Matt,
try enabling razor, pyzor and dcc. You might also want to try the iXhash
plugin I did some time ago (if you run a 3.1.x installation. See
http://wiki.apache.org/spamassassin/iXhash for ore info on that and drop
me a mail if you use it so I can get in touch)
Those image only spams in fact
Someone over on the mimedefang list is working on an OCR mechanism for
scanning the image to text.
Another person also brought up the idea of hashing the images and doing
something like an IRBL or razor approach, but everyone came to the same
conclusion you're coming to now.
But there w
I'm not sure I understand what the problem is. It looks like SA is
putting the spam tag in the comment part of the From header which seems
like a reasonable place to put it.
Are you saying that you want to put it in the full name section instead?
Perhaps your MUA won't display both a comment
Title: RE: standard vs SARE rules
>
> From that I would infer that the SARE stock ruleset is the
> most effective -
> it was responsible for 5 out of 163 spams being identified.
> That leaves the
> other files I use - 70_sare_bayes_poison_nxm.cf, 70_sare_html0.cf,
> 70_sare_obfu0.cf, 70
Title: RE: standard vs SARE rules
>
> WooHoo! 70_sare_stocks.cf hits my favorite number! Sorry just
> had to say
> that! 8*))
>
> And of course that means it is working good too!
>
> For those who don't know I'm the maintainer of that SARE ruleset.
Yeahbut which rules in the stock
pushed it over the required hits threshold. Sound good? So, out of 163
spam
messages, here's the files that pushed spams over the edge (files with no
rules that pushed over the threshold are omitted):
Correction: that should've been 3481 spam messages.
Hi,
as Rob McEwen already pointed out Bill Stearns offered image hash data
for such a project. I did write such a plugin (Bill did publish his data
via DNS, thanks again!) but am somewhat disappointed by the results (so
I didn't bother publishing the plugin).
The point is that the most annoyin
Mike, I suspect you are using the wrong criterion in removing some of the
rules. Unfortunately none of the log readers seem to store the most
interesting bit of information. How many times did the SARE rules make a
critical difference between marking a spam message as spam? I find they
are a criti
No, but you should see some of the other crap we do!
>>> Matt Kettler <[EMAIL PROTECTED]> 4/21/2006 1:07:28 pm >>>
Is there any chance anyone did something foolish like copy 50_scores.cf
to
/etc/mail/spamassassin?
Tracey Gates wrote:
> I had those as well and I went into the 50_scores.cf and commented out
> those rules that are listed as non-existent.
Where'd you get your SA?
Those shouldn't be there for SA 3.1.x.
>
>
>
> Tracey Gates
> Lead Developer
> [EMAIL PROTECTED]
>
>
>
> -Original Mess
Clay Davis wrote:
> When I --lint my rule set I get the warnings below; however, I do see a
> corresponding rule score in 50_scores.cf for each:
>
> warning: score set for non-existent rule DRUG_ED_ONLINE
> warning: score set for non-existent rule SUBJECT_DRUG_GAP_VIC
> warning: score set for non-
Brian S. Meehan wrote:
> So, no one is going to tackle this one?
> Must be too easy for y'all to answer. ;-)
> (a little friday humor)
No, it's just nothing any of us have ever wanted to do.
Question:
If you don't want the subject tagged, why not disable header re-writing entirely
and filter int
I had those as well and I went into the 50_scores.cf and commented out
those rules that are listed as non-existent.
Tracey Gates
Lead Developer
[EMAIL PROTECTED]
-Original Message-
From: Clay Davis [mailto:[EMAIL PROTECTED]
Sent: Friday, April 21, 2006 11:28 AM
To: users@spamassassin.
So, no one is going to tackle this one?
Must be too easy for y'all to answer. ;-)
(a little friday humor)
Brian
Original Message
Subject: Rewriting header fields help please
From:"Brian S. Meehan" <[EMAIL PROTECTED]>
Date:Wed, Apri
When I --lint my rule set I get the warnings below; however, I do see a
corresponding rule score in 50_scores.cf for each:
warning: score set for non-existent rule DRUG_ED_ONLINE
warning: score set for non-existent rule SUBJECT_DRUG_GAP_VIC
warning: score set for non-existent rule SUBJECT_DRUG_GAP
David Landgren wrote:
> Bowie Bailey wrote:
>
> [...]
>
> > > An alternative solution would be this:
> > >
> > > /style="[^>]+color:blue/
> >
> > This looks better. It is probably less resource-intensive than
> > your previous attempt and is definitely easier to read. But why
> > are you look
Mike, I suspect you are using the wrong criterion in removing some of the
rules. Unfortunately none of the log readers seem to store the most
interesting bit of information. How many times did the SARE rules make a
critical difference between marking a spam message as spam? I find they
are a criti
RE: A need for IRBL?
I seem to recall that Bill Stearns (the admin for the "ws" portion of
www.surbl.org) sent out an offer for anyone interested in helping him with
just such a project... but I think he was only going to do it if he could
get a few people to help with it.
http://www.stearns.org/
Matt
Make sure you've got the URI-RBLs working (check the plugins in init.pre and
v310.pre) and also maybe add the URI-Black in to the mix as well..
http://www.uribl.com/
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
> -Original Message-
> From
John D. Hardin wrote:
> All:
>
> A few posts back was a suggestion for checking the MD5 checksum of
> attached images against a blacklist to catch the current wave of
> attached-image-only stock pump-and-dump scam spams.
>
> Taking that to its logical conclusion suggests the creation of a
> publi
Hi,
We have received a large quantity of spam that is nothing but a large
image. Spamassassin is tagging it a little because it is an image,
and only an image, however I'm wondering how other people are
handeling this type of spam?I don't want to score mail that is
just an image with a very hi
All:
A few posts back was a suggestion for checking the MD5 checksum of
attached images against a blacklist to catch the current wave of
attached-image-only stock pump-and-dump scam spams.
Taking that to its logical conclusion suggests the creation of a
public Image Realtime Block List along the
Bowie Bailey wrote:
[...]
An alternative solution would be this:
/style="[^>]+color:blue/
This looks better. It is probably less resource-intensive than your
previous attempt and is definitely easier to read. But why are you
looking for > when you anchor the beginning with a quote?
How ab
Jeremy Fairbrass wrote:
>
> Let's say I want to use regex to search for the phrase "color:blue"
> within a tag as in the example below (just a made-up example
> for the sake of this question):
>
>
>
> In this case, the "color:blue" part is preceeded by some other text
> ("border:0px") after th
Ramdas Phutane wrote:
> On 4/19/06, Matt Kettler <[EMAIL PROTECTED]> wrote:
>> Michael Monnerie wrote:
>>> On Dienstag, 18. April 2006 17:20 Carl Chipman wrote:
>>>
I'm getting a bunch of these
X-Spam-Status: No, hits=3.6 required=6.0
tests=BAYES_50: 1.567,HTML_70_80: 0.039,HTML
Jeremy Fairbrass wrote:
[...]
So one possible solution would be the following:
/style="(.(?!color))+.color:blue/
Eeep!
In other words, after the first " (quote mark) it looks for any character
NOT followed by the word "color", and repeats that with the + character,
until it gets to the ac
Hi all,
I wonder if one of you regex gurus might be able to give me some advice
regarding the most efficiant way of writing a particular rule
Let's say I want to use regex to search for the phrase "color:blue" within a
tag as in the example below (just a made-up example for the sake of
thi
Jeremy Fowler wrote:
> Here is my /etc/rulesdujour/config, its a modified version of the
> file from Gentoo Portage.
>
> As you can see, I use them all. I've had very little, if any, false
> positives at my location. It doesn't really matter how high the spam
> scores, just keep an eye out for fa
Here is my /etc/rulesdujour/config, its a modified version of the file from
Gentoo Portage.
As you can see, I use them all. I've had very little, if any, false positives
at my location. It doesn't really matter how high the spam scores, just keep an
eye out for false positives.
I too am usin
On Freitag, 21. April 2006 06:17 Dave Augustus wrote:
> That sounds like a script I am interested in- Can you send me a copy?
/me 2
mfg zmi
--
// Michael Monnerie, Ing.BSc- http://it-management.at
// Tel: 0660/4156531 .network.your.ideas.
// PGP Key: "lynx
Ramprasad wrote:
> Hi,
> I am using SA 3.1.0 ( + many SARE rulesetes ) for my Antispam cluster
> of machines. We get a huge traffic and by and large the solution works
> fine. Only problem is when legitimate senders use dialups etc. Their
> source IPs get listed in a lot of BL's and in effect the
Hi,
I am using SA 3.1.0 ( + many SARE rulesetes ) for my Antispam cluster
of machines. We get a huge traffic and by and large the solution works
fine. Only problem is when legitimate senders use dialups etc. Their
source IPs get listed in a lot of BL's and in effect their mails get
marked spam.
Nevermind, figured it out, it was already doing it.
Thanks
-Original Message-
From: Ronnie Tartar [mailto:[EMAIL PROTECTED]
Sent: Friday, April 21, 2006 5:50 AM
To: users@spamassassin.apache.org
Subject: RE: Good ruleset
Is ther anyway to put the spam score in the header of everymail?
Is ther anyway to put the spam score in the header of everymail? Seem to be
getting a lot of spam through the filter, just want to see what kind of
scoring it is getting on everything.
Thanks
-Original Message-
From: jdow [mailto:[EMAIL PROTECTED]
Sent: Friday, April 21, 2006 12:21 AM
Matt Kettler writes:
> Dan wrote:
> > Thanks Matt,
> >
> > That certainly would explain my problem. The entry is listed near the
> > bottom of this page:
> >
> > http://bmrc.berkeley.edu/resources/how_to/email/Mail_SpamAssassin_Conf.html
> >
> >
> > Checking Google, its the only page in the world
35 matches
Mail list logo
