[SAtalk] Re: Bigevil and thoughts....

that case? I'm not saying that the domain should be forgotten, but that iit should at least be in a different list. 'Bigevil.cf' -- never once seen in ham. 'Maybeevil.cf' -- a small number of hits in ham Scott

RE: [SAtalk] Can someone explain this?

My suggestion is to move your filter threshold to 4.5 and stop worrying about it. SCott At 02:31 PM 1/30/2004, [EMAIL PROTECTED] wrote: I believe the idea is right but your example is wrong. 4.92 rounds to 4.9, not to 5.0 It may have been any number between 4.95 and 4...., say 4.983

[SAtalk] Re: Bigevil and thoughts....

gt; 'Maybeevil.cf' -- a small number of hits in ham > > > > Scott > > That would be nice, but its hard enough to do one file :) I've got a prototype for testing that can convert a list of domains into automatically built rules. Add and remove from the source file

[SAtalk] Re: [RD] spammer reactions to antidrug (humorous)

/ldperl.htm Plus some eval rules so that if a word is not in the bayes database, but its edit distance from 'FOOBAR' is 2, it is given a spam probability of .90, or if its edit distance from 'FOOBAR' is 1, it is given a spam probability of .95. Well, its just an idea. Scott

[SAtalk] Re: Can someone explain this?

SSAGE,HTML_WEB_BUGS,LOCAL_PERLMX_TAG_80,MSGID_FROM_MTA_HEADER > autolearn=no version=2.61 > > > It met the required hit total (exactly) to be classified as spam. > Roundoff error, a score between 4.95 and 5.04 is rounded to 5.0 for display, so this ema

[SAtalk] False positive on FORGED_MUA_MOZILLA

The attached message sent through spamcop has tripped the FORGED_MUA_MOZILLA. Maybe it needs to be looked at? -- Scott Lambert KC5MLE System Administrator Attention Customers: Refer-A-Friend and receive one month of service for free! For further details, please visit

Re: [SAtalk] SA missed an 'invisible font'?

mething similar. The style rule just wasn't getting nearly all of them. rawbody INCH_NOPOINT_1 /\]*\bsize(=3d|=)0/i describe INCH_NOPOINT_1 INCH CUSTOM RULE -- 0pt font size tag -- Scott LambertKC5MLE Unix

RE: [SAtalk] stats

D] ourceforge.net>,<[EMAIL PROTECTED]>,Re: [SAtalk] stats Which then the perl scripts could easily identify. Of course this is very specific to the configuration listed above HTH, Scott --- The SF.Net email is sponsored by Eclip

RE: Re[2]: [SAtalk] Hello, new to list ! :-)

eeing. I'm now starting to back off on the threshold to eventualy get it back to 5.0. CF's like bigevil are expecting your threshold to be 5.0. I believe even Bayes assumes your threshold is 5.0. Scott -Original Message- From: Robert Menschel [mailto:[

Re: [SAtalk] trusted_networks being ignored at times?

ist server's IP (Server B)? That way you avoid the hop through Server A. -- Scott LambertKC5MLE Unix SysAdmin [EMAIL PROTECTED] --- The SF.Net email is sponsored by EclipseCon 2004 Pre

[SAtalk] Re: This spam scores too low

On 21 Jan 2004 12:13:40 -0600, Scott A Crosby <[EMAIL PROTECTED]> writes: > On Wed, 21 Jan 2004 12:57:55 +0100, Ralf Vitasek <[EMAIL PROTECTED]> writes: > > > Hi Jürgen! > > > > you need some rules for SA which can detect obfuscated spellings of > >

[SAtalk] Re: This spam scores too low

* which i'm not allowed to post on this list. :S > > > drawback is that those rules are hard to write, i'm thinking about > coding a template that can generate such rules out of keywords. > > or is there such a thing already? http://sandgnat.com/cmos/ Scott

Re: [SAtalk] This spam scores too low

e the spam email to be fair. -Scott Jürgen R. Plasser wrote: Spam detection software, running on the system "mail.troutpocket.org", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or block

[SAtalk] Re: More obfuscation

is sort of obfuscation-analysis only on new tokens. If a token has never before been seen, but it appears close to what seems to be an obfuscated bad-word, we assign it a provisional spam-probability when doing baysean analysis. Scott --- The

RE: [SAtalk] Schools Slapped? FVGT

Thanks for the feed back. I've already lowered the score to 0.3. I considered changing the rule to excluding the .us domain, but too afraid to break it. I'm glad I have the FVGT rules, no mistake, just surprised by what FP's it created in my school biased environment. SCott

Re: [SAtalk] Turning off Habeas?

S and %#&&$^ come out to play. Sometimes I'm wrong but I don't get ulcers worrying about it. Bikeshed -- See : http://www.freebsd.org/doc/en_US.ISO8859-1/books/faq/misc.html#BIKESHED-PAINTING -- Scott LambertKC5MLE Unix SysAdmin [EMAI

Re: [SAtalk] /etc/mail/spamassassin/local.cf is ignored

t directly rather than making a spamc call which causes a fork in spamd to filter the message. I have never used amavisd so I probably don't know what I'm talking about. -- Scott LambertKC5MLE Unix SysAdmin [EMAIL PROTECTED] -

Re: [SAtalk] Turning off Habeas?

TOR is good for +16. A lot of people on this list need to calm down and stop over-reacting. I seem to remember something about babies and bathwater. -- Scott LambertKC5MLE Unix SysAdmin [EMAIL PROTECTED]

[SAtalk] Schools Slapped? FVGT

I just started using the FVGT rules and got this FP. Do I understand this right, the rule below penalizes (scores high) anyone with a .us domain? Many schools across the country use the .k12.ss.us format where ss is their state two letter identifier. thanks SCott 2.4 FVGT_u_BZ_TLD

[SAtalk] V-drug spam gets *0* hits on SA 2.55

Read it and weep. :( Next question, how was it sent? The Received headers look relatively legit, so was this sent from a trojaned AOL user? I have *got* to implement that fuzzy matching algorithm. Scott --- Begin Message --- pronounce, How Vigras works. And you can better understand, what

[SAtalk] Re: Matching a list of strings quickly.

On Mon, 19 Jan 2004 22:47:07 -0800, "Mitch (WebCob)" <[EMAIL PROTECTED]> writes: > Question - your from doens't match your to in the final example - right? Yes. I thought that pasting in a 300 line exerpt would be c

[SAtalk] Matching a list of strings quickly.

A few weeks ago I described a technique to automatically convert a list of strings into a factored regexp for faster matching. You know, from foobat foobang fooziit to foo(bat|bang|ziit) Well, I've got a prototype complete and available here: http://www.cs.rice.edu/~scrosby/datami

Re: [SAtalk] Missing Spam Headers? Why?

On Mon, Jan 19, 2004 at 10:18:58PM -0500, Larry Gilson wrote: > > -Original Message- > > From: [EMAIL PROTECTED] > > On Behalf Of Scott Lambert > > Sent: Monday, January 19, 2004 7:32 PM > > To: [EMAIL PROTECTED] > > Subject: Re: [SAtalk] Miss

Re: [SAtalk] Missing Spam Headers? Why?

scanning time, among other things. If you are not exceeding the 30 second timeout with spamd, you may not have enough spamd processess allowed to handle the simultaneous spamc requests. -- Scott LambertKC5MLE Unix SysAdmin [EMAIL PROTECTED] ---

RE: [SAtalk] BigEvil Archive

blem). > > That's just my $0.02. You mileage might vary. > > Gary Smith > > > > To add to this, I just keep all my config files in CVS (sendmail, mimedefang, SA). It has been a life saver for just such problems. Scott -

[SAtalk] Re: Looking for comments on this rule: EMAIL in URL

27; and '[^.]' instead of '.' in a couple of places. Scott --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 i

RE: [WL] [SAtalk] Yikes.. rules_du_jour

nse... 200 OK > > The clue is the "200 OK" message. If If-Modified-Since was > being employed, the return code would have been "304 Not Modified". > > The overhead of this probably doesn't matter on this scale, though. > > Martin Cool. Thanks for the

RE: [WL] [SAtalk] Yikes.. rules_du_jour

1.9.1, which > is the current > version.) > > Perhaps there's a Perl module that could do this > > Martin My wget client checks for a newer file, or did I miss your point? Scott wget -N http://www.merchantsoverseas.com/wwwroot/gorilla/bigevil.cf --12:39:36-- http:

[SAtalk] Re: common patterns / improving bigevil

On Sun, 18 Jan 2004 17:41:00 +0100, PieterB <[EMAIL PROTECTED]> writes: > Hi, > > I have an idea, similar to Scott A Crosby's datamining application. > I didn't use a datamining/analysis program, but used the Bayes > database. For example if you use: > >

[SAtalk] A new automatic tool for finding common patterns in spam

1001.lunchboxx.net>\n 41 1\n\n 41 1coupons, discounts 42 1 000 \nsiz 43 1 -Type: MULTIPART/alt Capitalized MULTIPART If you find this useful, please send me a heads-up. Scott --

[SAtalk] Re: Ann: "Rules De Jour": An automated way to keep up with the latest rulesets

clients to go away. This is absolutely necessary, otherwise you'll have no way to depreciate the service, either from age or from excessive load. NTP taught this lesson of this mistake. Systems getting hundreds of queries a minute that haven't run NT

RE: [SAtalk] Problems running begevil and tripwire together (possibly solved)

> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On > Behalf Of Scott Harris > Sent: Thursday, January 15, 2004 2:05 PM > To: [EMAIL PROTECTED] > Subject: [SAtalk] Problems running begevil and tripwire together > > I think I

RE: [SAtalk] Problems running begevil and tripwire together

> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On > Behalf Of Scott Harris > Sent: Friday, January 16, 2004 9:59 AM > To: [EMAIL PROTECTED]; 'Chris Santerre' > Subject: RE: [SAtalk] Problems running begevil and tripwire tog

Re: [SAtalk] Acronym Update

Carl Chipman wrote: For the new people on the list, I was wondering what the following acronyms mean: LART UBE/UCE Are the acronoyms in the FAQ? Carl, Luser Attitude Readjustment Tool Unsolicited Bulk/Commercial Email Google is your friend, HAND, Scott -- Scott V. Blomquist,A-SA-CN-NRK

RE: [SAtalk] Problems running begevil and tripwire together

gave the error. I guess time to hit up the mimedefang folks. Thanks! Scott (loving sunny SoCal 70 degree weather) Harris > -Original Message- > From: Chris Santerre [mailto:[EMAIL PROTECTED] > Sent: Thursday, January 15, 2004 8:16 PM > To: 'Scott Harris'; Spa

[SAtalk] Re: Spam Collecting

ng it. What you're doing is catching errors. If you do this, can you submit the program into contrib? Scott --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the brea

[SAtalk] Re: Korean Spam

t indicates a foreign language Scott --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.

Re: [SAtalk] Books...

nes on TV! This one's > for real! > > -- Homer Simpson > A Milhouse Divided > -- Charlie Scott <[EMAIL PROTECTED]> --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conferenc

[SAtalk] Problems running begevil and tripwire together

rors are from mimedefang below, but I still posted here because the errors didn't occur until SA started in with the new bigevil. Thanks for any help. Scott [EMAIL PROTECTED]:/var/log# Jan 15 09:04:27 linux1 sm-mta[17033]: i0FH4Qnm017033: from=<[EMAIL PROTECTED]>, size=3232, c

RE: [SAtalk] Moving bayes to a different server - not working

ectory). 'file bayes_toks.pag' returns: bayes_toks.pag: data I think I need some more pointers :) Cheers Scott -Original Message- From: Theo Van Dinter [mailto:[EMAIL PROTECTED] Sent: Thursday, 15 January 2004 5:04 p.m. To: Scott Truman Cc: [EMAIL PROTECTED] Subject: Re: [SAtalk]

RE: [SAtalk] Moving bayes to a different server - not working

Thanks for your reply. Sheesh...how do I know what was 'running' on the other box or atleast what SpamAssassin was using? Cheers Scott -Original Message- From: Theo Van Dinter [mailto:[EMAIL PROTECTED] Sent: Thursday, 15 January 2004 4:54 p.m. To: Scott Truman Cc: [EMAIL

[SAtalk] Moving bayes to a different server - not working

am not getting any other perl module errors. Cheers Scott --- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on

Re: [SAtalk] Can you use a matched element in one rule against another match in a second rule?

On Wed, Jan 14, 2004 at 06:10:56PM -0500, Matt Kettler wrote: > At 05:46 PM 1/14/2004, Scott Lambert wrote: > >I would like to be able to match the forged HELO then use it in a > >variable for the two X-AntiAbuse lines. Possible? > > meta rules allow you to do boolean and or

[SAtalk] Can you use a matched element in one rule against another match in a second rule?

legit. I would like to be able to match the forged HELO then use it in a variable for the two X-AntiAbuse lines. Possible? -- Scott LambertKC5MLE Unix SysAdmin [EMAIL PROTECTED] --- This

Re: [SAtalk] New Ruleset Available!!! TRIPWIRE! You don't want to miss this o ne!

Just checking... but this file is supposed to go into the spamassassin directory with all the other .cf files, right? No futher config necessary? This looks like a great addition, but I've never added anything besides the 'out-of-box' cf settings. Please verify for us SA newbs.

[SAtalk] Re: New HTML spam body obfuscation.

ocument.write' rule in, with a low score, so that future mass-checks will notice if it starts to used/abused. The only other option is to run a javascript interpreter, because there are a near-infinite number of ways javascript could be used to create text. Scott -

[SAtalk] Obscured web site address using javascript

/SpamAssassin/javascript_address_spam.zip This is the page mozilla took me to when the mbox was uncompressed or gzipped. That's why I zip'ed it instead. Sorry for the hassle. http://oceantricks.com/?affiliate_id=231902&campaign_id=401 Advertising Generic V. and Cal(whatever that

RE: [SAtalk] Yahoo, etc

> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Mi > Sent: Friday, January 09, 2004 12:37 PM > To: [EMAIL PROTECTED] > Subject: Re: [SAtalk] Yahoo, etc > > > >users that are constantly reminding me that they get > "absolutely no spam" > >on th

[SAtalk] Eurika? A baysean model for dealing with bayes poison.

[1]--- both are the probability that a new token is a a hamsign, as a function of ham training set size. This model isn't a panacea, but it should provide solid advice in how to tune the bayes paramater that would do a good job at catching bayes poison. Would someone with a ham corpus do th

[SAtalk] Stopping SPAM with subjects like "Re: ABC, settled high under"

]{1,}, \w \w \w/ describe THE_2003_SPAM_PATTRN Subject is like "Re: AAA, words" scoreTHE_2003_SPAM_PATTRN 1.5 But it ain't workin'. Any thoughts? I'm sure it has to do with my regex. Thanks -scott --- This SF.

RE: [SAtalk] Bigevil 2.06f posted.

> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On > Behalf Of Upwood, Jim > Sent: Thursday, January 08, 2004 8:45 AM > To: Spamassassin-Talk (E-mail) > Subject: RE: [SAtalk] Bigevil 2.06f posted. > > I think he means smaller memory usage of the spamd proces

RE: [SAtalk] Useful to compare sender domain with relay?

eject anything where the relay > domain is not part of the sender domain? > Or would this be to restrictive? > > My first thoughs are of those with virtual domains hosted. > But you should be able to give the relay multiple names to > allow things to pass. Or so I would think? &g

RE: [SAtalk] send mail and spamassasin must be on the same machime

live testing, they need to be on the same machine. I'm sure someone will correct me if I'm wrong. Scott --- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System of

RE: [SAtalk] Bigevil 2.06f posted.

69549 newbe.cf Newbe.cf is your latest version, 2.06f. Granted, 4 lines isn't a big deal, but I'm still curious because each time it grows just a little. Scott --- This SF.net email is sponsored by: Perforce Software. Perforce is t

[SAtalk] Illinois Spam Law

Our new law as of 1/1/04, now if it was just enforceable !! http://www.spamlaws.com/state/il.html SCott At 10:13 AM 1/8/2004, Genchev, Sergei wrote: >I have some mail that was received by this particular user. I have put >the tarbal here: http://ns2.wananchi.com/~wash/SPAM/ and it

[SAtalk] Re: Making bigevil faster by finding common prefixes

ve almost no time, but I can try too do it if it would it be useful? You could write a simple perl script that converted from bigevil.domains to bigevil.cf by concatenating regexps together 30 at a time. Also, I gave some techniques to manage bigevil.domains-type files a few weeks ago. Scott

[SAtalk] Re: Spell Checking the Subject Header (RESULTS)

On Tue, 6 Jan 2004 20:34:13 -0800, Robert Menschel <[EMAIL PROTECTED]> writes: > I have just updated my masscheck script, so future reports should look > more like: > > score RM_u_UnsubscribePHP3.000 # Dec 2003; 218s/0h of 81383 corpus > > (65609s

[SAtalk] Re: Spell Checking the Subject Header (RESULTS)

ould others who report rules test results please state what percentage of their corpus is spam/ham? Scott --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for I

[SAtalk] Making bigevil faster by finding common prefixes

ings. If someone implements it, I can help debug. Scott --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from t

RE: [SAtalk] Bad Email Address

to just have sendmail reject them. That way the overhead of having to process them never exists. They are just thrown out. Scott --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills.

RE: [SAtalk] Smart SPAM

> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On > Behalf Of Billy Huddleston > Sent: Tuesday, January 06, 2004 9:28 AM > To: [EMAIL PROTECTED] > Subject: Re: [SAtalk] Smart SPAM > > I've got a complete list of domains that I used with some > procmail scr

[SAtalk] Smart SPAM

Below is a SPAM that came through with a score of 0.7. the only thing that hit was the DATE IN PAST What are the Best Practices with SA to be able to stop these in the future? Thanks SCott Date: Mon, 5 Jan 2004 18:08:21 -0500 From: "Sandra Dee" <[EMAIL PROTECTED]> To:

[SAtalk] Useful to compare sender domain with relay?

of the sender domain? Or would this be to restrictive? My first thoughs are of those with virtual domains hosted. But you should be able to give the relay multiple names to allow things to pass. Or so I would think? Scott --- This SF.net em

Re: [SAtalk] running SA on existing mail spools

checking | formail -s spamc -u ${SPLFILE} >> ${SPLFILE}; #UNLOCK the ${SPLFILE}; #RM or BACKUP or IGNORE ${SPLFILE}.checking; done; Or something like that. Error checking is left as an excersize for the reader. Additional pipelining could seperate into ${SPLFILE}.(spam|ham)

RE: [SAtalk] First spam directed to me at my SA email alias

>-Original Message- >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On >Behalf Of Peter Kiem >Sent: Monday, December 29, 2003 11:20 PM >To: [EMAIL PROTECTED] >Subject: Re: [SAtalk] First spam directed to me at my SA email alias >> track where the spam originates. Disappointing too b

[SAtalk] First spam directed to me at my SA email alias

the flood will begin. Well, at least SA caught it as spam. Scott << SPAM (7.118) Walk & Talk >> --- Begin Message ---     TO ORDER WALK & TALK ON-LINE - Press Here: ON-LINE STORE   For more information about SYGNET's Walk & Talk please conta

Re: [SAtalk] bayes.lock getting killed on a LONG sa-learn run

On Mon, Dec 29, 2003 at 12:20:33PM -0500, Kris Deugau wrote: > IMHO, kernel-level file locks are far cleaner, but I don't know whether > you can even do that cleanly with files accessed through DB_File. :/ Kernel locks don't work so well with NFS shared directories. -

Re: [SAtalk] Re: Having trouble coding a local rule

> Preferably not as if someone does forge it, then the mail goes straight > through... Isn't that what whitelist_from_rcvd is for? man Mail::SpamAssassin::Conf -- Scott LambertKC5MLE Unix SysAdmin [EMAIL PROTECTED] ---

Re: [SAtalk] odd problem with spamassassin missing messages...

bayes lock file to be left laying around which added a 10 second timeout to every message. I twigged to that when my 1.6GHz Athlon started averaging 10 seconds per message. None of my 4 day job spamd servers have had sig 6 issues with identical software configurations, and a lot more e-mail. --

Re: [SAtalk] Fwd: Rude Rape actions

t as spam. Make sure you use the RBL checks and the DCC and RAZOR2. Last, but not least, upgrade to SA 2.61 to improve your chances of catching a lot of the newer flavors of spam. -- Scott LambertKC5MLE Unix SysAdmin [EMAIL PROTECTED] -

[SAtalk] Re: Bigevil 2.05d posted and regex question....

tions with several optimizing tips that *would* help performance. May I suggest applying them? Scott --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free

Re: [SAtalk] The first spam to make it through since Friday...

area, 1 to 5 times in the body text area, 1 to 3 times > in the link text area, 1 to 4 times in the alt text area, and 1 to 5 in > the header text area. > > TrafficPost Newsletter 2003 All Rights Reserved. > > > > > To unsubscribe from the Traffic Post Newsletter HR

Re: [SAtalk] sa-learn from Exchange 2000

quot;The Hitch Hikers Guide to the Galaxy" series. Well worth the read! quiet here today as well ;-)) Happy Holidays one and all, Scott -- Scott V. Blomquist,A-SA-CN-NRKTINLC(tm) #2598 ITI/Bear&CoRochester, VT 802-767-3174(v) 802-767-3726(f) "Any

[SAtalk] List of products that use SA

ta on the SpamAssassin news site. I tottle on over to that site and have been searching for a while but don't see any list. Just a few mentions of various products. Any help appreciated. Scott --- This SF.net email is sponsored by:

[SAtalk] Re: We have big evil now we need big good...

e the whitelist each time any listed domain changed email providers. With one of the RMX proposals (where a domain can dns encode a list of smtp servers authorized to send email from the domain), it then is probably feasible. Scott --- This SF.ne

[SAtalk] Re: checking outgoing mail

misbehavior, but will cut it down by a factor of 30. Jeff, to answer your question, I don't know, but I do think it is a good question to ask. Scott --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or

RE: [SAtalk] Mailing lists and compliance verbage

Guide, and I think a few others. Thanks, Scott --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything fro

RE: [SAtalk] Mailing lists and compliance verbage

de, and I think a few others. Thanks, Scott --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell t

[SAtalk] Mailing lists and compliance verbage

rt adding such verbage to demonstrate their legitimacy? Scott --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything fr

RE: [SAtalk] Spammer causing Denial Of Service

> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On > Behalf Of Scott Williams > Sent: Thursday, December 18, 2003 11:10 PM > To: Scott Williams > Cc: Spamassassin-List > Subject: [SAtalk] Spammer causing Denial Of Service > >

[SAtalk] Spammer causing Denial Of Service

I was looking at the SA logs and noticed how a spammer would open up multiple sessions all to one target address. He opened 15 sessions in 10 seconds and proceded to hold them for 5 minutes until I timed out on the connections. So for 5 minutes my filter was essentially rendered useless since I

RE: [SAtalk] bigevil 2.04 posted

> routing. Now with ipchains, that sort of thing might be feasible? > > Back in the old days I easily accomplished adding hundreds of individual IPs to a cisco 2501 with the unix shell utility expect. Scott --- This SF.net email

RE: [SAtalk] SpamAssassin and SendMail

r so AV > clients, HTML strippers, web bug removers, etc. > > Justin > I too love this combo and have a question for the group. I was thinking of documenting my configuration over the holiday break. Do people generally feel this would be useful? Basically, I don't want to sp

Re: [SAtalk] SpamAssassin 2.61 released!

it? ;-) I'm using SORBS, NJABL and MAPS. 3) Disable network checks (-L for spamd). For some reason, Razor and Pyzor shot my times into the 10sec range after I upgraded. These weren't doing very much for us anyway. Good luck! Scott --

[SAtalk] Re: Clever spam (first of many, I'm afraid...)

any unknown but popular phrases or patterns. > A really smart spammer would examine the algorithms, and design > algorithms of his own to morph the message enough to defeat them. Exactly. SA is itself a recipee for messages that can bypass it. Scott

[SAtalk] Re: RD: "justified" HTML

's a Perl efficiency thing. If you are confident that your rule > works OK, you may want to change it slightly to avoid the braces. Look > in the archives for recent postings from Scott A Crosby. > <http://search.gmane.org/search.php?group=gmane.mail.spam.spamassassin.general&que

[SAtalk] Re: Clever spam (first of many, I'm afraid...)

that we don't have to necessarily detect obfuscation and bayes poison. If we can just keep the spammers from hiding it from the customers. Once the email turns into line-noise like: Now you=20 can have=20 HUNDREDS of=20 lenders compete=20 for your loan! RATES AS LOW=20 then the sp

[SAtalk] Re: Clever spam (first of many, I'm afraid...)

ing automata techniques to match hundreds/thousands of re's in parallel in effectively a single pass. If you write a perl module implementing them, I am confident that SA will use it. See some of my posts over the last 10 days for references. If af

Re: [SAtalk] Virginia Busts Spammers

If you see two spammers hang hopefully a 100 will stop or atleast move off shore. SCott At 01:40 PM 12/12/2003, Larry Rosenman wrote: --On Friday, December 12, 2003 14:33:34 -0500 Greg Cirino - Cirelle Enterprises <[EMAIL PROTECTED]> wrote: No noticeable decrease in spam here..

[SAtalk] Virginia Busts Spammers

http://www.cnn.com/2003/TECH/internet/12/12/spam.charges/index.html --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything fr

[SAtalk] Re: [RD] raw/rare/folded/plain/alphed body/subject rende ring streams

On Thu, 11 Dec 2003 08:42:16 -0800, "Gary Funck" <[EMAIL PROTECTED]> writes: > > > > > One implementation might be to convert the rewrite rules into an > > > equivalent flex description, and let flex generate the automaton in > > > C. Compile

[SAtalk] Re: Detecting strings of Gibberish

rucjj ybxegs > > > Has anyone developed a rule that can detect this sort of thing? > Perhaps a check for consecutive words, at the end of the body, > none of which are in a dictionary? Perhaps useful, but only a short-term fix, then they'll

[SAtalk] Re: [RD] raw/rare/folded/plain/alphed body/subject rende ring streams

f current position is within 20 of marked position for foo and record a rule match if so.} which combined with rules like 'foo.{,20}baz' 'bang.{,20}bar', etc. just excaberates the problem of flex not supporting multiple matches or overlapping matches. Scott ---

[SAtalk] Re: [RD] raw/rare/folded/plain/alphed body/subject rende ring streams

is would be a problem for the perl regexp engine that SA uses, but not for an automata based matcher like what I have been proposing and implementing. On the plus side, this sort of regexp transformation is fully automatable. The really plus side is that it can transform *all* rules and

RE: [SAtalk] Help with Mark Motley's perl script

is: # login to imap server my $imap = Mail::IMAPClient->new (Server=>$imapserver, User=>$uid, Password=>$pwd, Debug=>$debug) or die "Can't connect to [EMAIL PROTECTED]: $@ $\n"; When I tried the above version it seemed to get confused that there was a User a

[SAtalk] Re: Habeas test

rder to engage in anticompetetive lock-in. IE, to require payment from people wishing to produce games, people who didn't pay would be forced to commit 'trademark and copyright infringement'. The lock-in failed. http://www.lgu.com/cr46.htm Scott ---

RE: [SAtalk] IMAP only?

generate custom rules. I'm not the admin for these boxes so I don't have a lot of details on the configuration of sendmail. I hope this is enough to get you started. -- Scott -Original Message- From: David Smith [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 10:42 AM

[SAtalk] Re: Generic V-whatever drug with no GV rule hits (fwd)

ll kill > > performance because Perl cannot apply the literal optimization, > > especially if they're applied widely. (There's more than just Vx > > -- most of the phrase rules need this sort of treatment.) > > > > Scott > > Scott, > If it&#x

[SAtalk] [RD] Help with Subject rule

When I run the same expression with egrep it picks up the messages as expected. -- Scott --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials.

[SAtalk] Re: Generic V-whatever drug with no GV rule hits (fwd)

additional matching time, especially with an automata. In practice though, these sorts of rules will kill performance because Perl cannot apply the literal optimization, especially if they're applied widely. (There's more than just Vx -- most of the phrase rules need this sort of treat

  1   2   3   4   >