Meta's allow > operators for + sets, such as:
meta TEST_2 (__TEST_PP + __TEST_QQ + __TEST_RR > 1)
But when stacked into a progressive array:
meta TEST_2 (__TEST_PP + __TEST_QQ + __TEST_RR > 1)
meta TEST_3 (__TEST_PP + __TEST_QQ + __TEST_RR > 2)
meta TEST_4 (
> What I don't get is who in his/her right mind would respond to a piece of
spam
> that uses so much obfuscation as to be almost unreadable. But, as they
say,
> if it didn't work nobody would be doing it.
Perhaps spammer's targets are poor enough at grammar and spelling that they
don't realize th
No. You can set up your own rbldnsd, but that's about as close as
you get.
Most of us who have an explicit IP or IP range we want to block either
use our firewalls, or our MTA access controls to deny the message
before
it ever gets delivered. This saves us considerable bandwidth and
processi
> Yeah ... the university got a fairly good deal on our per-user costs
> for Sophos. I doubt I'd buy it for personal use, either.
They don't have a consumer product. They sell exclusively to the
business/government/education sectors.
We use sophos on the desktop and on the mail server, called fr
- Original Message -
From: "jdow" <[EMAIL PROTECTED]>
From: "" <[EMAIL PROTECTED]>
I can say that the best, and most affordable, anti-virus package I have
ever used was RAV. Until is
was bought out by Microsoft. I have since been using ClamAV but it sure
uses allot of RAM.
Wh
From: "" <[EMAIL PROTECTED]>
I can say that the best, and most affordable, anti-virus package I have ever used was
RAV. Until is
was bought out by Microsoft. I have since been using ClamAV but it sure uses allot of
RAM.
What do you use?
ClamAV via the SpamAssassin ClamAV plugin. That
From: "Bowie Bailey" <[EMAIL PROTECTED]>
Matt Kettler wrote:
Bowie Bailey wrote:
>
> The Bayes rules are not individual unrelated rules. Bayes is a
> series of rules indicating a range of probability that a message is
> spam or ham. You can argue over the exact scoring, but I can't see
> an
Dan wrote:
>> SA does support ordinary DNS based blacklists using A record or TXT
>> record queries.
>
> Is there a text file way to do it, like?:
>
> header TEST1 CIDR /151.44.165.138\/24/
No. You can set up your own rbldnsd, but that's about as close as you get.
Most of us who have an explicit
From: "Matt Kettler" <[EMAIL PROTECTED]>
Bowie Bailey wrote:
Matt Kettler wrote:
It is perfectly reasonable to assume that most of the mail matching
BAYES_99 also matches a large number of the stock spam rules that SA
comes with. These highly-obvious mails are the model after which
most SA rul
Hello,
At the moment i have installed 3.0.4 over Yast. I try to install SA 3.1.1
(Suse 9.3 with Qmail and Plesk 7.5.3), but I get a lot of errors linke this:
May 1 17:55:48 h825672 spamd[18926]: connection from
hxxx.serverkompetenz.net [127.0.0.1] at port 42593
May 1 17:55:48 h825672 spamd[
From: "Bowie Bailey" <[EMAIL PROTECTED]>
jdow wrote:
From: "Bart Schaefer" <[EMAIL PROTECTED]>
>
> On 4/29/06, Matt Kettler <[EMAIL PROTECTED]> wrote:
> > In SA 3.1.0 they did force-fix the scores of the bayes rules,
> > particularly the high-end. The perceptron assigned BAYES_99 a
> > score
From: "Igor Chudov" <[EMAIL PROTECTED]>
On Mon, May 01, 2006 at 08:55:17AM +0100, Graham Murray wrote:
"Dallas L. Engelken" <[EMAIL PROTECTED]> writes:
> skip SA on newsgroup mail (or whitelist_from_rcvd)... if the reason for
> running newsgroup mail through SA is because your newsgroups get
I'm currently using qmail + qmail-scanner.The messages are sent to the sophie process as they arrive - I allow 150+ connections per second, so instead of forking 150 sweeps per message I just use one deamon (sophie).
The messages are received by qmail-smtp, are sent to qmail-scanner which passes th
Yeah,It would be great to have SpamAssassin combined with tools like APF and BFD(http://www.rfxnetworks.com/bfd.php)On 5/1/06,
Dan <[EMAIL PROTECTED]> wrote:
> SA does support ordinary DNS based blacklists using A record or TXT> record queries.Is there a text file way to do it, like?:header TEST1
On Mon, May 01, 2006 at 03:38:27PM -0700, Dan wrote:
> Is there a text file way to do it, like?:
> header TEST1 CIDR /151.44.165.138\/24/
You could do that, or you could use the AccessDB plugin which would allow that
to be done easier.
--
Randomly Generated Tagline:
"Please do not blame Sendmail
I used to use them. However, you know the password
protected zip file viruses? My customers were up in arms as these flowed
right through. However, ClamAV caught them with ease. I dropped them
because of this. Also, the Milter would die from time to time and support
didn't really help.
Check out these guyshttp://www.centralcommand.com/their product, Vexira antivirus, has a similar price scheme to the extint RAV
On 5/1/06, <[EMAIL PROTECTED]> wrote:
I can say that the best, and most affordable, anti-virus package I have ever used was RAV. Until iswas bought out by Microsoft.
SA does support ordinary DNS based blacklists using A record or TXT
record queries.
Is there a text file way to do it, like?:
header TEST1 CIDR /151.44.165.138\/24/
Dan
schreef:
Is BitDefender stable?
I have been using ClamAV and BitDefender together for over a year in
several mail servers, invoked by Amavisd-new. The products are very stable.
Jo
I haven't been happy with CGP's anti-virus/anti-spam options
(specifically a lack of ability to do "during the SMTP transaction"
processing), so I tend to use a gateway approach.
1) On my production CGP machines, there is a group of sendmail boxes
that sit in front of them handling all non-S
[EMAIL PROTECTED] schreef:
wrote:
I can say that the best, and most affordable, anti-virus package I
have ever used was RAV. Until is was bought out by Microsoft. I
have since been using ClamAV but it sure uses allot of RAM.
I use both ClamAV and BitDefender's free Linux produc
wrote:
> Is BitDefender stable?
I haven't had any troubles with it. It's free, but not open source... and most
importantly the virus definitions are updated regularly.
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Softwa
I use MailScanner and Qmail-Scanner depending on the server.
- Original Message -
From: "John Rudd" <[EMAIL PROTECTED]>
To: "Ricardo Oliveira" <[EMAIL PROTECTED]>
Cc:
Sent: Monday, May 01, 2006 3:33 PM
Subject: Re: Way OT: What do you use for anti-virus (Linux)
|
| On May 1, 2006
Is BitDefender stable?
- Original Message -
From: <[EMAIL PROTECTED]>
To:
Sent: Monday, May 01, 2006 2:44 PM
Subject: RE: Way OT: What do you use for anti-virus (Linux)
| wrote:
| > I can say that the best, and most affordable, anti-virus package I
| > have ever used was RAV
On May 1, 2006, at 13:30, Ricardo Oliveira wrote:
John,
I use sophos too, but I though I'd drop the note on a
memory-and-performance-saver: Sophie is a deamon which received the
messages, processos them and returns the result "infected" or "not
infected" instead of forking a new sweep proce
On May 1, 2006, at 13:21, wrote:
| At work:
|
| mailscanner calls both sophos av (via sweep) and spamassassin
|
|
| At home:
|
| mimedefang calls both clamav (via clamd) and spamassassin
|
|
| I have less RAM on the home machine than the work machines, and
ClamAV
| seems to do just fine
wrote:
> I can say that the best, and most affordable, anti-virus package I
> have ever used was RAV. Until is was bought out by Microsoft. I
> have since been using ClamAV but it sure uses allot of RAM.
I use both ClamAV and BitDefender's free Linux product
http://www.bitdefender.com/bd/s
Title: Message
Has
anyone used or tried Panda for Linux? If so, what is your feedback on the
product? We use it only on the client machines but haven't ran it on my
email/web server. To tell the truth, I'm a little scared to install it
with running CommuniGate Pro, CGPSA, Spamassassin without
John,I use sophos too, but I
though I'd drop the note on a memory-and-performance-saver: Sophie is a
deamon which received the messages, processos them and returns the
result "infected" or "not infected" instead of forking a new sweep
process for every incoming email.
This resulted in WAY lower mem
| At work:
|
| mailscanner calls both sophos av (via sweep) and spamassassin
|
|
| At home:
|
| mimedefang calls both clamav (via clamd) and spamassassin
|
|
| I have less RAM on the home machine than the work machines, and ClamAV
| seems to do just fine.
I recall trying Sophos but after the eva
On May 1, 2006, at 12:18 PM, wrote:
I can say that the best, and most affordable, anti-virus package I
have ever used was RAV. Until is
was bought out by Microsoft. I have since been using ClamAV but it
sure uses allot of RAM.
What do you use?
At work:
mailscanner calls both sopho
Title: RE: new type of email spam
> -Original Message-
> From: Anton Krall [mailto:[EMAIL PROTECTED]]
> Sent: Friday, April 28, 2006 12:36 AM
> To: users@spamassassin.apache.org
> Subject: new type of email spam
>
>
> Guys, today I got a flow of new type of spam, this new email
>
Am Montag, 1. Mai 2006 21:18 schrieb :
> I can say that the best, and most affordable, anti-virus package I
> have ever used was RAV. Until is was bought out by Microsoft. I
> have since been using ClamAV but it sure uses allot of RAM.
>
> What do you use?
clamav.
clamd uses some 2.8% of my
I can say that the best, and most affordable, anti-virus package I have ever
used was RAV. Until is
was bought out by Microsoft. I have since been using ClamAV but it sure uses
allot of RAM.
What do you use?
On 5/1/06, Jeff Portwine <[EMAIL PROTECTED]> wrote:
I tried ripmime, and it does extract the attachments but it throws away all
of the header information and gives me only the attachment by itself.
I wrote an extractor in procmail for simple (as in, it doesn't handle
nested structure well) MIME
I tried ripmime, and it does extract the attachments but it throws away all
of the header information and gives me only the attachment by itself.
-Jeff
- Original Message -
From: "Matt Kettler" <[EMAIL PROTECTED]>
To: "Jeff Portwine" <[EMAIL PROTECTED]>
Cc:
Sent: Monday, May 01, 2006
Jeff Portwine wrote:
> I'm trying to write or find a script that will extract attachments from
> an email message and write them to a directory, where I could run
> sa-learn on them. Right now, mail comes in through exim and our
> users get their mail via pop3.I have got them all forwarding
Matt Kettler wrote:
> Bowie Bailey wrote:
> >
> > The Bayes rules are not individual unrelated rules. Bayes is a
> > series of rules indicating a range of probability that a message is
> > spam or ham. You can argue over the exact scoring, but I can't see
> > any reason to score BAYES_99 lower t
I'm trying to write or find a script that will
extract attachments from an email message and write them to a directory, where I
could run sa-learn on them. Right now, mail comes in
through exim and our users get their mail via pop3. I have got
them all forwarding the spam they get to
Bowie Bailey wrote:
> Matt Kettler wrote:
>> It is perfectly reasonable to assume that most of the mail matching
>> BAYES_99 also matches a large number of the stock spam rules that SA
>> comes with. These highly-obvious mails are the model after which
>> most SA rules are made in the first place.
On Saturday April 29 2006 12:44 am, Richard Ozer wrote:
> I've purchased HUNDREDS of fake degrees and I feel much smarter because of
> it!
>
> Serious answer many spammers are probably paid per email. Others
> figure that more retries to a given address will result in a higher
> likelihood of
jdow wrote:
> From: "Bart Schaefer" <[EMAIL PROTECTED]>
> >
> > On 4/29/06, Matt Kettler <[EMAIL PROTECTED]> wrote:
> > > In SA 3.1.0 they did force-fix the scores of the bayes rules,
> > > particularly the high-end. The perceptron assigned BAYES_99 a
> > > score of 1.89 in the 3.1.0 mass-check ru
Matt Kettler wrote:
>
> It is perfectly reasonable to assume that most of the mail matching
> BAYES_99 also matches a large number of the stock spam rules that SA
> comes with. These highly-obvious mails are the model after which
> most SA rules are made in the first place. Thus, these mails need
On Saturday, April 29, 2006 8:28 PM +0900 MATSUDA Yoh-ichi <[EMAIL PROTECTED]>
wrote:
BTW, I have more rules for catching various types of spams.
Which is better for posting new rules?
(1) first, posting new rules to this users ML, next, posting to Bugzilla
(2) directly posting new rules to B
(not a
plugin), and would like to submit it for public use, where would I do that?
Thanks,
Drew Burchett
United Systems & Software
http://www.united-systems.com
Phone: (270)527-3293
Fax: (270)527-3132
__ NOD32 1.1515 (20060501) Information __
This mes
Graham Murray wrote:
> Matt Kettler <[EMAIL PROTECTED]> writes:
>
>
>> All that said, I can't see why you'd want to do anything else with DCC.
>> The FP rate on DCC, even with the defaults of |99 for fuzz counts,
>> is significant. In the SA 3.1.0 set3 mass-checks, DCC_CHECK had a S/O
>> of|
If I have created a new script that can be used with
SpamAssassin (not a plugin), and would like to submit it for public use, where
would I do that?
Thanks,
Drew Burchett
United Systems & Software
http://www.united-systems.com
Phone: (270)527-3293
Fax: (270)527-3132
Dan wrote:
> I'm building a list of IP ranges (currently CIDRs) and want to use
> them to:
>
> 1) Tag/block messages that arrive (directly and indirectly) from IPs
> in these ranges
>
> 2) Tag/block messages with URIs that point to IPs in these ranges
>
>
> What is the best way to define specific/f
On Mon, May 01, 2006 at 08:55:17AM +0100, Graham Murray wrote:
> "Dallas L. Engelken" <[EMAIL PROTECTED]> writes:
>
> > skip SA on newsgroup mail (or whitelist_from_rcvd)... if the reason for
> > running newsgroup mail through SA is because your newsgroups get
> > spammed, then you have a bigger
"Dallas L. Engelken" <[EMAIL PROTECTED]> writes:
> skip SA on newsgroup mail (or whitelist_from_rcvd)... if the reason for
> running newsgroup mail through SA is because your newsgroups get
> spammed, then you have a bigger problem to fix first.
I think that the OP means that his clients are the
Matt Kettler <[EMAIL PROTECTED]> writes:
> All that said, I can't see why you'd want to do anything else with DCC.
> The FP rate on DCC, even with the defaults of |99 for fuzz counts,
> is significant. In the SA 3.1.0 set3 mass-checks, DCC_CHECK had a S/O
> of| 0.979, meaning that 2.1% of emai
I'm building a list of IP ranges (currently CIDRs) and want to use
them to:
1) Tag/block messages that arrive (directly and indirectly) from IPs
in these ranges
2) Tag/block messages with URIs that point to IPs in these ranges
What is the best way to define specific/fixed IP ranges for
52 matches
Mail list logo
