On 8/27/07, Marc Perkel <[EMAIL PROTECTED]> wrote:
>
>
>
> Andy Sutton wrote:
>
> On Mon, 2007-08-27 at 12:59 -0700, Marc Perkel wrote:
>
> I've not run into a single instance where a legit server only tried
> the lowest MX. However, if I did there's a simple solution. If the
> fake lowest MX poin
Hi There,
We are using debian sarge postfix>amavis(sa+clamav)>dspam and getting
the occasional:
warning: connect to transport spamassassin: Connection refused
In our postfix mail log. Any idea where to being here? Is there some
sort of limit that needs to be raised?
Currently processing around
hi andy,
> For what it's worth, the fuzzyocr hashing is of very limited value, and in
> many cases is a severe performance hit. I found that scanning the hashes,
> due to the "fuzzy" nature, is more costly than just rescanning the file
> with OCR, as *each* *and* *every* hash must be checked itera
On Tue, 28 Aug 2007, snowcrash+sa wrote:
> aha!
>
> in FuzzyOcr.cf,
>
> - focr_hashing_learn_scanned 1
> + focr_hashing_learn_scanned 0
>
> then,
>
> rm Fuzzy*db*
>
...
>
> i did not realize that if the HASH ore-exists, then the images' total
> score hits --
Jean-Paul Natola wrote:
> I'm not listed anywhere - so why am I getting errors like
> An SMTP protocol error occurred-
> And
> The connection was dropped by the remote host
Neither of those would be likely due to RBLs. Almost always an RBL
block will post the reason for the rejection in the reje
> -Messaggio originale-
> Da: Giampaolo Tomassoni [mailto:[EMAIL PROTECTED]
>
> ...omissis...
>
> I *guess* it is focr_enable_image_hashing, which I already commented
> out
> (and thereby disabled hashing) because I was experiencing problems when
> changing something in my FuzzyOcr.words.
> -Messaggio originale-
> Da: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Per conto di
>
> hi,
>
> (you 'busted out' of the thread ... replying back in it.)
>
> > Disable the FuzzyOcr's result hash cache on both machines before
> testing for
> > differences: you are looking at stale resu
Richard
You could setup a gateway with either MailScanner or Amavis-new
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
> -Original Message-
> From: richard venne [mailto:[EMAIL PROTECTED]
> Sent: 28 August 2007 14:32
> Cc: users@spamassassin.apach
On Tue, August 28, 2007 5:28 am, Daryl C. W. O'Shea wrote:
> Justin Mason wrote:
>> John Fleming writes:
>>> When I run sa-update, I have recently started to get this error
>>> which
>>> terminates the update run:
>>>
>>> [17894] dbg: channel: attempting channel updates.spamassassin.org
>>> [17894]
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
richard venne schrieb:
> Hi list
>
> I wonder wether it's possible to make works spamassassin with domino
> server 7.0.x under linux (redhat el4)
Use some combination of MTA (sendmail, Postfix, Exim, ...) integrated
with SpamAssassin, which then fo
On Tue, Aug 28, 2007 at 03:31:44PM -0400, Jean-Paul Natola wrote:
>
>
> Hi, Jean Paul, check this site:
> http://www.robtex.com/rbl.html
> It does multi RBL checks, saved my butt a few times ;)
>
> Peace,
>
>
> Luis
>
> 2007/8/28, Jean-Paul Natola <[EMAIL PROTECTED]>:
> > Hi all,
> >
> > I sa
aha!
in FuzzyOcr.cf,
- focr_hashing_learn_scanned 1
+ focr_hashing_learn_scanned 0
then,
rm Fuzzy*db*
now, as expected ...
18 FUZZY_OCR BODY: Img with common spam text inside
[Words found:]
Hi, Jean Paul, check this site:
http://www.robtex.com/rbl.html
It does multi RBL checks, saved my butt a few times ;)
Peace,
Luis
2007/8/28, Jean-Paul Natola <[EMAIL PROTECTED]>:
> Hi all,
>
> I saw that my server wound up on http://spamcop.net/bl.shtml so I had my
> server removed- however ,
hi,
(you 'busted out' of the thread ... replying back in it.)
> Disable the FuzzyOcr's result hash cache on both machines before testing for
> differences: you are looking at stale results.
>
> If these systems cached the results when the version or config of the two
> FuzzyOcr(s) were not the sa
Hi,
> Unless I've missed something, above is the only difference in the two
> reports. So that says the only real difference if the lack of the 'words
> found' report in FuzzyOCR.
Yup. You're correct.
> I think I'd add a line that should end up in the report and say
> something like "debug repo
> -Messaggio originale-
> Da: Theo Van Dinter [mailto:[EMAIL PROTECTED]
>
> On Tue, Aug 28, 2007 at 05:05:24PM +0200, Giampaolo Tomassoni wrote:
> > > TextCat?
> >
> > Does it yield the probability for each language? Or it just yields a
> single
> > result? (i.e.: language id).
> >
> > We
Hi, Jean Paul, check this site:
http://www.robtex.com/rbl.html
It does multi RBL checks, saved my butt a few times ;)
Peace,
Luis
2007/8/28, Jean-Paul Natola <[EMAIL PROTECTED]>:
> Hi all,
>
> I saw that my server wound up on http://spamcop.net/bl.shtml so I had my
> server removed- however , I
On Tue, Aug 28, 2007 at 05:05:24PM +0200, Giampaolo Tomassoni wrote:
> > TextCat?
>
> Does it yield the probability for each language? Or it just yields a single
> result? (i.e.: language id).
>
> We would need the probability of the text being in any given language. Or,
> better, something close
Giampaolo Tomassoni wrote:
-Messaggio originale-
Da: Bret Miller [mailto:[EMAIL PROTECTED]
...omissis...
What happens with computer lingo and things like URLs that aren't
really
language? I guess the idea would be to write it and see what such a
rule
would hit.
You're probably ri
> -Messaggio originale-
> Da: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Per conto di
> snowcrash+sa
>
> ...omissis...
>
> 16 FUZZY_OCR_KNOWN_HASH BODY: Image with known hash
>
> ...omissis...
> > any hints/suggestions as to what i might've missed? how to find it?
Disable the Fuz
I have chickenpox.cf consistently hitting ham. I did some digging, looks
They are known to do this, which was why the set was depreciated. Unless
they are still hitting on some of those mangled stock spams for you, the
simplest solution might be to just remove the set until they come back
ag
At 11:10 AM 8/28/2007, Dan Barker wrote:
http://www.dnsstuff.com/tools/ip4r.ch?ip=74.254.46.133 works for me, but
your IP is probably not 74.254.46.133.
Dan
Also, your site will probably be on several blacklists. Hopefully
none that are commonly used. I think everyone is on at least one bl
16 FUZZY_OCR_KNOWN_HASH BODY: Image with known hash
[]
[Words found:]
["investor" in 1 lines]
["price" in 2 lines]
["company" in 1 lines]
http://www.dnsstuff.com/tools/ip4r.ch?ip=74.254.46.133 works for me, but
your IP is probably not 74.254.46.133.
Dan
-Original Message-
From: Jean-Paul Natola [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 28, 2007 2:07 PM
To: users@spamassassin.apache.org
Subject: OT blacklist check
H
I have chickenpox.cf consistently hitting ham. I did some digging, looks
like when Microsoft Word or similar is involved in the body, this
hits...
Hi all,
I saw that my server wound up on http://spamcop.net/bl.shtml so I had my
server removed- however , I think I may on other blacklist(s) as I
roadrunner *.rr.com is not accepting emails from our server-
Is there a way I can check my IP to see if I've been blacklisted anywhere
else?
hi,
grr. i'm at that resorting-to-visine stage of wtf ... :-/
i've
spamassassin --version
SpamAssassin version 3.2.4-r564346
running on Perl version 5.8.8
with, among numerous other ruls/plugins, FuzzyOcr/r330 installed.
i've just updated two supposedly identical boxes, b
On Tue, 28 Aug 2007, Richard Hobbs wrote:
> Is this all correct?
Spot on.
> Would a suitable alternative be to delete "bayes_seen" and
> "bayes_toks", then restart spamd? I know i would be deleting
> everything that had been learned over the last period of time, but
> starting afresh may not be
I think the idea would be worth a trial and see if it is useful. As others
have mentioned, inline source code and URLs could cause problems. I'm also
a little concerned (until proven otherwise) about the possible processor
usage. OTOH, people were concerned about the processor usage for OCR,
Hi,
Richard Hobbs wrote:
Hello,
John D. Hardin wrote:
On Tue, 28 Aug 2007, Richard Hobbs wrote:
Could the size of "bayes_seen" and "bayes_toks" be causing this timeout?
Yes.
If so, what can i do about this?
Disable automatic Bayes expiry and do a manual expiration run, and
allow it to co
John D. Hardin wrote:
On Tue, 28 Aug 2007, Giampaolo Tomassoni wrote:
-Messaggio originale-
Da: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Marc Perkel writes:
Who finds this concept interesting?
SPAM-L. This is OT for this list.
Right, Justin, but I see that threads about general
Hello,
John D. Hardin wrote:
> On Tue, 28 Aug 2007, Richard Hobbs wrote:
>
>> Could the size of "bayes_seen" and "bayes_toks" be causing this timeout?
>
> Yes.
>
>> If so, what can i do about this?
>
> Disable automatic Bayes expiry and do a manual expiration run, and
> allow it to complete.
On Tue, 28 Aug 2007, Giampaolo Tomassoni wrote:
> > -Messaggio originale-
> > Da: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> >
> > Marc Perkel writes:
> > > Who finds this concept interesting?
> >
> > SPAM-L. This is OT for this list.
>
> Right, Justin, but I see that threads about
> -Messaggio originale-
> Da: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
>
>
> Marc Perkel writes:
> > Who finds this concept interesting?
>
> SPAM-L. This is OT for this list.
Right, Justin, but I see that threads about general anti-spam techniques are
tolerated in this list. After a
On Tue, 28 Aug 2007, Richard Hobbs wrote:
> Could the size of "bayes_seen" and "bayes_toks" be causing this timeout?
Yes.
> If so, what can i do about this?
Disable automatic Bayes expiry and do a manual expiration run, and
allow it to complete.
Once that's done you *can* turn automatic expir
> -Messaggio originale-
> Da: Bret Miller [mailto:[EMAIL PROTECTED]
>
> ...omissis...
>
> What happens with computer lingo and things like URLs that aren't
> really
> language? I guess the idea would be to write it and see what such a
> rule
> would hit.
You're probably right. I just don
Hello,
One thing - you were given an excellent advice today on exim list by
Graeme. Why don't you follow it?
Anyway, this is probably your problem:
http://spamassassin.apache.org/advisories/cve-2007-0451.txt Upgrade to
3.1.8 if you can.
On Tue, 28 Aug 2007 15:09:14 +, Richard Hobbs
<[EMAI
> -Original Message-
> From: Marc Perkel [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, August 28, 2007 9:53 AM
> To: users@spamassassin.apache.org
> Subject: And interesting way to detect spambots
>
> I'm doing some interesting experimenting and discovered and
interesting
> way to detect spa
Marc Perkel writes:
> Who finds this concept interesting?
SPAM-L. This is OT for this list.
--j.
Hello,
Michael Parker wrote:
> Richard Hobbs wrote:
>> Hello,
>>
>> Could the size of "bayes_seen" and "bayes_toks" be causing this timeout?
>>
>
> No, those aren't really that big, but it does look like you have an
> expiration problem.
I've heard that this file should be around 10MB on a "stan
> -Messaggio originale-
> Da: Theo Van Dinter [mailto:[EMAIL PROTECTED]
>
> TextCat?
Does it yield the probability for each language? Or it just yields a single
result? (i.e.: language id).
We would need the probability of the text being in any given language. Or,
better, something close
continued
It appears that spam bots do their own DNS caching. That reduces DNS
calls and lets them send more spam over the same low bandwidth
connection. You might have noticed that if you change the MX record for
domain that the old IP is still hit with spam sometimes weeks later. I
th
Richard Hobbs wrote:
> Hello,
>
> Could the size of "bayes_seen" and "bayes_toks" be causing this timeout?
>
No, those aren't really that big, but it does look like you have an
expiration problem.
To solve your immediate problem you could just turn off bayes, that will
get mail flowing again an
I'm doing some interesting experimenting and discovered and interesting
way to detect spam bots. It appears that spam bots cache DNS far longer
than ordinary. And that is detectable.
As you know I use several fake high numbered MX records to fool spam
bots into hitting the back door and going
TextCat?
On Tue, Aug 28, 2007 at 03:49:44PM +0200, Giampaolo Tomassoni wrote:
> Hello everybody!
>
> I'm going to propose you another great idea which will probably radically
> change the spam-detection technics.
>
> No, come one: I'm just kitting. :) I think this "idea" could eventually h
Marc Perkel wrote:
John Rudd wrote:
Loren Wilton wrote:
the last byte of the return is a number from 1-255. This is the hosts
1 means "not only have we never seen ham come from this host, it has
all kinds of danger signals that indicate you shouldn't ever trust
them to do anything useful
Hello,
Could the size of "bayes_seen" and "bayes_toks" be causing this timeout?
==
mail:/home/spamcheck/.spamassassin# ls -l
total 101060
-rw--- 1 spamcheck spamcheck 2637824 2007-08-28 12:42 auto-whitelist
-rw--- 1 sp
John Rudd wrote:
Loren Wilton wrote:
the last byte of the return is a number from 1-255. This is the hosts
1 means "not only have we never seen ham come from this host, it has
all kinds of danger signals that indicate you shouldn't ever trust
them to do anything useful".
You probably re
Marc Perkel wrote:
>
>
> Bret Miller wrote:
>>
>>
>> .
>>
>> OK... but the rules you supplied for SpamAssassin did exactly that--
>> they looked back at all the received headers and X-Original-IP and
>> tested them against the lists. Add a -lastexternal to the set name to
>> get only the la
From: Marc Perkel [mailto:[EMAIL PROTECTED]
Bret Miller wrote:
From: Marc Perkel [mailto:[EMAIL PROTECTED]
Bret Miller wrote:
Bret Miller wrote:
* 127.0.0.1 - whilelist - trusted nonspam
* 127.0.0.2 - blacklist - block spam
*
Latest variation:
Return-path: <[EMAIL PROTECTED]>
Received: from pg-gateway.melwood.org
(pg-gateway.melwood.com [192.168.1.77])
by smtp.melwood.com; Tue, 28 Aug 2007 10:15:59 -0400
Received: from localhost (localhost [127.0.0.1])
by pg-gateway.melwood.org (Postfix) with ES
Loren Wilton wrote:
the last byte of the return is a number from 1-255. This is the hosts
1 means "not only have we never seen ham come from this host, it has
all kinds of danger signals that indicate you shouldn't ever trust
them to do anything useful".
You probably really need one bit so
Bret Miller wrote:
*From:* Marc Perkel [mailto:[EMAIL PROTECTED]
Bret Miller wrote:
Bret Miller wrote:
* 127.0.0.1 - whilelist - trusted nonspam
* 127.0.0.2 - blacklist - block spam
* 127.0.0.3 - yellowlist - mix of spam
and nonspam
From: Marc Perkel [mailto:[EMAIL PROTECTED]
Bret Miller wrote:
Bret Miller wrote:
* 127.0.0.1 - whilelist - trusted nonspam
* 127.0.0.2 - blacklist - block spam
* 127.0.0.3 - yellowlist - mix of spam
and nonspam
Giampaolo Tomassoni wrote:
Hello everybody!
I'm going to propose you another great idea which will probably radically
change the spam-detection technics.
No, come one: I'm just kitting. :) I think this "idea" could eventually help
in better detecting the kind of spam in which some wor
> Is there a way of updating spamassassin automatically to adapt to new
> ways of spamming.
> For instance, when picture spam came I had to install
> fuzzOCR, now with
> PDF and RTF, new modules are required.
> I also heard about rules-du-jour or something, do I always have to
> manually compile, a
> I'm going to propose you another great idea which will
> probably radically change the spam-detection technics.
>
> No, come one: I'm just kitting. :) I think this "idea" could
> eventually help in better detecting the kind of spam in which
> some words are "garbled" in order to deceive
Hi Group,
Is there a way of updating spamassassin automatically to adapt to new
ways of spamming.
For instance, when picture spam came I had to install fuzzOCR, now with
PDF and RTF, new modules are required.
I also heard about rules-du-jour or something, do I always have to
manually compile,
Hello everybody!
I'm going to propose you another great idea which will probably radically
change the spam-detection technics.
No, come one: I'm just kitting. :) I think this "idea" could eventually help
in better detecting the kind of spam in which some words are "garbled" in
order to de
Hi list
I wonder wether it's possible to make works spamassassin with domino
server 7.0.x under linux (redhat el4)
thanks for your helps
Hello,
Mark Martinec wrote:
> Richard,
>
>> To add information to this problem, it appears that spamd does
>> eventually give up after 5 minutes
>
> Capture a message causing touble from a MTA queue,
> and feed it to a command line spamassassin with -t -D options.
I would love to do this, but i
Richard,
> To add information to this problem, it appears that spamd does
> eventually give up after 5 minutes
Capture a message causing touble from a MTA queue,
and feed it to a command line spamassassin with -t -D options.
Mark
Hello,
To add information to this problem, it appears that spamd does
eventually give up after 5 minutes - which then bounces the message back
to the sender stating:
421 SMTP incoming data timeout - message abandoned
Obviously, this cannot keep happening, but i don't know how to stop it...
An
Please use a MUA that indents quotes properly.
On Tuesday 28 August 2007 00:45, Rick Cooper wrote:
> > Forwarded mail isn't send from my server. It is sent from the sender. I am
> > relaying the message and it's not up to me to mangle the from address. The
> > people who I farward to want the from
Hello,
We are running SpamAssassin version 3.1.7-deb running on Perl version
5.8.4 on a Debian Sarge box with exim4.
I am using the following router:
==
sa_router:
no_verify
check_local_user
# When to scan a message :
Hello Spamassassins! ;)
A few weeks ago I had problems with a capacity of my MySQL 5.0.38
server with sa_bayes database stored in MyISAM when it was handling
a lot of SQL queries from my Spamassassin cluster. The only one
solution was to disable using Bayes.
I wrote about my problems here and I h
Marc, you're doing it again. Let me reiterate what I posted to you last
time...
> Speaking in an official capacity as chair of the SpamAssassin PMC -- we
> _generally_ welcome off-topic conversations on the users list. As has
> been noted, some good ideas have come from them, and they're general
Justin Mason wrote:
John Fleming writes:
When I run sa-update, I have recently started to get this error which
terminates the update run:
[17894] dbg: channel: attempting channel updates.spamassassin.org
[17894] dbg: channel: update directory
/var/lib/spamassassin/3.001007/updates_spamassassi
jidanni writes:
> http://joi.ito.com/archives/2007/08/02/my_email_not_good_enough_for_you.html
>
> ...it's because the email is from an Asian ...
> .. get my IP address added to some white-list ...
>
> The comment I wanted to add is:
> That's right, tell them to put me on the
> white-(person-yes
Magnus Holmgren wrote:
> That's precisely "applying SPF without thinking". Anyone who does that
> should be fired, nuked or something worse.
The world is full of incompetent mailserver-admins.
/Per Jessen, Zürich
70 matches
Mail list logo
