On Fri, 23 Mar 2007, maillist wrote:
> I only run a little bitty server with under 100 users. Are there
> any others like that here?
Since I stopped monking at work I only support SA for 4 users.
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
[EMAIL PROTECTED]FALa
Marc Perkel wrote:
Marc Perkel wrote:
The don't seem to have any contact info. Anyone know anything about
them?
Whoops - typo. - I mean apews.org
Dunno. Tar-pit?
Marc Perkel wrote:
>
>
> Marc Perkel wrote:
>> The don't seem to have any contact info. Anyone know anything about
>> them?
>>
>
> Whoops - typo. - I mean apews.org
>
They seem to be an attempt to clone spews. 99.99% of the website was
directly copied from spews.org
>From the website at http://ww
Marc Perkel wrote:
The don't seem to have any contact info. Anyone know anything about them?
Whoops - typo. - I mean apews.org
The don't seem to have any contact info. Anyone know anything about them?
Jim Maul wrote:
Marc Perkel wrote:
Jim Maul wrote:
Marc Perkel wrote:
Perhaps what I need to do is to get rid of autolearn and write my
own learning system that strips out the body of messages with
images and just learns the headers. My problem is that when users
get image spam they put
On Friday 23 March 2007, Daryl C. W. O'Shea said:
> Beech Rintoul wrote:
> > I'm running SA-3.1.8 on FreeBSD 6.x and getting the following
> > error in the maillog:
> >
> > pinnacle spamd[67334]: spamd: could not create INET socket on
> > 127.0.0.1:783: Permission denied
> >
> > This doesn't seem t
At home. 1 domain, 5 users.
At work? I do tech support for Sun mail servers. . . . . . .
jay
John Rudd wrote:
Jonathan M Metts wrote:
Count me in. 1 domain, 1 user. Why? Just because I can.
Evan Platt wrote:
At 01:06 PM 3/23/2007, Gary V wrote:
I've been on this mail list only for
Jonathan M Metts wrote:
Count me in. 1 domain, 1 user. Why? Just because I can.
Evan Platt wrote:
At 01:06 PM 3/23/2007, Gary V wrote:
I've been on this mail list only for a few months now, and am
wondering if I am the smallest guy here.
No, you're not.
Oh me me me!
1 domain, 1 user.
Beech Rintoul wrote:
I'm running SA-3.1.8 on FreeBSD 6.x and getting the following error in
the maillog:
pinnacle spamd[67334]: spamd: could not create INET socket on
127.0.0.1:783: Permission denied
This doesn't seem to affect the operation, but I'd like to fix the
problem. Does anyone hav
I've been on this mail list only for a few months now, and am wondering
if I am the smallest guy here.
No, you're not.
Oh me me me!
1 domain, 1 user. :)
I think only someone that uses fetchmail could beat that (no domain, 1
user).
Gary V
___
Count me in. 1 domain, 1 user. Why? Just because I can.
Evan Platt wrote:
At 01:06 PM 3/23/2007, Gary V wrote:
I've been on this mail list only for a few months now, and am
wondering if I am the smallest guy here.
No, you're not.
Oh me me me!
1 domain, 1 user. :)
At 01:06 PM 3/23/2007, Gary V wrote:
I've been on this mail list only for a few months now, and am
wondering if I am the smallest guy here.
No, you're not.
Oh me me me!
1 domain, 1 user. :)
maillist wrote:
> I've been on this mail list only for a few months now, and am
> wondering if I am the smallest guy here. I often have questions, and
> usually find the answer just by browsing in past mails, which is
> really cool. I see most of the folks that are questioning/replying
> ar
I've been on this mail list only for a few months now, and am wondering if
I am the smallest guy here.
No, you're not.
I often have questions, and usually find the answer just by browsing in
past mails, which is really cool. I see most of the folks that are
questioning/replying are admins of
maillist wrote:
I've been on this mail list only for a few months now, and am
wondering if I am the smallest guy here. I often have questions, and
usually find the answer just by browsing in past mails, which is
really cool. I see most of the folks that are questioning/replying
are admins of
This image, for example, was targed as spam...
http://rejaine.multiply.com/photos/photo/5/1
Content analysis details: (6.4 points, 5.0 required)
pts rule name description
--
--
-2.6 BAYES_00
> >>>
> >>>
> >>
> >> Are you sure of this? Have you also trained these ham messages to
> >> counter this effect? Not too long ago we were in the same situation.
> >> I have autolearn enabled but I have adjusted the thresholds to avoid
> This is quite possible. I have heard other stories of peop
I'm running SA-3.1.8 on FreeBSD 6.x and getting the following error in
the maillog:
pinnacle spamd[67334]: spamd: could not create INET socket on
127.0.0.1:783: Permission denied
This doesn't seem to affect the operation, but I'd like to fix the
problem. Does anyone have a suggestion? Spamd *I
I've been on this mail list only for a few months now, and am wondering
if I am the smallest guy here. I often have questions, and usually find
the answer just by browsing in past mails, which is really cool. I see
most of the folks that are questioning/replying are admins of rather
large sys
Lance Albertson wrote:
I recently updated SA on our machines from 3.1.1 to 3.1.8 and I started
noticing a new issue crop up. I also noticed that someone else had a
similar problem and reported it on this last back in January [1], but it
never got an answer back about it. I've looked elsewhere onl
At 10:13 AM 3/23/2007, Rejaine Monteiro wrote:
I'm using FuzzyOcr plugin, version 2.3b and have some problems with
Fuzzy-OCR false/positives:
12 FUZZY_OCR BODY: Mail contains an image with common
spam text inside
Words found:
But with a good purge of bayes, a rebuild, and the
addition of sa-update rules,
How do you safely purge bayes anyway?
Matt
I recently updated SA on our machines from 3.1.1 to 3.1.8 and I started
noticing a new issue crop up. I also noticed that someone else had a
similar problem and reported it on this last back in January [1], but it
never got an answer back about it. I've looked elsewhere online and have
yet to find
Rejaine Monteiro wrote:
> I'm using FuzzyOcr plugin, version 2.3b and have some problems with
> Fuzzy-OCR false/positives:
>
>
> 12 FUZZY_OCR BODY: Mail contains an image with common spam
> text inside
>Words found:
>"news" in
Marc Perkel wrote:
Jim Maul wrote:
Marc Perkel wrote:
Perhaps what I need to do is to get rid of autolearn and write my own
learning system that strips out the body of messages with images and
just learns the headers. My problem is that when users get image spam
they put it in the spam fold
> Dean Manners said:
>
> sa-learn --clear
>
> Make sure you have a ham/spam pile ready to re-train your db's after
> clearing.
>
Hmm so if someone does this
sa-learn --clear
Q: when that command is completed, should one restart SA or are we good to
go immediately after for training etc?
I'm using FuzzyOcr plugin, version 2.3b and have some problems with
Fuzzy-OCR false/positives:
12 FUZZY_OCR BODY: Mail contains an image with common spam
text inside
Words found:
"news" in 5 lines
Jim Maul wrote:
Marc Perkel wrote:
Perhaps what I need to do is to get rid of autolearn and write my own
learning system that strips out the body of messages with images and
just learns the headers. My problem is that when users get image spam
they put it in the spam folders and they get lea
> >
> > On Thu, 22 Mar 2007 09:55:07 -0700, Marc Perkel <[EMAIL PROTECTED]>
> > wrote:
> > > Maybe I'm doing something wrong but with the various methods of
> > > bayes poisoning going on I've found that bayes is just lowering
> > > the score
> > of
> > > spam and causing more spam to get through.
Hi,
I have it working, I am blocking it at the MTA using policy controls.
It appears to be working fine.
Thanks everyone for the help,
Michael
Jonathan M Metts wrote:
Another option would be to use Sieve or another type of server side
filter. This way, you would have a few options. You could r
On Fri, 23 Mar 2007, Loren Wilton wrote:
> Well, of course you can't "block" with SA itself. But I assume you knew that.
>
> You can't do what you want quite the way you showed it. But you can get the
> effect you want:
>
> header __MC_MY_FROMFrom =~ /[EMAIL PROTECTED]/i
> header __MC_MY_EN
Another option would be to use Sieve or another type of server side
filter. This way, you would have a few options. You could reject it,
discard it, or redirect the message elsewhere. Just an idea, but like
the others have said, I wouldn't use SA for it.
.metts
Michael Connors wrote:
Denn
Starckjohann, Ove wrote:
> Hi!
>
> bit offtopic, but maybe it's easy and someone is able to drop me the
> *magic* snippet of code:
>
> My logile looks like:
>
> Mar 23 10:15:55 admin05 spamd[6084]: spamd: result: Y 5 -
> AWL,BAYES_00,DCC_CHECK,DIGEST_MULTIPLE,HTML_MESSAGE,LOGINHASH2,MIME_HTML
>
Images were killing us until we installed focr. It really helped. I'm
dreading the day that the scum find a way to circumvent that though. As an
aside, I just noticed a bunch of spam like this in our quarantine (scored
very very high so no one normally sees it, but I look sometimes):
Subjec
Randal, Phil writes:
> Those "(STILL TODO ;)" bits are the things which would convince me to
> test it.
>
> Without them I'm rather in the dark as to what has changed, what needs
> to be changed in my config, and what areas need careful attention.
>
> So when are the betas of the "(STILL TODO ;)
Well, my two cents on this:
When I upgraded my servers (about half a year ago) and started using a
mysql-based Bayes DB, image spams began to drive me crazy. Seemed like there
was no way to stop them. But with a good purge of bayes, a rebuild, and the
addition of sa-update rules, it all began to g
On Thu, Mar 22, 2007 at 12:40:23PM -0300, David fire wrote:
> thanks
> but whats that means?
> confidence (cf) rating between 51 and 100.
FWIW, I responded to a private mail already. But for everyone
else's curiosity ... I pointed him at the Razor folks (razor.sf.net,
https://lists.sourceforge.n
Marc Perkel wrote:
Perhaps what I need to do is to get rid of autolearn and write my own
learning system that strips out the body of messages with images and
just learns the headers. My problem is that when users get image spam
they put it in the spam folders and they get learned. But the text
Those "(STILL TODO ;)" bits are the things which would convince me to
test it.
Without them I'm rather in the dark as to what has changed, what needs
to be changed in my config, and what areas need careful attention.
So when are the betas of the "(STILL TODO ;)"'s coming out? :-)
Cheers,
Phil
/me continues to wait for the spammers to tire of greylisting
I work for a managed hosting provider, and I have seen spam messages get
back customers' greylisting setups. It may be isolated, but some
spammers are already starting to work around it.
On Fri, 23 Mar 2007, Marc Perkel wrote:
> Perhaps what I need to do is to get rid of autolearn and write my
> own learning system that strips out the body of messages with
> images and just learns the headers. My problem is that when users
> get image spam they put it in the spam folders and they
Yes image spam can be a real pain. I have just implemented a new mailserver and
image spam is certainly on the increase :-
mysql> select count(*) from maillog;
+--+
| count(*) |
+--+
|15091 |
+--+
1 row in set (0.00 sec)
mysql> select count(*) from maillog where spam
Perhaps what I need to do is to get rid of autolearn and write my own
learning system that strips out the body of messages with images and
just learns the headers. My problem is that when users get image spam
they put it in the spam folders and they get learned. But the text in
the image spam c
Dennis Davis wrote:
On Fri, 23 Mar 2007, Michael Connors wrote:
Received: from [87.198.136.186] (helo=[10.1.1.125])
by mail.go2.ie with esmtpa (Exim 4.52)
id 1HUjCF-0005Fo-62; Fri, 23 Mar 2007 12:48:43 +
Message-ID: <[EMAIL PROTECTED]>
Date: Fri, 23 Mar 2007 12:48:44 +
From:
thanks
but whats that means?
confidence (cf) rating between 51 and 100.
thanks
2007/3/22, Theo Van Dinter <[EMAIL PROTECTED]>:
On Thu, Mar 22, 2007 at 10:50:58AM -0300, David fire wrote:
> i try to configure my spam assassin but i have one question
> what is RAZOR2_CF_RANGE_51_100 BODY ?
It me
On Fri, 23 Mar 2007, Michael Connors wrote:
> Received: from [87.198.136.186] (helo=[10.1.1.125])
> by mail.go2.ie with esmtpa (Exim 4.52)
> id 1HUjCF-0005Fo-62; Fri, 23 Mar 2007 12:48:43 +
> Message-ID: <[EMAIL PROTECTED]>
> Date: Fri, 23 Mar 2007 12:48:44 +
> From: Michael Connor
I see, I didn't understand the syntax of the rules before, now I
understand.
Thank you, I will try that.
Loren Wilton wrote:
Well, of course you can't "block" with SA itself. But I assume you
knew that.
You can't do what you want quite the way you showed it. But you can
get the effect you
Well, of course you can't "block" with SA itself. But I assume you knew that.
You can't do what you want quite the way you showed it. But you can get the
effect you want:
header __MC_MY_FROMFrom =~ /[EMAIL PROTECTED]/i
header __MC_MY_ENVEnvelope-to =~ /[EMAIL PROTECTED]/i
header __MC_M
Hi,
Can I use something like this to in spamassassin/local.cf to block mail from
one a list to one particular user.
I sometimes have users that ask me to block stuf that isnt really spam but
that they have signed up to and forgotten why they get it. In this situation
I dont want to block everyone
PERL:
#!/usr/bin/perl
while() {
if(/mid=<(.*)>/) {
print "$1\n";
}
}
cat spamd.log |
will give you all of your 'mid' (message ids) from the spamd.log file
(or whatever you
call you spam log file for SA).
Starckjohann, Ove wrote:
Hi!
bit offtopic, but maybe it's easy and some
Hi!
bit offtopic, but maybe it's easy and someone is able to drop me the
*magic* snippet of code:
My logile looks like:
Mar 23 10:15:55 admin05 spamd[6084]: spamd: result: Y 5 -
AWL,BAYES_00,DCC_CHECK,DIGEST_MULTIPLE,HTML_MESSAGE,LOGINHASH2,MIME_HTML
_ONLY,RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_
52 matches
Mail list logo