Scott Lambert wrote:
Your idea turns the HABEAS_SWE test into a network test.
Actually it _is_ a network test: It relies on legal means to shut down
violators and the HIL to block ip addresses whose use of the Habeas
headers can't be or has not yet been stopped by legal means.
Instead of
Charles Gregory wrote:
So I guess the question is, how 'expensive'
would it be in terms of processing power
There's also the question of how much benefit would it have.
I recall someone trying out searching for close matches to spam words in
a corpus and not getting very good results at picking
Pedro Sam wrote:
I tried to remove the habeas headers mannually
You can get the same results by putting in your preference or
configuration file
bayes_ignore_header X-Habeas-SWE-1
bayes_ignore_header X-Habeas-SWE-2
bayes_ignore_header X-Habeas-SWE-3
bayes_ignore_header X-Habeas-SWE-4
Link, Pete [EMAIL PROTECTED]
Is it possible to whitelist a recipient???
You use the all_spam_to list, or if you want to filter some but not all spam
to the address you use whitelist_to or more_spam_to.
Search for those keywords on
http://www.spamassassin.org/doc/Mail_SpamAssassin_Conf.html for
Milt Epstein [EMAIL PROTECTED] wrote:
there are different definitions of
what spam is, and I'm sure it fits some of them.
[...]
appears to the person receiving the mail, it looks like spam and can
be dealt with as if it were spam. It doesn't really matter how it
originated.
Actually it
Rice, Kevin [EMAIL PROTECTED] said:
Actually, it looks like I get RBL+ as one big zone
rather than a split zone for RBL, DUL, and RSS.
Is there any way to set up a custom RBL check.
Search for the various rules with OSIRUS in their name and see how they are
implemented. relays.osirusoft.com
Rossz Vamos-Wentworth [EMAIL PROTECTED] asked:
Can someone tell me how to call f-prot from procmail and
nuke the message if it is virused?
This is the recipe I used to use before I installed mimedefang to do it earlier in
the mail processing. It is more complicated than absolutely necessary
Bob Proulx [EMAIL PROTECTED] wrote:
I have been getting a lot of audio (Klez virus) files lately.
So have I. So have a lot of people. Rather than reinvent the wheel and have to do it
all over again for the next virus du jour, just install an antivirus program that is
made for the job and comes
I just set up MIMEDefang on my system, set up as a sendmail milter, calling f-prot
and SpamAssassin.
I don't see how it would be possible for SpamAssassin to use any user preferences,
such as whitelist_from or all_spam_to, since SA gets called so early in the process.
Is it true that this type
Brian [EMAIL PROTECTED] wrote:
I have white_list(ed) *@mydomain.com
Spam comes in from someone claiming to
be [EMAIL PROTECTED]
I've been wondering about that too. You appear to have control of your entire domain
and to be using your own mail server for outgoing mail, which is my situation.
A followon to my previous message: Running sendmail on my own server, the only time
its ip address appears in a Received header is when it is used to send out mail.
Incoming mail results in a Received header that shows its local ip address inside the
NAT firewall. So it would be easy to filter
Doug Crompton [EMAIL PROTECTED] wrote:
Well I got my first XXX that made it through SA today.
[...]
Subject: (Adult) Eatme, Juicy ripe P*ssy for you.
I got that too. It slipped right through the distribution SA but I checked it using
the latest CVS SA and that tagged it right off with a score
On Fri, 2002-05-31 at 15:37, Brian May wrote:
Has anyone seen this header before? Google had no matches.
X-Stormpost-To: emailaddy numbers, possibly web bugs
If you try a google search for 'stormpost spam' you'll find that there
are people who consider StormPost spamware and block mail with
On Tue, 2002-05-21 at 11:20, Joel Epstein wrote:
Is there a way to set a size limit as to which mails are scanned?
Since you are using procmail you can simply add a test
* 25
to the recipe that you use to call spamassassin.
By the way, I have a similar RedHat 6.2/sendmail/procmail setup
On Mon, 2002-05-20 at 14:18, Peter Scott wrote:
Does anyone have a rule for matching the Klez virus?
Following Craig's suggestion, made earlier on this list, I installed
f-prot for virus scanning and call it from procmail before any other
filters, sending any catches to /dev/null. That replaced
On Mon, 2002-05-20 at 17:17, Ed Kasky wrote:
Could you post that procmail recipe to the list?
I started to, then did not because I have been lazy and took a shortcut
with it that really should be fixed before anyone else uses it. But I'll
post it now with lots of comments added. Maybe someone
On Fri, 2002-05-17 at 10:07, Debbie Doerrlamm wrote:
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.
[EMAIL PROTECTED]:
Connected to 216.40.216.155 but sender was rejected.
Remote host said:
On Fri, 2002-05-17 at 12:03, Chris Petersen wrote:
Offhand, how does Razor get false positives? I thought that it was MD5-based
and the email had to be exact?
it does. but md5 doesn't generate a unique id... there's no way that a
smallish number can be used to identify an infinite
On Fri, 2002-05-17 at 14:32, Michael Stenner wrote:
Now, with odds of about 10^-34, if you decide you're going to try
enough hashes to give yourself a 1% CHANCE of finding one, you only
need to try
0.01 * 10^34 = 10^32 times. at 1,000,000,000 tries per second, that
will only take you
On Thu, 2002-05-16 at 12:39, Justin Robinson wrote:
We are running FreeBSD 4.3-Release, sendmail 8.12.2, procmail 3.15.1, and
spamassassin 2.11
Some of the bugs that have been reported and fixed since 2.11 had to do
with rules with regexps that took really long times at high loads on
some
On Wed, 2002-05-15 at 08:26, LuKreme wrote:
:0:
* X-Spam-Level: **
/dev/null
Doesn't that have to be
* X-Spam-Level: \*\*\*\*\*\*\*\*\*\*
in regexp syntax?
Although I would prefer a way to bounce it (with spamassasin headers), on
the off chance that there is ever legitimate
On Tue, 2002-05-14 at 18:28, Ron Carter wrote:
:0
* ! ? test -f $HOME/.nospamcheck
:0fw
| spamassassin -P
:0:
* ^X-Spam-Status: Yes
/dev/null
Theo gave you one workable answer, but you probably meant to do was:
:0
* ! ? test -f $HOME/.nospamcheck
{
:0fw
| spamassassin -P
:0:
*
On Fri, 2002-05-10 at 16:15, Henry Kwan wrote:
I was just curious why it didn't tag it.
[...]
X-Spam-Status: No, hits=-6.5 required=6.0
Perhaps because -6.5 really is less than +6.0?
-- sidney
___
Have big pipes?
On Thu, 2002-05-02 at 09:16, Charlie Watts wrote:
It has just occured to me that this will adjust the AWL math because
I won't be getting big positive numbers into the AWL any more.
The fact that the -S option is reasonable points out that the scoring is
not a linear measure of spamminess. The
On Tue, 2002-04-30 at 11:11, rODbegbie wrote:
OE would display it to the user, but SA would miss it for scoring.
That's a good point, especially since according to Theo it is not just
OE, it is IE's renderer that sees them as comments. We are talking about
what spammers are going to use to
Jeff Shepherd [EMAIL PROTECTED] asked:
Also, I need to add something to the header that will make
SpamAssassin will recognize it as not spam.
Any recommended way?
You would not want SpamAssassin to default to anything that spammers could put in
spam to get it to pass. But there should be no
Doug Crompton [EMAIL PROTECTED] asked:
What can I tell this person to do differently to avoid this?
When you say it is a known address from where spam was sent
(dialup) do you mean the dialup account of the original AOL user?
Here is what relays.osirusoft.com has to say when I look up that ip
Dan Wilson [EMAIL PROTECTED] wrote:
2. Is there a way to configure it to not scan outgoing email.
I'm thinking this is actually done through qmail-scanner?
The qmail-scanner faq says:
10. How do I configure/install Spam Assassin?
[...] I'd recommend not running it in the default mode, where
Dan Wilson [EMAIL PROTECTED] wrote:
These are my settings... other than the rewrite_subject.
My users use that to filter in the mail client.
That's ok if you add a rule that guarantees that mail is not flagged as spam on the
way out, since then the subject will not be changed. You want to be
On Mon, 2002-04-15 at 11:49, Barry L. Kline wrote:
Here's the only thing in the recipe in /etc/procmailrc:
Wouldn't that make spamc run as root? Does that mean you have to give
spamc the -u option to get user prefs (IIRC - I am not at a machine with
spamassassin docs right now). Or even better,
[moved from Razor-users mailing list]:
On Mon, 2002-04-15 at 11:36, Craig R Hughes wrote:
Is the problem that you're seeing real email generating scores in
excess of 30 in SA, or that people are ignoring the warning and
reducing the threshold substantially below 30?
Craig -
As someone said
On Wed, 2002-04-10 at 17:04, Sidney Markowitz wrote:
It feels to me like the kind of thing a reporter would
get wrong while being taken in by an business
man's self promotion.
I asked Vipul on the Razor mailing list and it turns out that my
intuition was wrong -- Vipul did co-found Cloudmark
This may be of interest -- It's about an upcoming spam fighting program
that uses Vipul's Razor combined with something that matches phrases
from a spam corpus. My experience with reporters tells me to take some
things with a grain of salt: The article is written as if Vipul is an
active partner
On Fri, 2002-04-05 at 15:25, Andrew Salamon wrote:
I tried the simplistic approach of simply piping a Unix mbox file through
SpamAssassin but it only seems to have looked at the first email.
Yes, SpamAssassin expects that its input is a single mail message.
formail is designed to do what you
On Thu, 2002-04-04 at 17:42, Olivier Nicole wrote:
Is there a way to report to sa-sightings list, without receiving all
the reports from others?
Does this mean that none of the spam I've been forwarding there has
arrived because I'm not subscribed to the list?
-- sidney
Christopher Faylor [EMAIL PROTECTED] wrote:
Can I point out that it is probably possible to use spamassassin on
Windows, if you run it under Cygwin (www.cygwin.com)? Although, I sort
of run the cygwin project, I have never actually tried it.
Just for grins I saw how far I could get without
dman [EMAIL PROTECTED]
The trick is to make the script put the data we want it to
in the body of the message :-).
Exactly -- I doubt it is possible.
If you really want to see what you are dealing with, download the formmail.cgi script
itself that the site is using from
On Fri, 2002-03-29 at 11:05, dman wrote:
If the spammer can send me the spam, why can't I send
the listme request?
Actually, now that I have taken another look at
http://dsbl.org/faq-help.html
I see that you can. I thought the specially formatted message had
something in the headers. All it
This is a resend. It appears that the mailing list software on
sourceforge filters out mail that contains the formmail.cgi signature
and it dropped my message which contained a quote of some formmail.cgi
output :-)
On Fri, 2002-03-29 at 11:05, dman wrote:
If the spammer can send me the spam,
Whoops - not a filter, just a slow server. Sorry about the redundant
post.
-- sidney
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
dman [EMAIL PROTECTED] said:
So I'm trying to exploit the script to make the site blacklist
itself at dsbl.org. I found a form on the site with the action
as /cgi-bin/formmail.cgi.
It's easy enough to find the details of the exploits of formmail.cgi version 1.9 and
less using a Google search
On Fri, 2002-03-22 at 01:12, Ben Jackson wrote:
I get a LOT of spam. You can just look at my email address
and guess why.
I can relate to that :-)
-- sidney
[EMAIL PROTECTED]
Not spelled the same nor related to the law firm at sidley.com, nor
disney.com, nor Sydney, Australia, nor
On Fri, 2002-03-22 at 10:28, rODbegbie wrote:
I usually take the time to log-on to whatever service it is,
change their password, then mess with their settings a bit.
Here's a hint that's actually slightly relevant to this mailing list
(well, at least it is anti-spam):
If the service they
On Thu, 2002-03-21 at 18:24, William R Ward wrote:
http://www.spamlaws.com/state/summary.html
Wisconsin: ADULT ADVERTISEMENT anywhere in subject line
I've never seen spam with this in the subject line, caught by SA
or otherwise.
Maybe Wisconsin doesn't have the right weather for porn
On Tue, 2002-03-19 at 14:29, AHA Lists wrote:
Here is what I have in my procmailrc file, what is the syntax error?
:0fw
| spamc
/home/Mail-SpamAssassin-2.11/rules
I'm guessing that the rules file is supposed to be an argument to spamc
of a file that contains your custom rules, you have
I've had two messages squeak through SA's spam filters that came from
intervolved.net. They claim that they are opt-in, but the opt-in is with
some business partner that they do not name and the spam is sent
advertising other business partners so there is no way of knowing how
I got on the list
Olivier Nicole [EMAIL PROTECTED] wrote:
I would not think that spammer are dumb enough to send empty email
just to see what would bounce. because by the time they are done with
their testing, they will end up blacklisted/blackholed or whatever.
No, the ones I saw looked like they were using
There's a summary of anti-spam laws of various states in the US at
http://www.spamlaws.com/state/summary.html
The ones that require some identifying text in the Subject line are
(Where only an Adult version is mentioned the law only applies to porn
spam):
California, Colorado, Tennessee:
each client is bound by a definitive anti-spam policy
which must be agreed to prior to becoming an EM5000 client.
Yes, and they assure me that under Bill s.1618 TITLE III passed by the
105th US Congress their letter cannot be considered spam as long as the
sender includes contact information
I don't really know perl, but I tried to duplicate the slow match on the
rule in a little test program to see if I could experiment with ideas
for a working regexp.
The following program did not take long to run. What am I doing wrong?
#!/usr/bin/perl
$string=AAA foofoo;
if
I just got another one of these slip by the filters. I forwarded it to
spamassassin-sightings, but I want to bring up the proposed rule again
here. I'm surprised that it didn't make it in already.
I see quite a bit of porn spam that ends with the line
I hate free porn! Don't ever tell me about
On Fri, 2002-03-01 at 14:34, William R Ward wrote:
This is *not* spam...
If I were to receive that Rich Dad email unsolicited it would clearly be
spam. The only way Spamassassin could know that it is not unsolicited
and therefore not spam to you is for you to put it in your whitelist.
If
On Fri, 2002-03-01 at 17:52, William R Ward wrote:
Hmm, looks like I was wrong. It does apparently have spammish
headers. I don't know anything about osirusoft.com, but spamassassin
says it's a spammer
Actually I would say that I was wrong. Spamassassin did not think that
the body was spam.
On Thu, 2002-02-28 at 10:08, Theo Van Dinter wrote:
you're probably already using procmail for spamassassin,
so add in the rule (it's in the procmail man page) that
unduplicates your messages based on message-id.
That doesn't help people he sends to who might not have that, but your
On Tue, 2002-02-26 at 13:41, Bob Plankers wrote:
However, SA is really slow, and I need to deal
with 150-200 email messages per second
for 85,000 accounts without a room full of hardware.
The two things you can do are 1) Run spamd/spamc so that you don't have
to load up a new spamassassin
On Mon, 2002-01-28 at 07:04, Greg Ward wrote:
If you read the regex carefully, you'll realize that there are some odd
restrictions on that line of yelling:
* it must be at least 45 characters long
* there must be a word at least 5 characters long in the middle,
at least 20 characters
On Wed, 2002-01-23 at 15:23, Charlie Watts wrote:
You mean for delivery to a Maildir, so that courier-imap can use it,
Yes, I interpreted his request as being for courier-imap Maildir format,
which is what I use.
I don't think you need locking for delivery to a maildir ... you can
probably
I sent a copy of the entire mail message to
[EMAIL PROTECTED] but I thought some of it
should be brought up on this list.
The following body text didn't get hits. I would think that FREE
HARDCORE TEEN PORN should be worth some points in one of the porn
filters Also the I hate free porn! Don't
58 matches
Mail list logo