I, as well as many others at my company here, have been getting in the past
month or two a lot of empty spam. In the body of the email is nothing at
all. Often SA will tag it with some stuff based on the headers, but many of
these are getting through because there is simply nothing on which to
I've had my AWL data in a SQL database for almost a year now
Michael - does your code handle per-user AWL and bayes in SQL, or just
site-wide?
thanks!
johnS
---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in
Is SA hard to install? Not harder than any other program
based on Perl.
While I agree it is not a good idea to compare SA 2.44 to current commercial
anti-spam packages, I think those of you who say that SA is easy to install
are being a little bit disingenuous.
It has a whole laundry list of
Some time ago, there was an announcement of patches to SA to allow for
SQL-stored Bayes databases.
I haven't seen word of this being integrated in to the main
tree since then,
but it's possible I've missed it.
Hmm... I don't recall seeing this at all; does anyone have any info on this,
Okay, THIS is a little silly for sourceforge, at least for the SA list:
[EMAIL PROTECTED]: host
mail.sourceforge.net[66.35.250.206] said: 550-This message matches a
blacklisted regular expression ([Vv] *[Ii] *[Aa] 550 *[Gg] *[Rr] *[Aa])
(in
reply to end of DATA command)
(now
I'm wondering if it is possible to provide per-user bayes learning without
having accounts on the SA server for each user. Has anyone done anything
like this?
I'm running it with amavisd-new, and am running it with site-wide bayes. The
spams/hams to learn come from a public folder, and generally
So, I'm running SA 2.60 with bayes enabled. I've got a folder to which
people can drag emails that are misclassified. This has always worked very
well in the past with 2.55.
What I've noticed is that when SA learns from a spam, the bayes score
usually shoots way up to 99% right away (an
Anne Ramey writes:
I'm trying to add local rules, but only one of the .cf files in
/etc/mail/spamassassin seems to be used. Can you only have
one extra
.cf file? (I'm using amavis with SA, so I was told the extra rules
can't go in local.cf).
Please ask the amavis people, since it
| - The action routine would run through the hashes and
compute the average
| spam levels for each IP, ...
|...
| I guess I need to sort out what a good criteria would be
for action. Would
| average spam level be an adequate way to determine a bad IP? ...
Don't use 'average' on
Median sounds like a better idea than average, for sure.
Perhaps to be conservative both will have to be over a
certain threshold.
Actually, perhaps it would be best to only turn off SMTP from servers from
which *no* legitimate mail was delivered (in the last X amount of time).
This is
Clueless hacker wrote:
Is there any way to get this _RELAYSUNTRUSTED_ data into the
Mail::SpamAssassin object somehow? Then I think I could
hack amavisd-new to
log this relay information.
jm wrote:
Hmm -- I suppose you could do
my $untrusted = $per_msg_status-_get_tag
Okay, I whacked together a perl script to do some very rudimentary parsing
of the SMTP relays logging I hacked into amavisd-new.
I filtered out any host that delivered less than 2 emails, or had an average
spam level of less than 5. This is what I ended up with for this afternoon's
mail (since I
Unfortunately, the $untrusted variable always seems to be
blank. This is
what I see in the logs:
my bad. try
my $untrusted = $per_msg_status-_get_tag
(RELAYSUNTRUSTED);
no _'s.
Awesome! That did it! I'm now getting logging of untrusted relays from
amavisd! You
I'm not sure if this would be something that SpamAssassin could do, or if it
would need to be integrated into amavisd-new, for those of us using that
excellent tool.
(BTW, I just wanted to say 2.60 is the bee's knees. Bayes learning seems to
be even more improved than the already good 2.55
John Stewart (not the talk show host, nor the singer) wrote:
I'm sure SA must parse each of the Received headers to
determine the SMTP
servers, so at some point this information is available. Would it be
possible to get this information logged somehow with the spam level?
[EMAIL
I finally got around to installing 2.60 today in my system, running it with
amavisd-new (which I also bumped up to the latest, 20030616.
I'm very happy that the bayes opportunistic expiration is now configurable
with the bayes_auto_expire option.
However, there seems to be some other contention
Okay, I wanted to drop in your evilrules.cf file into my SA setup, and I did
so using (in /etc/mail/spamassassin/):
lynx -dump http://www.merchantsoverseas.com/wwwroot/gorilla/evilrules.cf
evilrules.cf
However, this seems to cause problems. After this, doing a spamassassin -t
causes all sorts
http://www.merchantsoverseas.com/wwwroot/gorilla/evilrules.cf
Interestingly, this is triggering a rule in the evilrules.cf itself:
rawbody G_WWW_MERCHANTSOVERSEAS_COM /www\.merchantsoverseas\.com/
describe G_WWW_MERCHANTSOVERSEAS_COMEvil_10_9_03
G_WWW_MERCHANTSOVERSEAS_COM
score
Nope, it looks like WordPad is a bad place to edit :)
Apparently it has some
hidden characters in it. AS of 4:40 EST today, I resaved it
under MSDOS text
format in the hopes it fixed it. Did you get the file before then?
Aye, I'm sure I did. However, someone has also suggested wget, which
Here's the graph of our spam vs non-spam. Spam levels have
definitely
dropped noticeably, though not precipitously. I've not
changed the SA
or mail gateway config in a couple of weeks, so I don't think it's
anything to do with changes I've made.
I didn't include the graph you did,
I had a couple of users ask me today if there was a change to
our mail config, as the number of spams they received had dropped off
considerably. I personally didn't notice much (750+ spams since Sunday), but I'm
wondering if anyone else has noticed anything.Perhaps the worms going
around
Well, so far, so good.
I've set the bayes_expiry_scan_count to 50 and set up a nightly sa-learn
process to do the --force-expire.
It's been 3 days so far without amavisd-new freaking out on me; looking
good.
thanks!
johnS
---
This
Can anyone tell me if there is a way to deploy an Outlook rule created
to Outlook clients without manually having to create it for each user?
Well, I just created detailed step-by-step instructions *with pictures* for
the users to set it up on their own using the Rules Wizard.
If you do
Okay, I have a more specific question which I hinted at in my previous
rambling regarding amavisd-new and SA 2.55:
http://marc.theaimsgroup.com/?l=spamassassin-talkm=105374227831594w=2
I understand that there appears to be no way to turn off opportunistic
expiration in 2.55 (this is causing no
Theo wrote:
In 2.5x, if you're going to do manual expires, change the expiry_count
value to something really large.
In 2.6x, just do 'bayes_auto_expire 0'. ;)
Okay, so I just set the bayes_expiry_scan_count to 50 (as Dallas
suggested in his previous email, and you do here). No
Aye, ATTABOY! Definitely a kick ass piece of
software. spam-stats from one of the co-lo machines: spam:
304 clean: 80 skipped: 0 total: 384 processed:
384 The mail log was rotated earlier this morning. And yes, the
stats are accurate.. only 80 legit mails, everything else SPAM. If
Please correct me if I am wrong. But I thought I saw a
posting a while
back (when 2.50 came out) that doing what you are doing would
shift the
balance of the Bayes DB toward one side or another. I
remember someone
clearly stating that you need an equal amount of SPAM and HAM to do
John scrawled:
One thing I was doing every hour was an sa-learn --rebuild,
but I wasn't
doing a --force-expire. I'm going to put that in place to run
every hour as
well and perhaps an hourly expire will help things out. We
shall see.
Well, it apparently has not.
snip
I thought
I think there maybe be problems with the public folder
solution in Exchange 2000. While it appears to work under
Exchange 5.5, in Exchange 2000 it seems that all mail stored
in public folders and accessed through IMAP or POP loses a
lot of its header information, at least in my
I was wondering if it could be possible to get sa-learn to
just look at the message text
and ignore all header information when I feed it with
messages from exchange (since exchange screws everything up).
That way all users on the exchange-system could just
forward their emails to
What's the status of 2.53? I'm eager to get to it as I'm still on the (non-expiring)
2.50, but I don't want to run against any showstoppers... anyone had any problems??
thanks!
johnS
---
This SF.net email is sponsored by: ValueWeb:
JP write:
The only way I know of is to move/copy the messages to public folders,
since then the headers are not touched at all. We then fetch
those mails
via cron job and IMAP and feed it to sa-learn. Works pretty well.
Been playing around with this the last couple of days, and it seems to
These are being sent to the list more frequently--is there
some reason why the
admins allow posts from nonsubscribed addresses?
Good question. This has been discussed before, but I don't remember the justification
for open posting... is there an actual good reason for this?!?
johnS
These are being sent to the list more frequently--is there
some reason why th
e
admins allow posts from nonsubscribed addresses?
yes, it's a list where people post tech support q's.
Hmmm... I dunno how this follows. If someone wants to see the answer to their
question, wouldn't they
Our infrastructure would look like:
Internet--[SA]--[Mailsweeper]--[SMTP/Lotus Notes
gateway]--Lotus Notes Mail reader on Client PC
Our is:
Internet--[postfix gateway]--[SA+amavisd-new]--[Exchange]
20k-30k emails a day, not a huge site.
In order to tag mail flowing through, I used
A few days ago, someone mentioned graphing stats from
spamassassin using
MRTG and others. Well, I got that working, and it's pretty slick.
Care to share the recipe for this? I didn't see anything in the SAtalk
archive...
'twould be excellent to show a graph to management so they can
Kind of in the vein of the all-graphics spam, this guy got through this
morning. It only scored a 1.3:
---
This sf.net email is sponsored by: Jabber - The world's fastest growing
real-time communications platform! Don't just IM. Build it
(aaach - my apologies... Outlook decided I wanted to send it before I
finished composing)
Kind of in the vein of the all-graphics spam, this guy got through this
morning. It only scored a 1.3:
SPAM: Start SpamAssassin results --
SPAM: This mail is
(good lord, I'm so dumb forgot to attach)
(Note to self: never post before you have your morning caffeine)
Kind of in the vein of the all-graphics spam, this guy got through this
morning. It only scored a 1.3:
SPAM: Start SpamAssassin results --
I'd like to use spamassassin to filter our e-mail. However
the poweres that be have dcreed that our mail service shall
run on MS Exchange. Is there a way to insert Spamassassin
into the system so that it will filter incoming mail before
it reaches the Exchange server?
We have
I'm scanning mail flowing through a mail server (on its way to our internal
mail server) using amavisd-new and SpamAssassin 2.31. Works great; it's
literally changed my life.
In /etc/mail/spamassassin/local.cf, I have:
required_hits 5
(which I think is the default anyway), so all mail with a
I had a user report this spam as getting through, so I ran it through
spamassassin -t to see what it scored... it only picked up the CASHCASHCASH
rule ($$$ in the subject).
Looking at it, I saw there was a URL to an IP address, so I looked in the
spamassassin .cf files and saw this in
I am trying to install your spamproxyd so I can get SpamAssasssin working to
tag messages flowing through our postfix mail gateway (running on Solaris
2.6) to our internal Exchange server.
I installed SA 2.01, which as a simple application seems to work well.
However, when I tried to use
Craig Hughes wrote:
Actually, we dropped Mail::Audit since it doesn't work in a variety of
situations, and replaced it with our own version,
Mail::SpamAssassin::NoMailAudit -- change the line to use
that class instead
(and the use line at the beginning of the file) and you
should be ok.
44 matches
Mail list logo