose-hulman.
I have a Perl subroutine called from a CGI I call deliver. It was designed
to deliver quarantined messages to whatever location I desired. Although I
call a file to create a message array in which I pass the reference $msgref,
you could just create the array from the form. The RCPT TO array is a
Seeing that spammers don't get rid of Email addresses, can you imagine the
hundreds of new SMTP rejects *accumulating* every day?
--Larry
> -Original Message-
> From: Evan Platt
> Sent: Thursday, December 04, 2003 3:35 PM
> To: SpamAssassin
> Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> S
Thanks Chris - great work!
--Larry
> -Original Message-
> From: Chris Santerre
>
>
> BIG HUGE NEWS
>
> A major breakthrough has taken place
>
> ALL EVILRULES FILES HAVE BEEN COMBINED!! 2622 domains into
> 178 rules!!! Ramdon/tracking hosts tags removed!
>
> They only incr
Hi Bob,
Sorry for the long delay in my response. I have taken a little break.
Thanks for running the rules through masscheck against your corpus. I have
no where near the corpus that you do and find the testing methodology in
your first and second run, and results very interesting. Thanks again
Hi Julia,
> -Original Message-
> From: McWhirter,Julia
>
> Larry/Jennifer,
>
> I have copied the chickenpox and popcorn rules which are
> working fine thanks very much Jennifer. Larry my install is
> also outside the firewall and therefore needs site-wide
> config and not user based
> -Original Message-
> From: Jennifer Wheeler
>
> > Yes so I found out, but too be fair he did say it might be too
> > restrictive and in my case it is. I am now looking at enabling
> > bayes unless anyone has any other suggestions.
I have been using Bayes for about 3 weeks to a mont
Hi Logan,
First, thanks for addressing the list. I think it takes integrity and guts
to respond rather than just run away.
-Original Message-
From: Logan Harbaugh [mailto:[EMAIL PROTECTED]
Sent: Monday, November 24, 2003 8:05 PM
To: [EMAIL PROTECTED]
Subject: [SAtalk] An Open Letter to
-Original Message-
From: Larry Gilson
Sent: Tuesday, November 25, 2003 3:30 PM
To: 'Tony Bunce'; '[EMAIL PROTECTED]'
Subject: RE: [SAtalk] Ideas
Attached is a custom rule file. It has been working rather well and I will
be increasing the score from 0.5 to 1.0.
> -Original Message-
> From: Matt Kettler [mailto:[EMAIL PROTECTED]
> Sent: Thursday, November 20, 2003 4:53 PM
> To: Alex van den Bogaerdt; [EMAIL PROTECTED]
> Subject: Re: {SPAM} [SAtalk] FYI
>
>
> At 10:08 AM 11/18/2003, you wrote:
> >Spammers now send templates to use... how nice
> -Original Message-
> From: ian douglas
> Sent: Thursday, November 20, 2003 4:19 PM
> To: [EMAIL PROTECTED]
> Subject: RE: [SAtalk]
>
>
> > Just my $0.02, but I'd make it this:
> >
> > color=("?\#?F[0-9A-F]F[0-9A-F]F[0-9A-F]"?|"?white"
>
>
> FYI, you should also change
>
> color=
>
> -Original Message-
> From: spamassassin
> Sent: Thursday, November 20, 2003 2:05 PM
> To: [EMAIL PROTECTED]
> Subject: [SAtalk] How to mark spam for certain users and
> still deliver it?
>
>
> Hello,
>
> I have one client who wants to receive any emails they get,
> irrespective of
THANKS! I don't know what was worse - having my MTA 550 the attempted
message or listening to talk of it every day. ;) Seriously though, thank
you!
--Larry
> -Original Message-
> From: [EMAIL PROTECTED]
> Sent: Thursday, November 20, 2003 3:49 PM
> To: [EMAIL PROTECTED]
> Subject: [SAt
Hi Kevin,
Any .cf file will be processed in /etc/mail/spamassassin and
/usr/share/spamassassin. However, you are advised to avoid
/usr/share/spamassassin as an update/upgrade will delete the directory and
install a new - one so any custom rules will be wiped out. The links below
will help you in
> -Original Message-
> From: jennifer [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, November 19, 2003 8:45 PM
> To: 'Larry Gilson'; [EMAIL PROTECTED]
> Subject: RE: [SAtalk] [RD] second weeds set
>
>
> Hi Larry,
>
> I agree, it would be nice i
I have been experimenting with rules that will catch periods and pipes
obfuscating text. Attached is my punctuation.cf file. It caught your
example.
* 0.5 -- BODY: MY: Word obfu by periods (a.bcd)
* 0.5 -- BODY: MY: Word obfu by periods (abcde.fghij)
* 0.5 -- BODY: MY: Word obfu by peri
Hey Jennifer,
Just a quick note to let you know that I abondoned my effort to consolidate
your rules. While they worked for the most part, the were not as effective
as yours. I still don't like the lack of effeciency of multiple rules, the
effectiveness can not be beat!
Thanks,
Larry
> -O
You just missed a discussion about a custom rule. If you are not familiar
with custom rules, I suggest some reading and examples:
http://mywebpages.comcast.net/mkettler/sa/SA-rules-howto.txt
http://www.merchantsoverseas.com/wwwroot/gorilla/sa_rules.htm
http://www.exit0.us/
http://www.emtinc.ne
> -Original Message-
> From: Ralf Guenthner
> Sent: Wednesday, November 19, 2003 12:08 PM
> To: [EMAIL PROTECTED]
> Subject: [SAtalk] Rule for naughty words containing dots?
>
>
> Hi list
>
> Recently I've seen an increase in spam mails like the one below.
> Using SA 2.60 with a spam th
Hey Mike,
> -Original Message-
> From: MIKE YRABEDRA
> Sent: Wednesday, November 19, 2003 8:55 AM
> To: SPAMASSASSIN
> Subject: Re: [SAtalk]
>
>
> on 11/17/03 3:13 PM, Michael Weber at [EMAIL PROTECTED] wrote:
>
> > I've had a rule filtering out that font color for several
>
> > mont
> -Original Message-
> From: Chris Santerre
--snip--
> >
> > One of the big advantages of using a DB type system is that it
> > can be updated 'hot' on a running system. A system based upon
> > parsing a config file and creating an in-memory hash table would
> > requirerestarting sp
Hi Rikhardur,
> -Original Message-
> From: [EMAIL PROTECTED]
>
> Since we "upgraded" to Microsoft Exchange 2000, we´re not getting
> the X-Spam-* headers any more.
>
> The Headers begin by the line : "Microsoft Mail Internet
> Headers Version 2.0" and most useful information has either
> -Original Message-
> From: Jacob S.
>
> On Mon, 17 Nov 2003 21:01:24 -0500
> Larry Gilson <[EMAIL PROTECTED]> wrote:
>
> > I am running Postfix with SA, Procmail, and Webmin on Red Hat
> > 8.0. I want to move away from RH and am soliciting opin
#x27;ve never used them before. Six of one, half a dozen of
> the other. They both do the job and do it well. I have one Slack
> Mailserver with 400+ days uptime and one or two FreeBSD systems with
> more than 200 days uptime.
>
> HTH's
>
> Regards,
>
> Rick
&g
I am running Postfix with SA, Procmail, and Webmin on Red Hat 8.0. I want
to move away from RH and am soliciting opinions. I figure that for me, I
have 3 viable choices: FreeBSD, Debian, and Slackware. I want a free OS so
I don't want to use SuSE, Mandrake, or the like. Nothing against the
dist
Hey Chris,
I may be oversimplifying the problem, but I don't think the db code is
elaborate. I wrote Perl DB_File routines for squidGuard. What is needed is
a hook to develop custom eval functions. Otherwise you run the risk of the
eval function not surviving updates. Even if one would maintai
SA 2.55
I am aware that HTML tags and line breaks are remvoed for 'body' rule tests.
I was wondering what the line breaks are replaced with. Are they replaced
with spaces? If I start or end a search with a space, like:
body MY_BDY_PDS_S3P1/ [a-z]{3}\.[a-z]{1}/i
body MY_BDY_PDS_1P3S
I have a thought that might work but is high maintenance. First, dump the
POP3 connector. Second, setup your Postfix server as a relay using
relay_recipient_maps. Using Procmail, or similar, you could forward tagged
messages to a Public Folder setup for each user.
Public Folders
-Possible Spa
than
they already do by adding the complexity of Bayes for a population that
size?
--Larry
> -Original Message-
> From: Covington, Chris
> Sent: Wednesday, November 12, 2003 12:10 PM
> To: Larry Gilson; [EMAIL PROTECTED]
> Subject: RE: [SAtalk] scoring sy
e spam filters and
> Postfix/SpamAssassin integration
>
>
> --On Friday, November 07, 2003 12:42 AM -0500 Larry Gilson
> <[EMAIL PROTECTED]> wrote:
>
> > You might want to look at SecuritySage for some configuration
> > details.
> >
> > http://www.
SMTP gateway/filter
> -Original Message-
> From: David B Funk
> Sent: Wednesday, November 12, 2003 2:45 AM
> To: Larry Gilson
> Cc: 'Robban'; [EMAIL PROTECTED]
> Subject: RE: [SAtalk] SMTP gateway/filter
>
>
> On Tue, 11 Nov 2003, Larry Gilson wrote:
>
The preferred method is any way you prefer. ;) That is really an honest
answer. Everyone has their own preferred method and a lot of times it
depends on your specific situation. Some people will pipe to a filter shell
script, Procmail, maildrop, or spamc directly. I prefer Procmail as it
allows
> -Original Message-
> From: Tim Merkel [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, November 11, 2003 6:08 PM
> To: [EMAIL PROTECTED]
> Subject: [SAtalk] Bounce all but whitelist
>
>
> I have a client who wishes to only allow mail into his inbox
> that is explicitly allowed via his whi
Just tossing this out as an idea . . .
I have been working on the random text strings. I have talked about this a
little before but only really had one rule. I have started looking at
consonant-vowel-consonant combinations rather than just the long consonant
strings. I checked these combination
I don't know if this really fits in this subject or not. However, I keep
thinking while reading this thread if anyone considers real opt-in
advertisements/messages that get tagged by SA (like from OshKosh,
Travelocity, Lands' End, etc.) to be a FP or not. Do site-wide Bayes
installs have a hard t
> -Original Message-
> From: Keith C. Ivey
>
> Larry Gilson <[EMAIL PROTECTED]> wrote:
>
> > Or, you could just say any redirection is not a good thing.
> >
> > describe MY_URI_REDIRECTMY: Trying to hide real URL by redirect
> > uri
Or, you could just say any redirection is not a good thing.
describe MY_URI_REDIRECTMY: Trying to hide real URL by redirect
uri MY_URI_REDIRECT/https?:\/\/.*\/\*http:\/\//i
scoreMY_URI_REDIRECT4.0
--Larry
> -Original Message-
> From: Mike Kuentz (2) [mailto:[EMAIL PR
Sounds more like you need to fix a Postfix configuration problem rather than
masking the problem by not sending notifications. Was your configuration
working during tests, before you put it into production?
You might want to look at SecuritySage for some configuration details.
http://www.securit
Hi Mike,
Thanks for the tip. I did not know about the dictionary. I have had a rule
testing the following:
4c-1/2v-3c
/[0-9bcdfghjklmnpqrstvwxz]{4,}[aeiouy]{1,2}[0-9bcdfghjklmnpqrstvwxz]{3,}/i
This would yield 52 FPs.
Varying the combination results in the following:
5c-1/2v-3c -> 2 FP
5c-1v
Thanks for clarifying Pete!
--Larry
> -Original Message-
> From: Pete Hanson [mailto:[EMAIL PROTECTED]
> Sent: Thursday, November 06, 2003 2:52 PM
> To: Larry Gilson; [EMAIL PROTECTED]
> Subject: RE: [SAtalk] lock problems with SPAMC
>
>
> At 11:18 AM -05
I agree with the fact that the lock is not needed on spamc, but I don't
understand why this would produce an error. There are a lot of individuals
that use the lock with both spamassassin and spamc as a load control. Is it
possible that by using DROPPRIVS=yes removes the permissions necessary to
> -Original Message-
> From: Carlos Jorge Santos [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, November 04, 2003 8:14 AM
> To: [EMAIL PROTECTED]
> Subject: [SAtalk] Avoid Double check
>
>
> Hi all,
>
> I've searched for this subject in the list archives, but
> couldn't find any relevant
> -Original Message-
> From: Andrew
> Sent: Monday, November 03, 2003 7:35 PM
> To: [EMAIL PROTECTED]
> Subject: [SAtalk] URI Rule
>
>
> Fellow Assassins,
>
> Here is an example of some of the URLs coming through in spam mail.
>
> http://www
>
> Would a rule like /w/ match this?
Lo
> -Original Message-
> From: Dan Tappin [mailto:[EMAIL PROTECTED]
> Sent: Friday, October 31, 2003 11:19 AM
> To: [EMAIL PROTECTED]
> Subject: [SAtalk] Log Question...
>
>
> Below is a snippet from a recent post to the list:
>
> > Oct 30 14:12:40 ns1 MailScanner[3201]: Message h9UMAPR
> -Original Message-
> From: Chris Santerre [mailto:[EMAIL PROTECTED]
> Sent: Friday, October 31, 2003 10:21 AM
> To: 'Patrick Morris'; Steven Manross
> Cc: SA Mailing list
> Subject: RE: [SAtalk] Rule for reverse lookup similarities
>
>
>
> >
> > Steven Manross wrote:
> >
> > >I'm
> -Original Message-
> From: Bob Apthorpe
> Sent: Friday, October 31, 2003 1:03 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [SAtalk] Rule for reverse lookup similarities
>
--snip--
> The big problem is when ISPs don't differentiate their static
> allocations from their dynamic allocatio
http://www.iscomp.com/files/scripts/mail/
-Original Message-
From: 'mikea'
Sent: Thursday, October 30, 2003 2:58 PM
To: Larry Gilson
Subject: Re: [SAtalk] stats script
On Thu, Oct 30, 2003 at 02:51:49PM -0500, Larry Gilson wrote:
> Everyone has an opinion so since you a
Everyone has an opinion so since you ask, I'll give you mine. Your script
includes stats on SA so therefore it is SA related. Anything that can help
me keep a grip on what is happening to my mailservers is worthwhile. Logs
and stats really help in this area and your stats include SA. So as far
Nice stats Mike! Custom script?
> -Original Message-
> From: mikea
> Sent: Thursday, October 30, 2003 1:19 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [SAtalk] Significant increase in spam lately
>
>
> On Thu, Oct 30, 2003 at 01:01:49PM -0500, Colin A. Bartlett wrote:
> > Chris Santerre
> -Original Message-
> From: Vasantha Narayanan
> Sent: Thursday, October 30, 2003 11:06 AM
> To: [EMAIL PROTECTED]
> Subject: [SAtalk] updating rules without upgrading SpamAssassin
>
>
> Hi,
>
> I would like to know if there is a way to update the rules with out
> updating SpamAssas
es for testing this. I'll send you a copy if you did not see
them.
--Larry
> -Original Message-
> From: Larry Gilson
> Sent: Wednesday, October 29, 2003 9:35 AM
> To: Mark Ritchie; [EMAIL PROTECTED]
> Subject: RE: [SAtalk] Exessive HTML Code
>
>
> Yes, th
In addition to the Popcorn/Backhair rules chris mentioned, also look for a
rawbody rule to catch the *invisible* text:
My rule looks like:
describe MY_RBDY_INVSTXTMY: Invisible text color
rawbody MY_RBDY_INVSTXT//i
scoreMY_RBDY_INVSTXT2.0
I know Outlook is going to wrap the
Thanks Jennifer! I should have know you would be on top of this.
--Larry
> -Original Message-
> From: Jennifer Wheeler
> Sent: Wednesday, October 29, 2003 11:11 AM
> To: 'Larry Gilson'; 'Mark Ritchie';
> [EMAIL PROTECTED]
> Subject: RE: [SAtalk]
Sound advice. Thanks for the reply and input - both are greatly
appreciated!
And thanks again to Ryan More and Matt Kettler.
--Larry
> -Original Message-
> From: Giles Coochey
> Sent: Thursday, October 30, 2003 6:55 AM
> To: Larry Gilson; [EMAIL PROTECTED]
> Subject: RE:
Hi Joe,
I think you might want to look at Meta rules.
http://www.merchantsoverseas.com/wwwroot/gorilla/sa_rules.htm
http://www.exit0.us/
http://mywebpages.comcast.net/mkettler/sa/SA-rules-howto.txt
--Larry
> -Original Message-
> From: Joe [mailto:[EMAIL PROTECTED]
> Sent: Wednesda
I can tell you how to pass the information to SA it if you use Postfix and
Procmail. Otherwise, you will need to figure out how to make your MTA pass
that information along to SA. You will also need a custom rule. MAIL FROM
and RCPT TO data are not passed along as part of a message.
--Larry
Hi Jennifer,
> -Original Message-
> From: Jennifer Wheeler [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, October 29, 2003 9:51 AM
> To: 'Larry Gilson'; [EMAIL PROTECTED]
> Subject: RE: [SAtalk] [RD] 4c-2v-3c
>
>
> Hi Larry
>
> > I have ha
For those who don't already know:
MIT Room 26-100
January 16, 2004, 9 am to 6 pm
The 2003 spam conference worked well, so we plan to do much the same thing
in 2004. There will be none of the cruft that usually accumulates on
conferences; just a series of quick, concentrated talks, and then we a
Yes, this would be possible.
describe MY_RBDY_EXSV_TAGMY: Excessive HTML Tags
rawbody MY_RBDY_EXSV_TAG/<[bi]><\/[bi]>/i
scoreMY_RBDY_EXSV_TAG4.0
Backhair did not hit because the number of characters within the tag is
fewer than 6. Creating rules to match fewer than 6 characters
I have had some very good success with a rawbody and subject test which
looks for
4 or more consonants
followed by 1 or 2 vowels
followed by 3 or more consonants or digits
This is the match:
/[0-9bcdfghjklmnpqrstvwxz]{4,}[aeiouy]{1,2}[0-9bcdfghjklmnpqrstvwxz]{3,}/i
This catches the junk l
I am using 2.55. If the answer is different for 2.60, please answer with
respect to 2.60 as I will be upgrading *very* soon.
I am experimenting with Bayes in a site-wide/gateway configuration. One
thing that I believe is affecting my tests is the external Procmail
whitelist. I find the number o
> -Original Message-
> From: Keith C. Ivey
Thanks for the reply Keith and sorry for the long dely in my response.
> Larry Gilson <[EMAIL PROTECTED]> wrote:
>
> > full MY_FULL_OBFU_HTML /[\s>]\w+<[\w\s\/\$&;]{1,6}>\w+/
>
> It seems to
> -Original Message-
> From: Satya [mailto:[EMAIL PROTECTED]
> Sent: Saturday, October 25, 2003 8:22 AM
> To: [EMAIL PROTECTED]
> Subject: RE: [SAtalk] [OT] What is next step?
>
>
> On Oct 24, 2003 at 22:06, Larry Gilson wrote:
>
> >business because t
I have been testing the HTML obfuscation with the pattern match for the junk
within the tags ranging from 1 to 5.
full MY_FULL_OBFU_HTML /[\s>]\w+<[\w\s\/\$&;]{1,6}>\w+/
This is the results of my testing.
{1} have not noticed false positives
{2} false positives with
{3} false positive
> -Original Message-
> From: Chris Santerre
> Sent: Friday, October 24, 2003 12:26 PM
> To: 'Larry Gilson'; '[EMAIL PROTECTED]'
> Subject: RE: [SAtalk] [OT] What is next step?
>
>
> >
> > AT&T aborts plan to block e-mail
>
> -Original Message-
> From: Matt Kettler
> Sent: Friday, October 24, 2003 6:32 PM
> To: [EMAIL PROTECTED];
> [EMAIL PROTECTED]
> Subject: Re: [SAtalk] Whitelist / Rule Question...
>
>
> At 01:34 PM 10/24/2003, Dan Tappin wrote:
> >rawbody USERNAME /username/i
> >describe USERNAME
> >s
> -Original Message-
> From: Chris Santerre [mailto:[EMAIL PROTECTED]
> Sent: Friday, October 24, 2003 10:50 AM
> To: 'Larry Gilson'; 'Colin A. Bartlett'; Patrick Morris
> Cc: [EMAIL PROTECTED]
> Subject: RE: [SAtalk] [RD] yahoo redirect
>
>
AT&T aborts plan to block e-mail
http://www.msnbc.com/news/983380.asp?vts=102220031806
I thought this was an interesting article in light of this thread.
--Larry
---
This SF.net email is sponsored by: The SF.net Donation Program.
Do you li
> -Original Message-
> From: Chris Santerre [mailto:[EMAIL PROTECTED]
> Sent: Thursday, October 23, 2003 3:08 PM
> To: 'Colin A. Bartlett'; Patrick Morris
> Cc: [EMAIL PROTECTED]
> Subject: RE: [SAtalk] [RD] yahoo redirect
>
>
>
> >
> > This is what it is now:
> > /^https?\:\/\/rd\.y
Search the archives a custom rule discussion with the subject "Popcorn,
Backhair, and Weeds".
Links:
http://www.merchantsoverseas.com/wwwroot/gorilla/sa_rules.htm
http://spamhammers.nxtek.net/
--Larry
> -Original Message-
> From: jenni baier [mailto:[EMAIL PROTECTED]
> Sent: Thursda
1 - 100 of 313 matches
Mail list logo
