A thought: now that spammers are using SPF to "legitimize" their email,
could *we* use it as a means to shut them down sooner?
I.E.: get an email that passes SPF, and scores high. Look at the
relevant SPF record and blacklist/high-score all of the hosts it states
are valid sources for that sender
On Friday, September 10, 2004, 10:40:39 AM, Pete McNeil wrote:
> On Friday, September 10, 2004, 1:13:38 PM, Jeff wrote:
JC>> Thanks for your comments. By "recursive domain additions" to you
JC>> mean to initiate a proactive search of domains within a given
JC>> network? What I'm proposing is not
On Friday, September 10, 2004, 11:08:53 AM, Chris Santerre wrote:
> Did Yahoo tighten up? how come yahoo redirects aren't listed?
IIRC one or both of them closed of their redirectors.
Metamark and SnipURL are using SURBLs to deny abusers
access to their redirection services also. We hope more
do
Hello,
Anyone have ideas why I'd be seeing these messages all of a sudden on
a 2.64 installation with no changes?
Sep 10 18:07:49 s15111287 MailScanner[28540]: SpamAssassin timed out
and was killed, failure 13 of 20
Sep 10 18:07:50 s15111287 MailScanner[28540]: Virus and Content
Scanning: Startin
>-Original Message-
>From: Theo Van Dinter [mailto:[EMAIL PROTECTED]
>Sent: Friday, September 10, 2004 2:30 PM
>To: [EMAIL PROTECTED]
>Subject: Re: Catching Windows executables as attachments
>
>
>On Fri, Sep 10, 2004 at 03:48:17AM -0700, Loren Wilton wrote:
>> > First, the body-mime head
> I just thought I'd try enabling DCC again with 'rc4' and also (still)
> get the same error message:
>
> Sep 10 11:25:57 ukiah dccproc[43025]: missing message body;
> fatal error
>
> Has anybody got DCC working with 3.x? Reset my old 2.63 up
> again and DCC
> works fine.
>
> On Wed, Jul 21, 2
On Fri, 2004-09-10 at 13:38, Michael Hall wrote:
> I just thought I'd try enabling DCC again with 'rc4' and also (still)
> get the same error message:
>
> Sep 10 11:25:57 ukiah dccproc[43025]: missing message body; fatal error
>
> Has anybody got DCC working with 3.x? Reset my old 2.63 up again a
On Fri, Sep 10, 2004 at 11:38:33AM -0700, Michael Hall wrote:
> I just thought I'd try enabling DCC again with 'rc4' and also (still)
> get the same error message:
>
> Sep 10 11:25:57 ukiah dccproc[43025]: missing message body; fatal error
>
> Has anybody got DCC working with 3.x? Reset my old 2.
I just thought I'd try enabling DCC again with 'rc4' and also (still)
get the same error message:
Sep 10 11:25:57 ukiah dccproc[43025]: missing message body; fatal error
Has anybody got DCC working with 3.x? Reset my old 2.63 up again and DCC
works fine.
On Wed, Jul 21, 2004 at 03:33:16PM -0400
On Fri, Sep 10, 2004 at 03:48:17AM -0700, Loren Wilton wrote:
> > First, the body-mime headers aren't typically visible to the user via MUA,
> > so they're not included in the data that the standard rules run against.
>
> and yet they are considered one of the more important spam indicators. Lack
>-Original Message-
>From: Jeff Chan [mailto:[EMAIL PROTECTED]
>Sent: Friday, September 10, 2004 10:06 AM
>To: Spamassassin
>Subject: Re: SURBL
>
>
>On Friday, September 10, 2004, 5:31:48 AM, John Fleming wrote:
>> Of course, I have another question - Should I enable the redirects??:
>
>>
>-Original Message-
>From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
>Sent: Friday, September 10, 2004 1:05 PM
>To: Jeff Chan
>Cc: SURBL Discussion list (E-mail); Spamassassin-Talk (E-mail)
>Subject: Re: Start an IP list to block?
>
>
>-BEGIN PGP SIGNED MESSAGE-
>Hash: SHA1
>
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Don Saklad wrote:
| Thank you Adam Lanier !
|
| The emacs rmail is run in a plain text terminal window with ssh to the
| university.
|
| Eli Tziperman appears to use a graphical set up.
|
No graphical setup necessary. I just followed the directions from
and my dbase has a good number of entries:
sa-learn --dump| head
0.000 0 2 0 non-token data: bayes db version
0.000 0 04 0 non-token data: nspam
0.000 0 237785 0 non-token data: nham
0.000 05807722
On Friday, September 10, 2004, 1:13:38 PM, Jeff wrote:
JC> Thanks for your comments. By "recursive domain additions" to you
JC> mean to initiate a proactive search of domains within a given
JC> network? What I'm proposing is not to actively try to search,
JC> but simply to bias the inclusion of
On Friday, September 10, 2004, 9:00:16 AM, Pete McNeil wrote:
> On Friday, September 10, 2004, 10:43:39 AM, Jeff wrote:
JC>> What I'm talking about is an internal process where we keep track
JC>> of resolved IP addresses and use that to add new domains to
JC>> SURBLs sooner if they resolve to a si
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jeff Chan writes:
> On Friday, September 10, 2004, 7:27:06 AM, Chris Santerre wrote:
> > WOW! I think this would hit more FPs then listing the IP! Am I wrong there!
> > I would never list the name server, as they may be hosting for much more
> > then
Hello Thompson´s,
Friday, September 10, 2004, 5:57:29 AM, you wrote:
TM> Hi all!
TM> I´m using in my server SpamAssassin 2.64, and I would like to
TM> know as to get best performance with the system. I´m not use
TM> auto-lern, just rules in files cf.
TM> Exists some configuration to improve
It seems to me that Jeff is talking about a way of implementing what
Chris is talking about.
If not, then it still seems like a great compromise! I love the idea!
Kris
-Original Message-
From: Jeff Chan [mailto:[EMAIL PROTECTED]
Sent: Friday, September 10, 2004 9:44 AM
To: SURBL Discus
Thank you Tom Meunier !
How to use procmail is the next project !
In the meantime, users without any mastery can use
esc-s
rmail-summary-by-regexp
and
the keywords or partial keywords at
http://zork.net/~dsaklad/usabilityspamassassin.html
Thank you Adam Lanier !
The emacs rmail is run in a plain text terminal window with ssh to the
university.
Eli Tziperman appears to use a graphical set up.
On Friday, September 10, 2004, 10:43:39 AM, Jeff wrote:
>> Holy confusion! I can't tell where you are on this subject now Jeff :)
JC> If you're talking about adding resolved IP addresses to SURBLs,
JC> no we're not going to do that. :-(
JC> What I'm talking about is an internal process whe
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Don Saklad wrote:
| Thank you for the information folks !
|
| Have any of you nice folks any further information or references that
| would be of any use to people using emacs rmail with no mastery of
| computers trying to see what they can do with the
I'm no expert, but it looks like it is timing out on 'gethostbyname'
looking up the host names of the IP addresses in the received headers.
I'd recommend making sure that DNS forward and reverse lookups are
working properly on your system.
Sebastian Szuber wrote:
Hi!
I have amavisd-new-2.1.1
Don Saklad wrote:
Thank you for the information folks !
Have any of you nice folks any further information or references that
would be of any use to people using emacs rmail with no mastery of
computers trying to see what they can do with the spamassassin headers
set up for them on the system by te
Thank you for the information folks !
Have any of you nice folks any further information or references that
would be of any use to people using emacs rmail with no mastery of
computers trying to see what they can do with the spamassassin headers
set up for them on the system by technophiles !?...
Hi!
I have amavisd-new-2.1.1 and SpamAssasin 2.64 working with postfix 2.1.4
on Debian 3.0r2.
It sometimes works well:
/usr/local/sbin/amavisd[4648]: (04648-06) calling SA parse, SA version 2.64
/usr/local/sbin/amavisd[4648]: (04648-06) CALLING SA check
/usr/local/sbin/amavisd[4648]: (04648-06) R
Hi!
I have amavisd-new-2.1.1 and SpamAssasin 2.64 working with postfix 2.1.4
on Debian 3.0r2.
It sometimes works well:
--
Sebastian Szuber
Alma Internet SA
ul. Polska 80
60-401 Poznań
tel: (061) 8454-150
fax: (061) 8454-151
e-mail: [EMAIL PROTECTED]
smime.p7s
Description: S/MIME Cryptographic
>>On Thursday, September 9, 2004, 2:26:37 PM, Chris Santerre wrote:
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Are their NS records listed in the SBL?
- --j.
>>
>>> No, but extremely easy to add. HoweverI'm not sure Jeff
>>would like that.
>>> Would have to be a sepera
>-Original Message-
>From: Jeff Chan [mailto:[EMAIL PROTECTED]
>Sent: Thursday, September 09, 2004 6:16 PM
>To: SURBL Discuss; SpamAssassin Users
>Subject: Re: [SURBL-Discuss] RE: Start an IP list to block?
>
>
>On Thursday, September 9, 2004, 2:26:37 PM, Chris Santerre wrote:
>
>
>>>
On Friday, September 10, 2004, 7:33:10 AM, Chris Santerre wrote:
>>From: Jeff Chan [mailto:[EMAIL PROTECTED]
>>On Thursday, September 9, 2004, 5:34:05 PM, Jeff Chan wrote:
>>> My first pass at cleaning the resolved IP data would be to take
>>> the to 70th percentile of IP addresses and only use th
Henry Kwan wrote:
Hi. A friend of mine runs a website which allows users to email each other
using a form but the email that gets spit out triggers a few of SA's rules.
The main culprit seems to be MIME_HEADER_CTYPE_ONLY along with a few others
so the total score is around 6-ish, which is just
On Friday, September 10, 2004, 7:27:06 AM, Chris Santerre wrote:
> WOW! I think this would hit more FPs then listing the IP! Am I wrong there!
> I would never list the name server, as they may be hosting for much more
> then just a spammer. That number is sure to be greater then a virtual hosts
> n
>-Original Message-
>From: Jeff Chan [mailto:[EMAIL PROTECTED]
>Sent: Thursday, September 09, 2004 8:44 PM
>To: Jeff Chan
>Cc: Pete McNeil; SURBL Discussion list; Spamassassin-Talk
>Subject: Re: Start an IP list to block?
>
>
>On Thursday, September 9, 2004, 5:34:05 PM, Jeff Chan wrote:
>
>-Original Message-
>From: Matt Kettler [mailto:[EMAIL PROTECTED]
>Sent: Thursday, September 09, 2004 5:53 PM
>To: Chris Santerre; SURBL Discussion list (E-mail)
>Cc: Spamassassin-Talk (E-mail)
>Subject: RE: Start an IP list to block?
>
>
>At 05:23 PM 9/9/2004, Chris Santerre wrote:
>>OOO
On Friday, September 10, 2004, 5:31:48 AM, John Fleming wrote:
> Of course, I have another question - Should I enable the redirects??:
> # open redirect resolution off by default
> # spamcop_uri_resolve_open_redirects 1
> open_redirect_list_spamcop_uri snurl.com *.snurl.com
> open_
At 07:31 AM 9/10/2004, Gustafson, Tim wrote:
What I'm worried about is that I have so many more SPAM than HAM messages.
Is this dangerous?
No, in fact it's closer to optimal than a 50-50 mix is...
Remember, Bayes is a statistical system.. Statistics work best when they
are as close to reality as p
On Thu, 9 Sep 2004 14:24:57 -0400, Theo Van Dinter <[EMAIL PROTECTED]> wrote:
> On Thu, Sep 09, 2004 at 01:51:24PM -0300, Mariano Absatz wrote:
> > And how does the plugin (or spamcopuri) knows what to look up?
> > Does it use only the 2ndLD for gTLDs?
>
> I can't speak for the 2.6x patch version,
Hi all!
I´m using in my server SpamAssassin 2.64, and I would like to know as to get
best performance with the system. I´m not use auto-lern, just rules in files
cf.
Exists some configuration to improve performance? Any URL or Docs ?
Tks!
Thompson
OK, I seem to have SpamCopURI working:
* 2.1 WS_URI_RBL URI's domain appears in ws database at ws.surbl.org
* [mail-svcs.com is blacklisted in URI RBL at]
[multi.surbl.org]
* 2.1 OB_URI_RBL URI's domain appears in ws database at ob.surbl.org
* [mail-svcs.com is blacklisted in URI RB
Are you autotraining or manually training? If the former try manual
training. I've never used the automatic training here. It seems to be
based on circular logic. It reinforces initial bad guesses about what
is spam and what is ham. And right off on an install has Spam Assassin
er ah "not doing ver
Just wondering - has anyone already backported SPF support into SA 2.64?
/Per
--
Per Jessen, Zurich
Let your spam stop here -- http://www.spamchek.com
Hello
My Bayes filter has been learning beautifully. There is just one problem:
more than 70% of my e-mail, on average, gets tagged as SPAM. In just 13
days of Bayes auto-learning, I have amassed the following SPAM/HAM messages
(via the sa-learn --dump magic command):
0.000 0
> From: "Theo Van Dinter" <[EMAIL PROTECTED]>
>
> There's a few things here.
>
> First, the body-mime headers aren't typically visible to the user via MUA,
> so they're not included in the data that the standard rules run against.
Normal headers in their full glory also aren't typically visible to
* Lucas Albers <[EMAIL PROTECTED]>:
> I've had good results doing bayes learn_to_journal and then running a
> rebuild every hour.
Whoa, hourly? I can try that.
> This runs quick, even with concurrent access's.
> Bayes get's updated quickly.
> Bayes is only locked for a few seconds every hour, le
On Thu, Sep 09, 2004 at 11:13:49AM -0500, ROY,RHETT G wrote:
> You could block them with your MTA (Postfix, Qmail etc).
In exim with exiscan-acl:
deny message = $found_extension files are not accepted here \n \
If you have questions please contact [EMAIL PROTECTED]
demime = com
Hate to reply to myself, but...
> try checking the syslong configuration file and its manpage. It's all there.
oops... s/syslong/syslog/
Regards,
Carlos.
Hi,
try checking the syslong configuration file and its manpage. It's all there.
Regards,
Carlos.
I know that WinSpamC.exe (on SourceForge) works fine with SA 3.0.
I have it on two computers (one Win XP Pro, the other Win 2K Server) hitting
against a SuSE Linux 9.0 server using SpamAssassin 3.0.0-rc3 spamd service
just fine. Approximately 600 messages an hour are processed. Full checking
(DC
Matt Kettler said:
> At 07:02 PM 9/9/2004 -0500, John Fleming wrote:
>>I got a spam that scored 100 for this:
>>
>>* 100 USER_IN_BLACKLIST From: address is in the user's black-list
>>
>>But I don't have any blacklist to my knowledge. I do site-wide
>> filtering,
>>and the mail was for me. Explana
Setup:
Slackware-10.0, 2.4.26 kernel
Postfix-2.1.4
procmail
SpamAssassin-2.64
SA invoked from within procmail
MUA: pine-4.60
This is an unplanned upgrade from my former Red Hat
7.3/postfix-2.0.19/SpamAssassin-something when the hard drives failed
At 07:02 PM 9/9/2004 -0500, John Fleming wrote:
I got a spam that scored 100 for this:
* 100 USER_IN_BLACKLIST From: address is in the user's black-list
But I don't have any blacklist to my knowledge. I do site-wide filtering,
and the mail was for me. Explanations? Tnx - John
Clearly that's the
Theo Van Dinter wrote:
On Thu, Sep 09, 2004 at 08:09:52PM -0400, Rick Macdougall wrote:
Very cool. One question though. Can spamc V 2.6x connect over tcp to a
spamd V 3.x server ? I'd love to test it but I don't want to have to
upgrade 4 or 5 spamc servers that connect to our main spamd serve
- Original Message -
From: "Jeff Chan" <[EMAIL PROTECTED]>
> Would you care to share some of your strategies, perhaps off
> list?
Share his strategies, yes, but also check out his product. MessageSniffer,
it's a truly awesome spam-filtering product and runs very efficiently on
Linux/BSD
On Thu, Sep 09, 2004 at 08:09:52PM -0400, Rick Macdougall wrote:
> Very cool. One question though. Can spamc V 2.6x connect over tcp to a
> spamd V 3.x server ? I'd love to test it but I don't want to have to
> upgrade 4 or 5 spamc servers that connect to our main spamd server if it
> happens
On Thursday, September 9, 2004, 5:34:05 PM, Jeff Chan wrote:
> My first pass at cleaning the resolved IP data would be to take
> the to 70th percentile of IP addresses and only use those to
> check domain resolved IPs to. It's not perfect, but it should
> cut down on the uncertainty.
I should add
On Thursday, September 9, 2004, 4:22:18 PM, Pete McNeil wrote:
> On Thursday, September 9, 2004, 6:22:39 PM, Scott wrote:
SAC>> How does this sound? Combine spamtraps with SURBL, using the IP as a
SAC>> hint to fully automatically add on the new domain. If a spamtrap email
SAC>> includes a URL tha
Theo Van Dinter wrote:
*** THIS IS A RELEASE CANDIDATE ONLY, NOT THE FINAL 3.0.0 RELEASE ***
SpamAssassin 3.0.0-rc4 is released! SpamAssassin 3.0.0 is a major update and
includes a number of new email and anti-spam technologies.
SpamAssassin is a mail filter which uses advanced statistical and
heu
- Original Message -
From: "Chris Santerre" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>; "Spamassassin users"
Sent: Thursday, September 09, 2004 2:07 PM
Subject: RE: rules_du_jour
>
>
> >-Original Message-
> >From: John Fleming [mailto:[EMAIL PROTECTED]
> >Sent: Thursday, Septe
Hi. A friend of mine runs a website which allows users to email each other
using a form but the email that gets spit out triggers a few of SA's rules.
The main culprit seems to be MIME_HEADER_CTYPE_ONLY along with a few others
so the total score is around 6-ish, which is just enough to kick it
I got a spam that scored 100 for this:
* 100 USER_IN_BLACKLIST From: address is in the user's black-list
But I don't have any blacklist to my knowledge. I do site-wide filtering,
and the mail was for me. Explanations? Tnx - John
For me, the local username, not the fully-qualified email address.
/jason
> On Thu, 9 Sep 2004 11:37:19 -0400 (EDT)
> "Jason Levine" <[EMAIL PROTECTED]> wrote:
>
>
>> Michael, I did the Bayes --backup from DB and --restore to SQL, and
>> it imported it all in as each specific user. That is to sa
62 matches
Mail list logo