Jeremy Davila wrote on Wed, 28 Jan 2009 16:27:17 -0500:
Is there any SA reporting feature to analyze scores and etc. ?
Can you rephrase that so one actually understands it? If you are asking
about adding scores to the message headers. Yes, this is possible.
see
Andy Dorman wrote on Wed, 28 Jan 2009 11:03:01 -0600:
We were just hoping someone else in this group would have run into this
situation and have a suggestion, given how ubiquitous webmail is these days.
If
not, we will keep pounding at it.
Well, the easiest and fastest solution is to go
On 28.01.09 11:31, Rops wrote:
Thanks for all your replies. That is exactly, what I wanted to know.
Locally global ISP's don't have much of competition and can afford
themselves providing a bad service and no customer support at all.
I would like to be able to undersand spam filtering
On 28.01.09 22:36, RW wrote:
I just pass it though dspam and then score like this:
header DS_HAM X-DSPAM-Result =~ /^(Innocent|Whitelisted)/
header DS_SPAM X-DSPAM-Result =~ /^Spam/
meta DS_HAM_FULL DS_HAM (BAYES_00 || BAYES_05)
scoreDS_HAM-2.5
score
On 29.01.09 03:23, RW wrote:
I meant have Bayes learn from the DSPAM header rules that I quoted.
What does the plugin actually do that simply piping mail though DSPAM
before SA doesn't?
you want SA BAYES filter to learn from what will DSPAM filter tell it?
You can do that with
Rw wrote on Thu, 29 Jan 2009 03:23:47 +:
However, thinking about it a bit more, I think that the only real
problem is that ham that scores between 0.1 and 5.0
wont be learned as ham, and I can fix that by moving the autolearn
threshold to up to 4.9.
Eek! No, this is wrong
Rops schrieb:
Hi Robert,
Thanks for your reply.
As I am not a server admin myself, I don't have access to any filter
settings.
Also in global servers, there isn't any admin available to talk or complain
about problems :-(
thats your problem, change your email provider
But it looks
is is EVER acceptable to have an empty style tag?
(appears that anything inside an empty style/style is not displayed.
see more and more of this in spam. can deal with this with a raw body
check, but how about adding it to the official SA html checks?
body
On 28-Jan-2009, at 14:43, Karsten Bräckelmann wrote:
On Wed, 2009-01-28 at 13:43 -0700, LuKreme wrote:
On 28-Jan-2009, at 10:09, John Hardin wrote:
You shouldn't have to. I don't. I run sa-learn across mbox training
corpa every day. You *do* need to use the correct command-line
option to
On 28-Jan-2009, at 05:33, Rops wrote:
I'm an end user trying to figure out, why too many messages arrive
erratically stamped as spam.
Please could anyone explain, why the normally looking ordinary daily
business mail was classified as Spam?
Sure. Your system has a OCR scan of images (Optical
On 28-Jan-2009, at 10:03, Andy Dorman wrote:
Received: by beatrice.ironicdesign.com (Postfix, from userid 112) id
E92BC148C16A; Fri, 23 Jan 2009 16:03:43 -0600 (CST)
Received: from rbn1s-216-180-93-118.adsl.hiwaay.net
(rbn1s-216-180-93-118.adsl.hiwaay.net [216.180.93.118]) by
Karsten Bräckelmann wrote:
On Wed, 2009-01-28 at 16:55 -0500, Bowie Bailey wrote:
Yet Another Ninja wrote:
On 1/28/2009 10:22 PM, Bowie Bailey wrote:
90_2tld.cf.sare.sa-update.dostech.net (from SARE)
I haven't seen this rule set before. Is there any information
out there
On Tue, 27 Jan 2009 21:51:13 +, Nigel Frankcom
ni...@blue-canoe.com wrote:
Hi All,
Is there are central point for links or dissemination of 'best
practice' rules?
I freely admit this is my 1st port of call.
I'm wondering if there is a simple (i.e works for a muppet like me)
page that lists
Michael Scheidell wrote on Thu, 29 Jan 2009 07:21:32 -0500:
is is EVER acceptable to have an empty style tag?
it's not valid HTML but what mail client does send valid HTML?
(appears that anything inside an empty style/style
is not displayed.
same goes for a style tag with type.
body
LuKreme wrote on Thu, 29 Jan 2009 05:57:09 -0700:
Received: from 67.164.162.51
(SquirrelMail authenticated user kreme)
by webmail.covisp.net with HTTP;
Thu, 29 Jan 2009 07:51:13 -0500 (EST)
I don't hit botnet...
but that might be because of the authenticated
maybe its just me, but was there really an issue with out of office
messages?
(except in this mailing list :-)
aside from missing an outbound relay or two, all my 'fps' on vbounce
seems to be out of office messages
some REAL ooo messages, some just a casual part of the email, something
like
On Thu, 2009-01-29 at 15:31 +0100, Kai Schaetzl wrote:
Michael Scheidell wrote on Thu, 29 Jan 2009 07:21:32 -0500:
If it doesn't display what is it good for? Faking bayes?
No, obfuscating the actual display:
Buy Vistylesdfghjnkrdfbn/styleAgstyleghbfghfgh/stylera!
--
Daniel J McDonald, CCIE
On Thu, 2009-01-29 at 07:21 -0500, Michael Scheidell wrote:
is is EVER acceptable to have an empty style tag?
(appears that anything inside an empty style/style is not
displayed.
see more and more of this in spam. can deal with this with a raw body
check, but how about adding it to the
It hist an awful lot of ham here.
Cheers,
Phil
--
Phil Randal | Networks Engineer
Herefordshire Council | Deputy Chief Executive's Office | I.C.T.
Services Division
Thorn Office Centre, Rotherwas, Hereford, HR2 6JT
Tel: 01432 260160
email: pran...@herefordshire.gov.uk
Any opinion
On Thu, 2009-01-29 at 09:47 -0500, Michael Scheidell wrote:
maybe its just me, but was there really an issue with out of office
messages?
(except in this mailing list :-)
etc. I am going to enter a bugzilla to eliminate this rule
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6053
On Thu, 29 Jan 2009, Matus UHLAR - fantomas wrote:
...using FuzzyOCR with score of 5.0 _AND_ changing score of BAYES_00 to
-1 is I'd say WORSE than using something they do not know...
send my (our) greetings to them...
+1. And if you can provide coordinates I'll warm up the anvil array.
--
On Thu, 29 Jan 2009, Michael Scheidell wrote:
(appears that anything inside an empty style/style is not displayed.
see more and more of this in spam. can deal with this with a raw body
check, but how about adding it to the official SA html checks?
For a long time I have had local rules that
Karsten Bräckelmann wrote:
On Thu, 2009-01-29 at 09:47 -0500, Michael Scheidell wrote:
just take out __BOUNCE_OOO_1. its too common in normal emails.
Can't you just overwrite this one in local.cf? :)
yes, if I thought it was a 'local' problem only affecting me... that is
why I
On Thu, 29 Jan 2009, LuKreme wrote:
On 28-Jan-2009, at 14:43, Karsten Bräckelmann wrote:
You still should not have to split the mbox files. :)
True enough.
If sa-learn is mis-behaving on large mbox files for you, it's worth
investigating the cause. And either fix your system or sa-learn,
it might be worth splitting out a new type of bounce rule --
OOO_BOUNCE which matches only OOO messages. if you make a patch I
may consider it ;)
--j.
On Thu, Jan 29, 2009 at 16:38, Michael Scheidell scheid...@secnap.net wrote:
Karsten Bräckelmann wrote:
On Thu, 2009-01-29 at 09:47 -0500,
Dan McDonald wrote on Thu, 29 Jan 2009 08:56:03 -0600:
No, obfuscating the actual display:
Buy Vistylesdfghjnkrdfbn/styleAgstyleghbfghfgh/stylera!
but SA strips all HTML away before content processing, including that
garbage within the style tags. And from Michael's description it doesn't
You are right Kaithat was not clear enought .
I meant a SA log file with history of how much spam we took in for the day
and their scores.
Jeremy Davila
Systems Administrator
Direct: 646-205-2136
The LanguageWorks, Inc.
1123 Broadway, Suite 201
New York, NY 10010
The LanguageWorks,
At least on our generally german e-mails, the following rules very often
cause false positives:
1.6 MY_CID_AND_CLOSING SARE cid and closing
1.5 MY_CID_AND_STYLE SARE cid and style
1.6 MY_CID_ARIAL2_CLOSING SARE cid arial2 closing
1.6 MY_CID_ARIAL_STYLE SARE cid arial2 style
On Thu, 29 Jan 2009, Jeremy Davila wrote:
You are right Kaithat was not clear enought .
I meant a SA log file with history of how much spam we took in for the day
and their scores.
google spamassassin log analysis
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
On Thu, 2009-01-29 at 18:21 +0100, Michael Monnerie wrote:
At least on our generally german e-mails, the following rules very often
cause false positives:
Rings a bell. I believe these have been brought up to FP just a few
weeks ago. The scores aren't particular lightweight, and (from memory)
On Thu, 29 Jan 2009 10:32:05 +0100
Matus UHLAR - fantomas uh...@fantomas.sk wrote:
On 28.01.09 22:36, RW wrote:
I just pass it though dspam and then score like this:
header DS_HAM X-DSPAM-Result =~ /^(Innocent|Whitelisted)/
header DS_SPAM X-DSPAM-Result =~ /^Spam/
meta
Kai Schaetzl wrote:
Dan McDonald wrote on Thu, 29 Jan 2009 08:56:03 -0600:
No, obfuscating the actual display:
Buy Vistylesdfghjnkrdfbn/styleAgstyleghbfghfgh/stylera!
but SA strips all HTML away before content processing, including that
garbage within the style tags. And from Michael's
John Hardin wrote:
Unfortunately they hit often enough on legitimate mail sent by
braindead MUAs (or, more precisely, MUAs with braindead HTML
editors/generators) that they cannot be scored very strongly.
you have LEGIT EMAIL with this in it?
style
--
Michael Scheidell, CTO
Phone:
Michael Scheidell wrote:
John Hardin wrote:
Unfortunately they hit often enough on legitimate mail sent by
braindead MUAs (or, more precisely, MUAs with braindead HTML
editors/generators) that they cannot be scored very strongly.
you have LEGIT EMAIL with this in it?
style
I do too.
On Thu, 29 Jan 2009, Kai Schaetzl wrote:
Andy Dorman wrote on Wed, 28 Jan 2009 11:03:01 -0600:
We were just hoping someone else in this group would have run into this
situation and have a suggestion, given how ubiquitous webmail is these
days. If
not, we will keep pounding at it.
On Thu, Jan 29, 2009 at 08:50:32PM +0100, Per Jessen wrote:
you have LEGIT EMAIL with this in it?
style
I do too. AFAICT, it's Microsoft related.
taking a look at my january corpus, there are a relative lot of hits
for that, including things like STYLE/STYLE. a lot of the mails,
as
On Thu, 29 Jan 2009, Michael Scheidell wrote:
John Hardin wrote:
Unfortunately they hit often enough on legitimate mail sent by braindead
MUAs (or, more precisely, MUAs with braindead HTML editors/generators)
that they cannot be scored very strongly.
you have LEGIT EMAIL with this in it?
Hi Kärsten,
Thanks for you message -
for daily work I'm providing a lot of IT and PC support, including some
network admin tasks.
But about messaging I don't know much, as everyone here obviously has
understood.
The problem with false spam alerts has been since times and now finally
friends
Jeremy Davila wrote on Thu, 29 Jan 2009 12:18:48 -0500:
I meant a SA log file with history of how much spam we took in for the day
and their scores.
This very much depends on the calling program. AFAIK, SA by itself doesn't
log. On that log you could then apply the log analysis program of
At least on our generally german e-mails, the following rules
very often cause false positives:
1.6 MY_CID_AND_CLOSING SARE cid and closing
1.5 MY_CID_AND_STYLE SARE cid and style
1.6 MY_CID_ARIAL2_CLOSING SARE cid arial2 closing
1.6 MY_CID_ARIAL_STYLE SARE cid
On Thu, 2009-01-29 at 22:31 +0100, Kai Schaetzl wrote:
Jeremy Davila wrote on Thu, 29 Jan 2009 12:18:48 -0500:
I meant a SA log file with history of how much spam we took in for the day
and their scores.
This very much depends on the calling program. AFAIK, SA by itself doesn't
log.
A general grasp of how it performs across a diverse range of
email can be gotten from the STATISTICS-set*.txt files
included in the tarball.
Look in the rules directory.
The file contains the mass-check results that were used in
score generation. Generally the best numbers to
fairly easy. run one week with default settings and one week
with skip_rbl_checks 1. Then compare.
In general, these rules will provide hits if you don't use
RBLs at MTA level. If you use RBLs to reject at MTA level
they won't hit much.
Kai
--
Kai Schätzl, Berlin, Germany
--On Thursday, January 29, 2009 8:34 AM -0800 John Hardin
jhar...@impsec.org wrote:
For a long time I have had local rules that score on empty STYLE, FONT,
STRONG, SPAN and A tags, and strings of adjacent FONT tags.
Unfortunately they hit often enough on legitimate mail sent by braindead
MUAs
On Thu, 2009-01-29 at 11:38 -0500, Michael Scheidell wrote:
Karsten Bräckelmann wrote:
On Thu, 2009-01-29 at 09:47 -0500, Michael Scheidell wrote:
just take out __BOUNCE_OOO_1. its too common in normal emails.
Can't you just overwrite this one in local.cf? :)
yes, if I thought
On Thursday 29 January 2009 18:21, Michael Monnerie wrote:
At least on our generally german e-mails, the following rules very often
cause false positives:
1.6 MY_CID_AND_CLOSING SARE cid and closing
1.5 MY_CID_AND_STYLE SARE cid and style
1.6 MY_CID_ARIAL2_CLOSING SARE cid
--On Thursday, January 29, 2009 2:09 PM -0500 Michael Scheidell
scheid...@secnap.net wrote:
John Hardin wrote:
Unfortunately they hit often enough on legitimate mail sent by braindead
MUAs (or, more precisely, MUAs with braindead HTML editors/generators)
that they cannot be scored very
On the subject of style vs style type=text/css
*Technically* the TYPE attribute is required in HTML 4, but in practice,
no one really uses anything other than CSS, and most browsers will
assume it.
The current draft of HTML 5 recognizes this, and makes TYPE explicitly
optional for STYLE,
2009/1/30 Stefan Jakobs stefan.jak...@rus.uni-stuttgart.de
After activating the rule I haven't seen any more FP. But that doesn't mean
much. Here are my stats from yesterday:
Rank Hits% Msgs % Spam% Ham Score Rule
-- --- -
49 matches
Mail list logo