Hello Regis,
Monday, January 26, 2004, 1:56:56 PM, you wrote:
RW> Got some new variants on the "justified text" ratware. By going to 66 chars,
RW> they have slipped through the rule. So I've fixed it up a bit. Please test
RW> and let me know, etc.
I split your rule into multiple, each with a
Had a spate of unwanted emails, apparently empty body, very short message
ids.
Built a set of rules:
headerRM_hm_ShortMsgid06 Message-ID =~ /^.{1,6}$/
describe RM_hm_ShortMsgid06 Message ID is too short to be valid. Possible
spam/virus sign
score RM_hm_ShortMsgid06 0.800 #
[THIS LIST HAS MOVED! see http://useast.spamassassin.org/lists.html .]Thursday,
January 29, 2004, 8:24:15 PM, I wrote:
RM> Even better, since it will catch use of this address in a TO, CC, and/or
RM> From header, might be:
RM> ...
RM> I don't yet have stats for this meta rule (I haven't even l
In every domain I manage, we receive spam directed to [EMAIL PROTECTED]
I can't imagine I'm the only one.
Apparently some address harvester somewhere along the way harvested and
then mangled [EMAIL PROTECTED], dropping the leading "we" and
replacing the "ter" with "tgr".
I created this rule toda
time=1072881261,mid=<[EMAIL PROTECTED]>
. 1 ./corpus.ham/ham.040110.1410848
LOCAL_DRUGS_MALDYSFUNCTION_OBFU,LOCAL_DRUGS_MALEDYSFUNCTION,__DRUGS_MALEDYSFUNCTION1,__DRUGS_MALEDYSFUNCTION13
time=1073309483,mid=<[EMAIL PROTECTED]>
MK> At 06:12 PM 1/28/04 -0800, Robert Menschel wrote
Hello PieterB,
Monday, January 26, 2004, 8:03:45 AM, you wrote:
P> Is there some way to prevent spamassassin from using SA-talk messages
P> for Bayes auto_learning. My bayes filter seems to be less effective
P> since a lot of spamphrases/tokens are discussed on this list.
My method:
1) I subscri
Hello David,
Saturday, January 24, 2004, 8:01:24 PM, you wrote:
DH> I've been playing with bayes on my home machine and have been very impressed
DH> with it. I was however wondering to what degree everyone else trusts
DH> BAYES_99? Is it generally accepted as a sure spamsign or do you expect ti
Hello John,
Monday, January 26, 2004, 5:10:32 AM, you wrote:
JW> It struck me that since individual tripwire rules are at risk of FPs,
JW> but that multiple tripwire hits on the same message are much less so,
JW> it might be worthwhile assigning a significantly higher score to
JW> messages that h
Hello Sylvain,
Friday, January 23, 2004, 8:04:51 AM, you wrote:
>> Yes, that one works for me:
>> SYL_BAD_XOIPa -- 3881s/0h of 91714 corpus (74113s/17601h) 01/22/04
SR> Beautiful! Thanks for checking that! Perhaps I can buy you a salted
SR> ham sandwich some time! :-)
I prefer unsalted, than
Hello Sylvain,
Monday, January 26, 2004, 11:38:38 AM, you wrote:
SR> On Thu, 22 Jan 2004, Robert Menschel wrote:
>> Would you have any objection to submitting for consideration,
>> and sending in an Apache Contributor License Agreement so the SA
>> developers can use th
Hello ricardo,
Monday, January 26, 2004, 7:00:03 PM, you wrote:
r> I'm attaching a message (I hope it makes it through to the list) which
r> scored a low 0.1 with SA 2.63.
r> Does anyone have any suggestions on how to possibly make SA get a higher
r> score for this type of message? Any new recip
Hello Thorsten,
Monday, January 26, 2004, 7:28:21 AM, you wrote:
TS> What is your opinion to that cf's?
TS> Does it make sence to take them all, or maybe only parts of them?
TS> Is it a good solution to install them whithout realy knowing how the
TS> rules are build?
TS> Only for private or also
Hello Who,
Friday, January 23, 2004, 5:08:57 AM, you wrote:
WK> Anthony Martinez wrote:
>> I got a spam today where the X-Originating-IP header wasn't a number. Hotmail
>> always puts the dotted quad in the header.
WK> I have been receiving a good many of these lately. I am hestant to add
WK> an
This is a forwarded message
From: Robert Menschel <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Date: Saturday, January 24, 2004, 7:10:18 PM
Subject: [RulesEmporium] Longwords
===8<==Original message text===
Received an email this morning which reminded me about my
Hello Mark,
Friday, January 23, 2004, 7:19:45 AM, you wrote:
MS> Hi all,
MS> I have been training SA manually for a couple of weeks now. I estimate
MS> a good 2000 emails for both Spam and Ham have been learned by it.
MS> Coupla questions though . . . I want to put it into auto-learn mode
MS> be
Hello Brent,
Thursday, January 22, 2004, 8:33:25 AM, you wrote:
BJN> Comments on this one? Some spam has been slipping through (FN) with this
BJN> in the header. The only ham I have that hit this rule (FP) are a few from
BJN> back in 2001, of the form
BJN> <[EMAIL PROTECTED]>
BJN> header BCS_U
Hello Regis,
Thursday, January 22, 2004, 7:25:30 AM, you wrote:
RW> Got a spam that's so easy, the spammers write the rules for us:
RW> Message-ID:
RW> <[EMAIL PROTECTED]>
RW> So,
RW> header MESSAGEID_RATWAREALL =~
RW> /\nMessage-ID:.<[^-]{7,13}-[^-]{3,11}-[^-]{2,6}/i
RW>
Hello Sylvain,
Thursday, January 22, 2004, 7:39:22 AM, you wrote:
RM>> Results against my corpus:
RM>> SYL_BAD_XOIP -- 73662s/14971h of 91714 corpus (74113s/17601h) 01/21/04
SR> Yes, that's pretty consistent with what I realized it was doing ... :-(
SR> I can't even begin to thank you enough f
Hello Larry,
Wednesday, January 21, 2004, 11:37:09 PM, you wrote:
LG> Along the same lines, I had the following:
LG> describe MY_RBDY_INVTXTSZ1 MY: Invisible text size
LG> rawbody MY_RBDY_INVTXTSZ1 /font\s+.*\bsize=.-\d\D/i
LG> scoreMY_RBDY_INVTXTSZ1 0.5
LG> describe MY_RBDY_INVTXTSZ2
Hello sckot,
Wednesday, January 21, 2004, 2:09:51 PM, you wrote:
s>I've noticed several spam mails with a lot of quoted text (quotes from
s> Dave Barry, some of Moby Dick, that sort of thing. Usually all
s> punction is stripped out, but not always.) included within brackets or
s> an HTML titl
Hello Charles,
Wednesday, January 21, 2004, 8:14:50 AM, you wrote:
CG> Example HTML below. SA seems to have not recognized the EE font as
CG> 'invisible', perhaps because it is just one or two points outside the
CG> 'range' permitted by SA? But also note that they have used a ZERO point
CG> s
Hello Sylvain,
Wednesday, January 21, 2004, 7:54:09 AM, you wrote:
SR> On Wed, 21 Jan 2004, Christian Nygaard wrote:
SR> A friend of mine also has suggested the following (the coding is my own,
SR> so if it doesn't work, I've poorly implemented the suggestion):
SR> header SYL_BAD_XOIP X-Ori
Hello George,
Wednesday, January 21, 2004, 9:30:33 PM, you wrote:
GM> Yes this basically my family site but my main email for most things so. I
GM> will probably be setting up alias's for ebay, shopping, etc.
I find that very handy. I have email accounts for [EMAIL PROTECTED],
[EMAIL PROTECTED
Hello Scott, John,
Wednesday, January 21, 2004, 9:07:01 PM, you wrote:
SW> John,
SW> After this I started adding custom cf's like Bigevil,backhair,
SW> etc. I also started pushing some of the default scores up and down
SW> according to what my beta testers were seeing. I'm now starting to
SW>
Hello George,
Wednesday, January 21, 2004, 8:10:02 PM, you wrote:
GM> Thanks seems to be v2.63
Good. Your host is up to date. That bodes well indeed.
GM> X-RWH-MailScanner: Found to be clean, Found to be clean
GM> X-Spam-Status: No, hits=0.9 required=8.0
GM> tests=PRIORITY_NO_NAME,RCVD_I
Hello George,
Wednesday, January 21, 2004, 7:58:31 PM, you wrote:
GM> I believe I am limited to what my host has in the cpanel already.
GM> Yes I am on shared server sorry.
GM> I do have fantastico which will let me install some things but
GM> doesn't look related to anything like SA.
On your
Hello George,
Wednesday, January 21, 2004, 7:24:29 PM, you wrote:
GM> Sorry everyone I am very new to this and am reading the documentation just a
GM> bit much. I have set the required hits to 8 and understand white/black
GM> list.
Good start!
GM>From what I have read it seems SA will learn on
Hello George,
Wednesday, January 21, 2004, 7:05:57 PM, you wrote:
RM> George Matos wrote:
>> I just got my domain name and am trying to setup spam assassin. I have
>> never used it before so I was looking for some setup instructions etc.
>>
>> Wife won't switch emails till I have it setup.
R
Hello John,
Wednesday, January 21, 2004, 6:42:34 AM, you wrote:
JF> I'm pretty new too, and I'd like some clarification about what is "stock" in
JF> SA and what's custom. ...
Stock rules are anything installed into the SA rules directory when you
install SA. Custom is anything else.
JF> I see v
Hello Bret,
Wednesday, January 21, 2004, 2:35:06 PM, you wrote:
BM> Has anyone successfully made SA on Windows with Perl 5.8.2? I finally
BM> gave up on it and went back to Perl 5.6.1. Any suggestions?
Had no problem here (under Cygwin):
> > spamassassin --version
> SpamAssassin version 2.62
>
Hello Jonathan,
Tuesday, January 20, 2004, 9:45:23 AM, you wrote:
JN> Time to feed Bayes again.. I think I have almost 1,000 spams in my
JN> spam folder (I feed it when it hits 1000)
Why do you wait? I feed Bayes at least once a day, sometimes two or
three times.
True, I get 700-800 spam each
Hello Dan,
Tuesday, January 20, 2004, 9:31:28 AM, you wrote:
DK> How efficient are URI rules? I am probably going to have several hundred
DK> of these rules, and I'm wondering if that will cause a problem. I'm
DK> guessing I will have between 300 and 600 rules. Is anyone else running
DK> this man
Hello Chris,
Tuesday, January 20, 2004, 2:41:38 PM, you wrote:
CS> I'm not sure where the post is, but about 3 weeks ago I think Dallas
CS> put a semi-end to the spell-checker debate :) He ran one and the
CS> outcome wasn't so good.
Agreed -- we have too many lazy or careles corespondents ;-) fo
Hello Fred,
Tuesday, January 20, 2004, 3:28:24 PM, you wrote:
F>
F> Today starts day 1 of a massive joe-job against my domain.
F> Today also starts day 1 of my crusade to do something to help the
F> problem.
F> I feel that large providers of high speed internet services (Cable
F> / DSL) need
Hello Joseph,
Tuesday, January 20, 2004, 2:54:44 PM, you wrote:
>> It has been almost 24 hours since I received the last spam with Habeas
>> headers. Possibly my ISP has added a filter to block the
>> pharmacourt.biz spam before I see it ... Has anybody else noticed that
>> their spam has stoppe
Hello Bob,
Sunday, January 18, 2004, 5:59:29 PM, you wrote:
BA> Based on SPAM-L posts from admins at Outblaze (Suresh) and rambler.ru, I
BA> conjured up a few simple rules to detect forgeries from these domains:
BA> header RAA_FORGED_FROM_OUTBLAZE Received =~ /\.mr\.outblaze\.com/
BA> de
Here's my next set of possible rules for submission to the SpamAssassin
distribution set.
URI rules may tend to be more transient than other types of rules, since
it's so easy for spammers to change domain names. I'm therefore including
only those that hit at least 0.15% of my spam. Well, the pill
Hello Martin,
Sunday, January 18, 2004, 3:58:34 AM, you wrote:
>> L_MIME_BOUND_MANY_DIG -- 153s/0h of 92209 corpus (74874s/17335h) 01/17/04
MR> I've already modified the repeat counts for number of digits in
MR> L_MIME_BOUND_MANY_DIG, since it's not constant:
MR> header L_MIME_BOUND_MANY_DIG
Hello Pierre,
Saturday, January 17, 2004, 6:28:37 PM, you wrote:
PT> Bob,
PT> Thanks for the mass check. I don't have a big corpus handy,
PT> just what trickles through the gateway.
PT> There should be no problem with a few extra keywords; we could
PT> even squeeze "postmaster" in there for go
Hello Fred, Thomas,
Saturday, January 17, 2004, 12:53:45 PM, you wrote:
>> FYI -- I'm noticing SPAMs which contain ONLY an image are not being
>> filtered at all. ...
F> Try this out for size, they are a few custom rules I have created myself.
F> # Catch Image ONLY spams!
F> rawbody __FVGT_rb_
Hello Martin,
Saturday, January 17, 2004, 10:39:15 AM, you wrote:
MR> I've added the following rules to my local.cf:
MR> header L_MIME_BOUND_MANY_DIG Content-Type =~ /boundary=\"\d{19,}\"/
MR> describe L_MIME_BOUND_MANY_DIG MIME boundary contains lots of digits
MR> scoreL_MIME_BOUND_MA
Hello Pierre,
Saturday, January 17, 2004, 9:30:47 AM, you wrote:
PT> I made a rule that catches many of these bogus HTML tags, based
PT> on the fact that there are only three valid standalone tags of 9
PT> characters or more (according to the list at
PT> http://devedge.netscape.com/library/xref/2
Hello Rocky,
Wednesday, January 14, 2004, 8:53:25 PM, you wrote:
RO> I'm writing some custom rules and i am wondering if there is a list
RO> somewhere of what parts of the header i can test? such as
RO> header NO_REAL_NAME From =~
RO> header TO_HAS_SPACESTo:addr =~
First
Hello Dallas,
Wednesday, January 14, 2004, 6:22:05 AM, you wrote:
>> As for Dallas's run against his corpus showing very few hits, I did
>> mention this is the first time I've ever seen this "trick" used and is
>> presumably fairly new. So those rules *might* have some value in the
>> future.
DL
Hello PieterB,
Justin has already answered, better than I can, but I'll add my two
cents:
Wednesday, January 14, 2004, 4:23:07 AM, you wrote:
P> I would like to start contributing to spamassassin and help to fight
P> spam.
Fastastic. Welcome aboard.
P> http://au.spamassassin.org/hacking.html
Hello Bart, Josh,
Wednesday, January 14, 2004, 12:54:22 PM, you wrote:
>> I just received an encrypted email from a coworker and this is what SA
>> gave me. It got slammed with tripwire rules (it isn't supposed to,
>> right?).
BS> In off-list mail I've suggested an improved (I feel) regex for tr
Hello Chr.,
Wednesday, January 14, 2004, 11:33:35 AM, you wrote:
CvS> Does somebody have/know a rule to catch 'unnecessary encodings'?
Define "unnecessary." Some are valid, some are obfuscation attempts.
I use the following rules (see my personal rules pages on the exit0.us
wiki, and note that
Hello Mike,
Wednesday, January 14, 2004, 10:32:31 AM, you wrote:
MB> Years of patiently tracking down addresses in headers, LARTing clueless
MB> ISPs, and reporting violators to whoever gives a rat's ass, did not result
MB> in any reduction in the volume of spam in my Inbox (and my co-workers', w
Hello Matt,
Monday, January 12, 2004, 3:51:09 PM, you wrote:
MT> Sorry if this has been asked but I'm not finding anything in the
MT> archives. I know that any *.cf placed in /etc/mail/spamassassin gets
MT> read but what about rules placed in individual users home directories?
MT> Do they need to
Monday, January 12, 2004, 7:57:03 AM, Greg wrote:
gic> They've noted that we give HABEAS_SWE a score of -4.6 I think. I'm
gic> adjusted it for my machines to zero. Here's the headers:
Has anyone else NOT been bothered by this???
Sure I've received some of these spam, but my SA has marked them as
Hello Carl,
Monday, January 12, 2004, 7:32:57 AM, you wrote:
CC> What do most people who write new SA rules set their threshold too? I had
CC> set it around 3.0 for our company, but the false positive rate was very
CC> high. I was looking at some of the big-evil stuff and noticed that many of
C
Hello Smart,Dan,
Monday, January 12, 2004, 6:57:26 AM, you wrote:
SD> Bob:
SD> I take it from your docs that you do not try to run a mass-check against all
SD> your rules at one time, but instead do it a dozen at a time?
Both. I do a massive check against all my rules (and the distribution
rule
Hello Bryan,
Sunday, January 11, 2004, 6:58:58 PM, you wrote:
>> I've just completed documenting my current system at
>> http://www.exit0.us/index.php/BobCorpusTest
BH> So the good news is, I'm now downloading Cygwin! I've brought down the
BH> default packages which took from 7:07pm to 8:22pm,
I'm trying to make sure my corpus is as clean as possible, eliminating
all duplicates.
I tried to use the masses/corpora/uniq-mailbox program for this, and had
problems which I've documented in bugzilla report 2920.
Fortunately, my email client identifies and can delete duplicates = same
message
Some people have been asking about my mass-check capabilities and
reports.
I've just completed documenting my current system at
http://www.exit0.us/index.php/BobCorpusTest
I'll gladly update that documentation to answer questions people may
have, and will even update/improve my script if people h
Hello Rich,
Saturday, January 10, 2004, 10:27:47 PM, you wrote:
RW> I came up with a set of rules which appear to catch the new strain
RW> of spam with a meaningless jumble of words in the body, while hope-
RW> fully not catching any legitimate mail. See below; comments welcome,
RW> and (natural
Hello Stefan,
Saturday, January 10, 2004, 12:03:18 AM, you wrote:
SU> Watch out for following rule, as mentioned working fine with direct
SU> invocation of the spamassassin script, but even after putting it in the
SU> /usr/share/spamassassin 20_head_tests.cf and 50_scores.cf files (did so
SU> for
Hello Brent,
Thursday, January 8, 2004, 2:10:15 PM, you wrote:
BJN> (the RND_UC_CHAR pattern) and I've just updated it for a few new variants
BJN> that have shown up in the past couple of days. The second one,
BJN> x_headers.cf, builds on the ideas in the thread "X-Mailer is totally
BJN> bogus"
Hello Kenneth,
Friday, January 9, 2004, 6:22:41 AM, you wrote:
KP> --On Friday, January 09, 2004 1:53 AM -0700 Bob Proulx <[EMAIL PROTECTED]>
KP> wrote:
>> For me personally SA is still tagging the spam at a very good rate. I
>> am only seeing these types of spams in my caughtspam folder.
KP>
Hello Pedro,
Friday, January 9, 2004, 11:58:55 AM, you wrote:
>> Probably some stupid questions, but I'm having trouble finding
>> documentation to explain proper Bayes Feeding Techniques:
>>
>> Do I have to keep feeding Bayes ham as I feed it spam?
PS> For best results, feed all human-identif
Hello Evan,
Friday, January 9, 2004, 12:29:33 PM, you wrote:
EP> --On Friday, January 09, 2004 2:24 PM -0600 "Michael H. Collins"
EP> <[EMAIL PROTECTED]> wrote:
>> Sorta off topic, mebby, but:
>>
>> As good as SA is working here I have users that are constantly reminding
>> me that they get "ab
Hello Kevin,
Friday, January 9, 2004, 4:56:54 PM, you wrote:
KR> Once I have run the sa-learn routine on a group of thousands of messages, is
KR> it necessary to keep all of those messages to run the next time I run
KR> sa-learn? It takes a while for sa-learn to process thousands of message so
K
Hello Bert,
Friday, January 9, 2004, 1:36:03 PM, you wrote:
BR> I appreciate everyone's responses. I'll give BigEvil a shot and see what
BR> happens. I've been running 2.60 with Bayes turned on for a while now and it is
BR> working well, but I still seem to be getting a continuous stream of tho
Hello Nix,
Friday, January 9, 2004, 12:28:39 PM, you wrote:
N> On Thu, 8 Jan 2004, Robert Menschel uttered the following:
>> Yes, there are three reasons you might not want to use bigevil.
>>
>> 1) You like getting spam.
>>
>> 2) You run SA with a thresh
Hello Bob,
Thursday, January 8, 2004, 9:03:08 PM, you wrote:
BP> Bo Stark wrote:
>> The last few days a few new spams have flew under the radar and not been
>> caught. What they all have in common is that they have alot of random words
>> at the end of the mail. Been trying to feed them through B
Hello Justin,
Friday, January 9, 2004, 11:05:14 AM, you wrote:
>> > More importantly, the "learn" tells SA to ignore this score in
>> > determining whether to learn this email as spam or ham. Otherwise an
>> > email that is spam to everyone else will get learned as ham
>> > because of a
>> > lar
Among the recommendations for detecting spam with bayes fodder within it,
were:
rawbody WORDWORD/[a-z]{4,12} [a-z]{4,12} [a-z]{4,12} [a-z]{4,12} [a-z]{4,12}
[a-z]{4,12} [a-z]{4,12} [a-z]{4,12} [a-z]{4,12} [a-z]{4,12} [a-z]{4,12} [a-z]{4,12} /
describe WORDWORD long string of random
Hello Steve,
Thursday, January 8, 2004, 11:25:20 AM, you wrote:
ST> On Thu, Jan 08, 2004 at 02:07:59PM -0500, John Fleming is rumored to have said:
>>
>> I want to specify a text string in the Subject header such that if it
>> exists, the msg will NOT be considered spam, no matter what else migh
Hello Bert,
Thursday, January 8, 2004, 10:34:31 AM, you wrote:
BR> I've been half heartedly watching the list and have noticed some BigEvil
BR> updates. So, I looked at the bigevil site
BR> (http://www.merchantsoverseas.com/wwwroot/gorilla/sa_rules.htm). Is there any
BR> reason I would not want
Hello Kenneth,
Wednesday, January 7, 2004, 10:02:44 AM, you wrote:
KP> --On Wednesday, January 07, 2004 11:38 AM -0600 [EMAIL PROTECTED] wrote:
>> Attached is a spam that seems to sneak by us all of the time. Anyone
>> know of a good rule to catch this?
KP> X-Spam-Status: No, hits=5.9 required=
Hello Kenneth,
Tuesday, January 6, 2004, 7:29:04 AM, you wrote:
KP> I'm using this set of rules posted to the list last month. Drop this in
KP> /etc/mail/spamassassin as rnd_uc_char.cf.
OVERALL% SPAM% HAM% S/ORANK SCORE NAME
8594570035159100.815 0.000.00 (al
Hello Chris,
Tuesday, January 6, 2004, 6:21:48 AM, you wrote:
CS> Remember back in the day when I wrote rules besides Bigevil? :p
CS> Nothing major here, just 2 simple rules I think you will find work pretty
CS> good.
CS> uri VDRUG_RANDOM1 /\/(?:c2|a3)\.gif/
CS> describe VDRUG_RANDOM1 Random D
Hello MI,
Tuesday, January 6, 2004, 3:48:53 AM, you wrote:
M> Recently, I've seen *lots* of sender addresses where the user part ends
M> with an underscore followed by 2 (possibly random) lower case letters.
M> ...
M> I'm considering adding something like this:
M>header LOCAL_FROM_WITH__xx
Hello Brad,
Monday, January 5, 2004, 8:58:25 PM, you wrote:
BK> I've been getting a bunch of messages either squeaking by SA 2.61 or
BK> nearly so (bigevil is nice), and added some rules to make them less
BK> likely (I couldn't come up with a better name than glop, sorry):
BK> describe
Hello Kenneth,
Tuesday, January 6, 2004, 7:29:04 AM, you wrote:
KP> I'm using this set of rules posted to the list last month. Drop this in
KP> /etc/mail/spamassassin as rnd_uc_char.cf.
KP> header SUBJ_RND_UC_CHAR_L Subject =~ /\%RND_UC_CHAR/
KP> describe SUBJ_RND_UC_CHAR_L Subject con
Hello Anthony,
Tuesday, January 6, 2004, 7:54:13 AM, you wrote:
>> > header XMAILERBOGUS X-Mailer =~ /^[^A-Z0-9]*$/
>> > describe XMAILERBOGUS X-Mailer header has NO uppercase
>> letters, NO numbers... How do you expect me to believe that
>> > score XMAILERBOGUS
Hello Scott,
Tuesday, January 6, 2004, 4:09:24 PM, you wrote:
SAC> On Tue, 30 Dec 2003 13:48:17 -0600, "Dallas L. Engelken" <[EMAIL PROTECTED]>
writes:
>> # SUBJ_SPELLING_00 -- 2283s/1850h of 10971 corpus, 2003-12-30
SAC> This doesn't tell me much. How many spams and hams are in the corpus?
SA
Hello Giacinto Butindaro,
Monday, January 5, 2004, 1:12:36 PM, Evan responded to your email:
EP> --On Monday, January 05, 2004 10:00 PM +0100 [EMAIL PROTECTED] wrote:
>> I would like to ask a question about spam assassin. I have enabled spam
>> assassin on my mail box, and i have also enabled th
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello Alexander,
Sunday, January 4, 2004, 7:43:59 PM, you wrote:
AL> I have written some tests and don't know what is the score set for these
AL> tests. Can some one make the suggestion how to score tests ?
I have several algorithms I use. Note that
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello Carl,
Sunday, January 4, 2004, 7:35:23 AM, you wrote:
CRF>Greetings fellow spam assassins!
CRF>I'd like to take a moment of your time and gripe about a certain
CRF> rule that seems to be causing some grief to the users at the Ocean
CRF
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I have mass-check and hit-frequencies working now on my system, and am
digging into some of the hit-frequencies results. Doing so, I found
three copies of the same email in three different ham files. I cleaned
that up.
I then did an analysis by messa
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello Danny,
Saturday, January 3, 2004, 4:08:24 PM, you wrote:
DA> I run a mail hosting/relay box for a number of domains. I would like to
DA> offer spamassassin as a service, but some clients may not want to see
DA> the subject changed, etc. Is ther
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello Justin,
Saturday, January 3, 2004, 1:01:18 PM, you wrote:
>>Digging into parse-rules-for-masses, it uses
>>> sub readrules {
>>> foreach my $indir (@_) {
>>> my @files = <$indir/[0-9]*.cf>;
>>which tells me that mass-check is reading my u
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello Tim,
Friday, January 2, 2004, 8:50:09 PM, you wrote:
TB> I would share my custom rules.. but alas against those here, mine are
TB> mostly worthless and adjust scores down because of "complaints"
What do they say about one man's meat?
How well
Hello Evans,
Thursday, January 1, 2004, 3:10:09 PM, you wrote:
EM> I recently split out my CF file into multiple files.
EM> Ex. whitelist.cf, blacklist.cf, bigevil.cf, evilrules.cf, etc.
EM> Will this noticably degrade system performance?
I believe that SA parses all such files at start-up, and
Hello Bryan,
Wednesday, December 31, 2003, 11:14:25 PM, you wrote:
BH> Bryan Hoover wrote:
>> > perl ./mass-check -c ./spamassassin -j 1 --loghits --mid --mbox ./corpus.ham/*
>> > >ham.log
>> > perl ./mass-check -c ./spamassassin -j 1 --loghits --mid --mbox ./corpus.spam/*
>> > >spam.log
>> >
Hello Daniel,
Tuesday, December 30, 2003, 1:28:29 PM, you wrote:
DE> I recently added some personal rules to my user_prefs and tested them
DE> by running a few mail messages through spamassassin. They seem to
DE> work fine, but I'm still getting the spam and the rules aren't getting
DE> trigger
Hello pjh,
Tuesday, December 30, 2003, 3:24:01 PM, you wrote:
p> Is it true then, that if I do not use sa-learn, that
p> no Bayesian filtering occurs?
No, it is not true.
Bayesian filtering will take place if
a) the option is on by default or specifically in *.cf or user_prefs, and
b) at least
I'm hoping someone can help me with mass-check, or more specifically with
hit-frequencies.
I've installed Cygwin on my W/XP-H box. Within Cygwin I've installed SA,
not to use for mail filtering (that happens on my servers), but
specifically for mass-check.
Directory structure:
C:\cygwin
/hom
Hello Gordon,
Tuesday, December 30, 2003, 1:20:30 AM, you wrote:
GR> (1) If I want to add new rules, such as Jennifer's "Popcorn" etc rules that
GR> someone kindly pointed me to, should I put them into my
GR> .spamassassin/user_prefs file? (I am not root). Is there an "include"
GR> mechanism for
Hello Simon,
Sunday, December 28, 2003, 7:51:15 PM, you wrote:
>> No. You *do* need a minimum of 200 hams. The reason behind this is
>> that for Bayes to work, it needs to know *both* what spam looks like
>> *and* what ham looks like so it can tell the difference.
>>
>> But yes, it is best to
Hello Ricardo,
Saturday, December 27, 2003, 11:16:44 AM, you wrote:
RK> I sent a message last week but I guess for some reason it didn't get
RK> properly distributed, maybe because I attached a tarball with some
RK> copies of the spam messages.
Could be. The sourceforge list system has a relati
In addition to the body rules I offered earlier today, here are some URI
rules that look as if they would be beneficial in the distribution set.
Please look over and test the following rules, and let me know if they
work for you.
Use your own scoring -- my scores tend to be high, since I use a 9.
Last month I offered some header rules for possible inclusion in a future
distribution. Those that passed muster have been formally submitted via
bugzilla.
I've now completed review of my "body phrase" rule set, and feel they're
ready for similar review.
Please look over and test the following ru
Hello Clive,
Wednesday, December 24, 2003, 8:09:42 AM, you wrote:
CD> I am receiving several spam messages daily in which the message body appears
CD> to consist entirely of random words.
Check again, and I think you'll find that the message has nothing to do
with those random words. The messag
Hello Jennifer,
Monday, December 22, 2003, 2:32:45 PM, you wrote:
JF> I am so sick of these spam emails but not sure how to stop them. Could
JF> anyone give me any guidance? I am currently using sa 2.55 and planning
JF> to upgrade to 2.61 next week.
The rules I'm using (2.60, should work OK in
Hello mairhtin,
Thursday, December 18, 2003, 12:09:40 PM, you wrote:
m> I am getting a new flood of spam that appears not to be even
m> selling anything, but merely trying to get through the filters.
m> Could they be trying to "learn" from this? I don't see how, but
m> someone suggested as muc
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello Chris,
Tuesday, December 16, 2003, 9:34:48 PM, you wrote:
CA> Is there a way to get a report or log of the test
CA> results hits that spamassasin finds. ...
I've begun to do something like this using the mass-check functionality
within SA's ma
Hello Robert,
Sunday, December 14, 2003, 11:25:06 PM, you wrote:
RN> ie. is there a way to conditionally do those offsite checks only if
RN> they are necessary?
RN> ie. my current score is less than required_hits?
You might want a variation on my mechanism.
I'm stuck with user_prefs here, and d
Hello Ryan,
Monday, December 15, 2003, 12:03:34 AM, you wrote:
RL> I have been assined the job to delete all incoming mail before it reaches the
RL> mailboxes. ...
Are you using procmail or something similar? Should be fairly simple to
code a procmail script entry that sends everything to /dev/n
1 - 100 of 287 matches
Mail list logo
