Re: Web user interface

Johnson, S wrote: Has anyone written a web interface for end users in which they could go through quarantined spam and release/whitelist on their own? Not yet. But that is something I'm actually trying to do. What I'm working on would fall far short of the available features in spamassassin

Re: Mail not being embargo'd for greylisting

Eddie <[EMAIL PROTECTED]>wrote: > I'm also guessing that if I'm pulling down mail, from a POP mailbox at my ISP, > there's really no way to use greylisting at all. Because the mail has > already been accepted by my ISP. Although it's not strictly 'greylisting', if you can find some way to delay

Re: Hmm - a server I manage is triggering Botnet

On Fri, 26 Jan 2007 16:43:17 -0800 John Rudd <[EMAIL PROTECTED]> wrote: > >>> X-Envelope-From: [EMAIL PROTECTED] > >>> Received: from netbits.us ([209.18.107.89]) > >>> by 0 ([192.168.0.3]) > >>> with SMTP via SSL; 25 Jan 2007 23:47:53 - > >> > >> That would seem to be your problem. I bet

Re: Interpreting Error/Warning Message

On Fri, 26 Jan 2007, Theo Van Dinter wrote: This means that the plugin can't find the languages file, which will normally be installed in the default rules dir (/usr/share/spamassassin). Thank you, Theo. I found a binary 'languages' file in /etc/mail/spamassassin/rules/ and copied it to /usr

Re: Interpreting Error/Warning Message

On Fri, Jan 26, 2007 at 04:44:19PM -0800, Rich Shepard wrote: > I also received this at the beginning of the processing: > > textcat: languages filename not defined > > These are related, I assume. This means that the plugin can't find the languages file, which will normally be installed in

Re: FuzzyOCR 3.5.1 not using FUZZY_OCR rule when using hash (SOLVED)

On Wed, 17 Jan 2007 19:46:54 -0800, Quinn Comendant wrote: > Also, I've added this issue to ticket #62: > http://fuzzyocr.own-hero.net/ticket/62 Case closed. I noticed the output score was different between running clamc and spamassassin and realized this was a permissions issue. These files a

Poor man's high MX spam Trap

Hi, This is what I did to flag spam that goes to the Highest MX server without having a secondary MX. First you need a different valid IP address for you SMTP, lets say 20.43.15.256. ;) Add this ip as an alias to your network interface. # /sbin/ip address add 20.43.15.256/24 brd + dev eth0 labe

Re: Interpreting Error/Warning Message

On Fri, 26 Jan 2007, Rich Shepard wrote: Does this mean I need to re-install TextCat.pm? That's not it. It's up to date. So, I've no idea what to do about those warning messages. Rich -- Richard B. Shepard, Ph.D. |The Environmental Permitting Applied Ecosystem Services,

Interpreting Error/Warning Message

I just ran my weekly sa-learn on my spam-uncaught mail file. This is part of the output (repeated probably for each message in the file): Use of uninitialized value in hash element at /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Plugin/TextCat.pm line 411. Use of uninitialized value in join

Re: Hmm - a server I manage is triggering Botnet

Josh Trutwin wrote: On Fri, 26 Jan 2007 14:53:19 -0800 John Rudd <[EMAIL PROTECTED]> wrote: Josh Trutwin wrote: On Fri, 26 Jan 2007 14:57:57 -0500 "Dan Barker" <[EMAIL PROTECTED]> wrote: Can you provide more of the headers? Sure - here's the complete set: X-Envelope-From: [EMAIL PROTECTED]

Re: Drug spam, some caught some not - none caught by drug rules

On Fri, 26 Jan 2007 13:54:03 +, Ben Wylie <[EMAIL PROTECTED]> wrote: >I recommend the KAM rules list which can be found here: >http://www.peregrinehw.com/downloads/SpamAssassin/contrib/KAM.cf >This catches the drugs names in these emails. > >Cheers, >Ben > >Nigel Frankcom wrote: >> On Thu, 25

Re: Drug spam, some caught some not - none caught by drug rules

On Fri, 26 Jan 2007 09:16:09 -0500, Matt Kettler <[EMAIL PROTECTED]> wrote: >Nigel Frankcom wrote: >> >> Files redone... a little more informative this time round :-D >> >> http://dev.blue-canoe.net/spam/spam01.txt >> http://dev.blue-canoe.net/spam/debug1.txt >> >> http://dev.blue-canoe.net/spa

Re: pyzor set-up wrong when spamc/d called from /etc/procmailrc

On Friday 26 January 2007 15:01, Eddie wrote: > I've been testing my SA configuration using spamc in my private > .procmailrc. Everything is working well (I think :-) ). As this setup is > going to be used by 4 or 5 acounts on this box, I thought it would make > more sense to use /etc/procmailrc i

Re: True spam getting really low Bayesian points

* maillist <[EMAIL PROTECTED]> [2007-01-25 10:21:47 -0600]: > Kim Christensen wrote: > >Hey list, > > > >I've recently started training our bayesian filter with spam/ham from my > >personal mailbox, to prepare for live usage on our customer accounts. > > > >% sa-learn --dump magic > >... > >0.000

pyzor set-up wrong when spamc/d called from /etc/procmailrc

I've been testing my SA configuration using spamc in my private .procmailrc. Everything is working well (I think :-) ). As this setup is going to be used by 4 or 5 acounts on this box, I thought it would make more sense to use /etc/procmailrc instead of creating a bunch of private .procmailrc.

Re: Hmm - a server I manage is triggering Botnet

On Fri, 26 Jan 2007 14:53:19 -0800 John Rudd <[EMAIL PROTECTED]> wrote: > Josh Trutwin wrote: > > On Fri, 26 Jan 2007 14:57:57 -0500 > > "Dan Barker" <[EMAIL PROTECTED]> wrote: > > > >> Can you provide more of the headers? > > > > Sure - here's the complete set: > > > > X-Envelope-From: [EMAIL

Re: Hmm - a server I manage is triggering Botnet

Josh Trutwin wrote: On Fri, 26 Jan 2007 14:57:57 -0500 "Dan Barker" <[EMAIL PROTECTED]> wrote: Can you provide more of the headers? Sure - here's the complete set: X-Envelope-From: [EMAIL PROTECTED] Received: from netbits.us ([209.18.107.89]) by 0 ([192.168.0.3]) with SMTP via SSL; 25 Ja

Re: Hmm - a server I manage is triggering Botnet

On Fri, 26 Jan 2007 14:57:57 -0500 "Dan Barker" <[EMAIL PROTECTED]> wrote: > Can you provide more of the headers? Sure - here's the complete set: X-Envelope-From: [EMAIL PROTECTED] Received: from netbits.us ([209.18.107.89]) by 0 ([192.168.0.3]) with SMTP via SSL; 25 Jan 2007 23:47:53 -

Re: Hmm - a server I manage is triggering Botnet

On Fri, 26 Jan 2007 12:31:48 -0800 John Rudd <[EMAIL PROTECTED]> wrote: > Josh Trutwin wrote: > > I'm the admin for the IP below and got this on a different > > server I manage: > > > > 5.0 BOTNET Relay might be a spambot or virusbot > > [botnet0.7,ip=209.18.107.89,hostname=netbits.us,maildomain=

Re: Bayes

I thought I'd mention that since I wiped and rebuilt my Bayes files my success rate has jumped from 93% to 99+%. Considering the amount of spam pouring into here, that's not bad at all. - Original Message - From: "Anthony Peacock" <[EMAIL PROTECTED]> Cc: Sent: Friday, January 26, 200

Re: Web user interface

Johnson, S wrote: Has anyone written a web interface for end users in which they could go through quarantined spam and release/whitelist on their own? There is mailwatch for MailScanner -- Mr Michele Neylon Blacknight Solutions Hosting & Colocation, Brand Protection http://www.blacknight.ie/

Re: Web user interface

At 01:29 PM 1/26/2007, you wrote: Has anyone written a web interface for end users in which they could go through quarantined spam and release/whitelist on their own? That would depend on how what method you're using to quarantine spam...

Web user interface

Has anyone written a web interface for end users in which they could go through quarantined spam and release/whitelist on their own?

Re: cannot opendir /var/lib/spamassassin/3.001007

Tom wrote: Hi there I have a machine running Fedora Core 6 with Postfix and am attempting to get the most recent Spamassassin running. I check my /var/log/maillog and I keep seeing the error listed below ---Error-- config: cannot op

cannot opendir /var/lib/spamassassin/3.001007

Hi there I have a machine running Fedora Core 6 with Postfix and am attempting to get the most recent Spamassassin running. I check my /var/log/maillog and I keep seeing the error listed below ---Error-- config: cannot opendir /var/l

Re: Hmm - a server I manage is triggering Botnet

Josh Trutwin wrote: I'm the admin for the IP below and got this on a different server I manage: 5.0 BOTNET Relay might be a spambot or virusbot [botnet0.7,ip=209.18.107.89,hostname=netbits.us,maildomain=davidtrutwin.com,baddns] I guess this is because of full-circle DNS, but I'm not sure how to

RE: Hmm - a server I manage is triggering Botnet

Can you provide more of the headers? You post from trutwins.homeip.net Botnet complains about netbits.us and davidtrutwin.com trutwins.homeip.net has no MX record homeip.net MX isn't 209.18.107.89 davidtrutwin.com MX isn't 209.18.107.89 209.18.107.89 says fastconcepts.com in it's HELO However, th

Hmm - a server I manage is triggering Botnet

I'm the admin for the IP below and got this on a different server I manage: 5.0 BOTNET Relay might be a spambot or virusbot [botnet0.7,ip=209.18.107.89,hostname=netbits.us,maildomain=davidtrutwin.com,baddns] I guess this is because of full-circle DNS, but I'm not sure how to correct the issue. I

RE: per-user and site-wide bayes databases toghether

If "they" say you can't, then this is how you'd do it. (Training would need to be via scripts, not Autolearn, I imagine) SpamAssassin uses Bayes via database queries. So, you rename the tables to something different, and define a view of the same name as the table had been. It will be called by SA

per-user and site-wide bayes databases toghether

Hi, I would like to have side by side a per-user and a site-wide database. AFAIK, right now I can have either one or the other. IMHE, I think that the per-user database is more effective, specially for HAM, but a side wide one will help improve SPAM detection (lower false negatives) and improve

Re: Should I use greylisting

Magnus Holmgren wrote: On Friday 26 January 2007 03:21, uNiXpSyChO wrote: Chris Purves wrote: Personally, I didn't like the added delay for first-time mails, which is why I chose to greylist only on blocklists, but for a minimal effort my spam was significantly reduced. Hope that helps. what

Re: Should I use greylisting

Steven W. Orr wrote: > I'm running sendmail and I want a good greylist that uses a mysql > database. My selective greylist implementation uses MySQL or SQLite, but it is implemented in a MIMEDefang filter so if you don't use MIMEDefang you might not find it useful. It's at

Re: Mail not being embargo'd for greylisting

On Friday 26 January 2007 06:24, Matt Kettler wrote: > Eddie wrote: > > I've set up DCC within Spamassassin, and enabled greylisting. At first, > > I couldn't see any mails being "bounced", pending a re-tramsmission, > > until I realised that all the e-mails I was looking at were maked as spam > >

Re: Bayes

You absolutely want to train these. Example: Viagra scores 100:1 but Cialis scores 1:1. Viagra will tip your bayes score but there will come a time when the mail reads something like: V!agra and Cialis and now your Bayes contribution is nominal based on these two tokens. But by training all the

Re: Drug spam, some caught some not - none caught by drug rules

On Fri, 26 Jan 2007, Jim Maul wrote: Those are the DEFAULT rules. Do not add/remove/modify anything in this folder. custom rules go in /etc/mail/spamassassin/ OK. I'll put the new ones there. You really need to have a better understanding of the basics of SA. I'd suggest going over the

Re: Drug spam, some caught some not - none caught by drug rules

Rich Shepard wrote: On Fri, 26 Jan 2007, Rich Shepard wrote: Where do I put this file so it's seen and used by SpamAssassin? Nevermind. I put it in /usr/share/spamassassin/ with all the other .cf files. Rich nooo Those are the DEFAULT rules. Do not add/remove/modify anything in

Re: Re: Drug spam, some caught some not - none caught by drug rules

On Fri, 26 Jan 2007, Rich Shepard wrote: Where do I put this file so it's seen and used by SpamAssassin? Nevermind. I put it in /usr/share/spamassassin/ with all the other .cf files. Rich -- Richard B. Shepard, Ph.D. |The Environmental Permitting Applied Ecosystem Servic

Re: Re: Drug spam, some caught some not - none caught by drug rules

On Fri, 26 Jan 2007, Ben Wylie wrote: On top of these rules, I have written a rule to give 4 points to any email with an .exe attachment as there have been a lot of these. With the above rules and the 4 for having an exe attachment, it hits a rating of 12. The rule i have for detecting the exe a

Re: Mail not being embargo'd for greylisting

Eddie wrote: > I've set up DCC within Spamassassin, and enabled greylisting. At first, I > couldn't see any mails being "bounced", pending a re-tramsmission, until I > realised that all the e-mails I was looking at were maked as spam by SA, in > which case, my understanding is that it's a waste

a lot of error and Spamassassin don't answer

Hi i have a lot of problems with one of my spamassassin server now he don't answer at qmail-scanner and i have into logs : Jan 26 10:19:03 mx-1 spamd[30884]: pyzor: check failed: internal error Jan 26 10:24:11 mx-1 spamd[30884]: bayes: expire_old_tokens: child processing timeout at /u

Re: Should I use greylisting

On Thu, 25 Jan 2007, Chris Purves wrote: Matthew Bickerton wrote: I have been thinking about implementing Greylisting. However, I am worried about blocking/long delays with e-mails from mail farms (gmail, yahoo etc.) You could compromise by greylisting based on blocklists (such as spamhau

RE: Possible false positive?

I mean that there is no such a rule like Fw_mail in those files and I also not using local_pref If this Fw_mail Rule is not an native rule and I am sure that I didn't add this, where it is possible to come from? Thanks Hasan Aydın ŞAŞMAZ Genel Müdür Yardımcısı BTEĞİTİM Tel : 0212 274 699

Re: Bayes

Hi Dan, Dan Barker wrote: -Original Message- From: Anthony Peacock [mailto:[EMAIL PROTECTED] Sent: Friday, January 26, 2007 7:22 AM To: users@spamassassin.apache.org Subject: Re: Bayes I also manually learn by mistake. All FNs & FPs are fed back to the system. And I occasionally feed

RE: Bayes

-Original Message- From: Anthony Peacock [mailto:[EMAIL PROTECTED] Sent: Friday, January 26, 2007 7:22 AM To: users@spamassassin.apache.org Subject: Re: Bayes I also manually learn by mistake. All FNs & FPs are fed back to the system. And I occasionally feed some recent ham as ham. Thi

Re: Drug spam, some caught some not - none caught by drug rules

Nigel Frankcom wrote: > > Files redone... a little more informative this time round :-D > > http://dev.blue-canoe.net/spam/spam01.txt > http://dev.blue-canoe.net/spam/debug1.txt > > http://dev.blue-canoe.net/spam/spam02.txt > http://dev.blue-canoe.net/spam/debug2.txt > > http://dev.blue-canoe.

Re: Re: Drug spam, some caught some not - none caught by drug rules

On Fri, 26 Jan 2007, Ben Wylie wrote: I recommend the KAM rules list which can be found here: http://www.peregrinehw.com/downloads/SpamAssassin/contrib/KAM.cf This catches the drugs names in these emails. Ben, Where do I put this file so it's seen and used by SpamAssassin? Thanks, Rich -

Re: Re: Drug spam, some caught some not - none caught by drug rules

Rich Shepard wrote: Andy et al.: You can use http://www.appl-ecosys.com/temp-files/analyzed-spam.tgz>. I'll leave it there for a day. Any insight into how to better trap this type of spam would be welcome. I have a few other representative types, too. * 2.0 BOTNET Relay might be a spamb

Re: Re: Drug spam, some caught some not - none caught by drug rules

I recommend the KAM rules list which can be found here: http://www.peregrinehw.com/downloads/SpamAssassin/contrib/KAM.cf This catches the drugs names in these emails. Cheers, Ben Nigel Frankcom wrote: On Thu, 25 Jan 2007 20:16:42 -0500, Matt Kettler <[EMAIL PROTECTED]> wrote: Nigel Frankcom w

Fw: Bayes

- Original Message - From: "Jack Gostl" <[EMAIL PROTECTED]> To: "Anthony Peacock" <[EMAIL PROTECTED]> Sent: Friday, January 26, 2007 7:30 AM Subject: Re: Bayes Whenever some spam slips through the filters, I save it in a separate folder. Then, each night, I retrain with the spam that

RE: Sa -- lint : HOWTO know which cf file gives the problem ?

On Fri, 26 Jan 2007, Florent Gilain wrote: > Hummm thanks a lot, it was finally easyer than i was thinking ;-)) > > Florent > [...] > 70_zmi_german.cf:scoreZMIde_SUBBIG 1.8 > > so the file containing the rule is 70_zmi_german.cf in the current > directory. you are welcome :) regards, Matthi

Re: Bayes

Hi, I have never had to rebuild my Bayes database because of poisoning. In my opinion the secret is to turn off auto-learning to start with and to train manually, until you are happy with the accuracy of the Bayes system. Once you have a well trained Bayes database you can switch on auto-le

Re: Bayes

It sounds like you are in fact suggesting a periodic rebuild of the Bayes files. - Original Message - From: "--[ UxBoD ]--" <[EMAIL PROTECTED]> To: Sent: Friday, January 26, 2007 6:45 AM Subject: Re: Bayes IMHO I would imagine that recently, due to the SPAM changes, that your Bayes

development list

I have a general question about development versus using spamassassin. Does the developer mailing list do anything other than bugs or is that the wrong list for detailed discussions on how SA works under the hood? I'm interested right now in how to use the Mail::SpamAssassin suite in some

Re: Should I use greylisting

You shouldn't have told them you were delaying any email After the first message there is no further delays and my bet is that they wouldn't have noticed anything unless you pointed it out. I have found greylisting is quite capable of removing 50% of the spam before I even have to proces

Re: Bayes

On Jan 26, 2007, at 6:09 AM, Jack Gostl wrote: The amount of spam getting through my filters has been steadily increasing. From a start of under two percent up to over ten percent. It was getting pretty bad, so I finally, just on a hunch, I wiped my Bayes files and rebuilt them. And, voila

Re: Bayes

IMHO I would imagine that recently, due to the SPAM changes, that your Bayes has become poisoned. But I could be well wrong. On Fri, 26 Jan 2007 06:09:24 -0500 "Jack Gostl" <[EMAIL PROTECTED]> wrote: > The amount of spam getting through my filters has been steadily > increasing. From a start of u

Bayes

The amount of spam getting through my filters has been steadily increasing. From a start of under two percent up to over ten percent. It was getting pretty bad, so I finally, just on a hunch, I wiped my Bayes files and rebuilt them. And, voila!, I'm now running under one percent. Has anyone els

Re: Drug spam, some caught some not - none caught by drug rules

On Thu, 25 Jan 2007 20:16:42 -0500, Matt Kettler <[EMAIL PROTECTED]> wrote: >Nigel Frankcom wrote: >> Debug results are available on: >> http://dev.blue-canoe.net/spam/spam01.txt >> http://dev.blue-canoe.net/spam/debug1.txt >> >> http://dev.blue-canoe.net/spam/spam02.txt >> http://dev.blue-canoe.

Re: Rulesdujour?

Matt Kettler writes: > 2) Antidrug is a part of SA as of SA 3.0.0. If you're using antidrug > with SA 3.0.0 or higher, you're possibly downgrading your antidrug > rules. Unless you're using SA 2.64 or lower, you should remove > antidrug.cf from your system completely. > > 3) If I ever make update

RE: Sa -- lint : HOWTO know which cf file gives the problem ?

Hummm thanks a lot, it was finally easyer than i was thinking ;-)) Florent -Message d'origine- De : Matthias Fuhrmann [mailto:[EMAIL PROTECTED] Envoyé : jeudi 25 janvier 2007 21:27 À : users@spamassassin.apache.org Objet : Re: Sa -- lint : HOWTO know which cf file gives the problem ? O

Mail not being embargo'd for greylisting

I've set up DCC within Spamassassin, and enabled greylisting. At first, I couldn't see any mails being "bounced", pending a re-tramsmission, until I realised that all the e-mails I was looking at were maked as spam by SA, in which case, my understanding is that it's a waste of time asking for a