On Tue, Aug 14, 2012 at 09:20:26PM -0700, John Evans wrote:
On 2012-08-14 21:13, Kevin A. McGrail wrote:
Here's the output of -D -t on the file. I let it run for about
10 minutes before giving up and killing the process.
Out of interest, can you let it run longer? Say an hour just to see
On Wed, Aug 15, 2012 at 09:31:40AM +0300, Henrik K wrote:
On Tue, Aug 14, 2012 at 09:20:26PM -0700, John Evans wrote:
On 2012-08-14 21:13, Kevin A. McGrail wrote:
Here's the output of -D -t on the file. I let it run for about
10 minutes before giving up and killing the process.
Out of
Upon Kevin's recommendation, I upgraded. Big difference. 'Though there's
a bit of a retuning penalty.
I get quite a few authorize.net notifications on behalf of various
ecommerce clients, and this morning I started seeing scam/spam similar to
the attached. All share a common marker of
On 8/15/2012 11:06 AM, Jim Schueler wrote:
Upon Kevin's recommendation, I upgraded. Big difference. 'Though
there's a bit of a retuning penalty.
Woohoo, I was right! All I did was flip a coin, though ;-)
I get quite a few authorize.net http://authorize.net notifications
on behalf of various
On 2012-08-14 21:20, John Evans wrote:
On 2012-08-14 21:13, Kevin A. McGrail wrote:
Here's the output of -D -t on the file. I let it run for about 10
minutes before giving up and killing the process.
Out of interest, can you let it run longer? Say an hour just to see
if does finish
On 2012-08-14 23:34, Henrik K wrote:
On Wed, Aug 15, 2012 at 09:31:40AM +0300, Henrik K wrote:
On Tue, Aug 14, 2012 at 09:20:26PM -0700, John Evans wrote:
On 2012-08-14 21:13, Kevin A. McGrail wrote:
Here's the output of -D -t on the file. I let it run for about
10 minutes before giving up
On 8/15/2012 11:11 AM, John Evans wrote:
On 2012-08-14 21:20, John Evans wrote:
On 2012-08-14 21:13, Kevin A. McGrail wrote:
Here's the output of -D -t on the file. I let it run for about 10
minutes before giving up and killing the process.
Out of interest, can you let it run longer? Say an
On Wed, Aug 15, 2012 at 11:14:58AM -0400, Kevin A. McGrail wrote:
Henrik, why don't you think the timeout hit?
Probably because regexps hanging and it's impossible to timeout them.
Is there such a rule? Can I write one (I consider myself a bit of a Perl
wonk)?
I understand that there are few, if any, markers that definitively define
spam; and that's the beauty of the SpamAssassin architecture.
-Jim
On Wed, 15 Aug 2012, Kevin A. McGrail wrote:
On 8/15/2012 11:06
On Wed, 15 Aug 2012, Jim Schueler wrote:
Is there such a rule?
No, not at present.
Can I write one (I consider myself a bit of a Perl wonk)?
Sure. Post it here and one of the rule committers can add it to their
sandbox for testing against the masscheck corpora.
The problem with what
On 8/15/2012 11:35 AM, John Hardin wrote:
On Wed, 15 Aug 2012, Jim Schueler wrote:
Is there such a rule?
No, not at present.
Can I write one (I consider myself a bit of a Perl wonk)?
Sure. Post it here and one of the rule committers can add it to their
sandbox for testing against the
On 08/15/2012 06:01 PM, Kevin A. McGrail wrote:
On 8/15/2012 11:35 AM, John Hardin wrote:
On Wed, 15 Aug 2012, Jim Schueler wrote:
Is there such a rule?
No, not at present.
Can I write one (I consider myself a bit of a Perl wonk)?
Sure. Post it here and one of the rule committers can
On Wed, 15 Aug 2012, Kevin A. McGrail wrote:
On 8/15/2012 11:35 AM, John Hardin wrote:
On Wed, 15 Aug 2012, Jim Schueler wrote:
Is there such a rule?
No, not at present.
Can I write one (I consider myself a bit of a Perl wonk)?
Sure. Post it here and one of the rule committers can
On 08/15/2012 06:09 PM, John Hardin wrote:
On Wed, 15 Aug 2012, Kevin A. McGrail wrote:
On 8/15/2012 11:35 AM, John Hardin wrote:
On Wed, 15 Aug 2012, Jim Schueler wrote:
Is there such a rule?
No, not at present.
Can I write one (I consider myself a bit of a Perl wonk)?
Sure. Post
Okay, let me modify my suggestion, then: if you can detect where the
displayed text for a link is a URL, and the domain name in that URL
does not match the domain name in the href, then it might be useful.
Does that seem more possible?
Nope. Just look at millions of things sent by
Somewhat OT, but I'm getting SPF fail on all the bogus authorize.net
spams I've seen. That should be enough to whack 'em.
Regards,
David.
On 08/15, Jim Schueler wrote:
the attached. �All share a common marker of embedding a text url within an
HTML a tag containing a different URL. �This seems like an obvious
marker for spam, I wonder why there isn't a rule for it.
There is a rule. It hits 10x as much non-spam as spam:
On 8/15/2012 11:24 AM, Henrik K wrote:
On Wed, Aug 15, 2012 at 11:14:58AM -0400, Kevin A. McGrail wrote:
Henrik, why don't you think the timeout hit?
Probably because regexps hanging and it's impossible to timeout them.
On 8/15/2012 12:57 PM, dar...@chaosreigns.com wrote:
On 08/15, Jim Schueler wrote:
the attached. �All share a common marker of embedding a text url within an
HTML a tag containing a different URL. �This seems like an obvious
marker for spam, I wonder why there isn't a rule for it.
Hello,
Some 99% of the spam that I receive, which is grossly spammy (we're
talking auto loans, cash advances, dink pills, the whole lot) contains
BAYES_00=-1.9 in the tests portion of the X-Spam-Status header.
Might anyone know why? This is a stock installation (Ubuntu package on
10.04).
15.08.2012 20:36, Ben Johnson kirjoitti:
Hello,
Some 99% of the spam that I receive, which is grossly spammy (we're
talking auto loans, cash advances, dink pills, the whole lot) contains
BAYES_00=-1.9 in the tests portion of the X-Spam-Status header.
Might anyone know why? This is a stock
On Wed, 15 Aug 2012, Ben Johnson wrote:
Some 99% of the spam that I receive, which is grossly spammy (we're
talking auto loans, cash advances, dink pills, the whole lot) contains
BAYES_00=-1.9 in the tests portion of the X-Spam-Status header.
Might anyone know why?
Poor training.
Apart from
On Wed, 15 Aug 2012, Jari Fredriksson wrote:
15.08.2012 20:36, Ben Johnson kirjoitti:
While I have not trained the Bayesian filter manually to date, how is it
that the spammiest of the spam is being classified with BAYES_00
(thereby receiving the score -1.9)? Doesn't BAYES_00 imply that the
From: Ben Johnson b...@indietorrent.org
Date: Wed, 15 Aug 2012 13:36:08 -0400
Some 99% of the spam that I receive, which is grossly spammy (we're
talking auto loans, cash advances, dink pills, the whole lot) contains
BAYES_00=-1.9 in the tests portion of the X-Spam-Status
On 8/15/2012 2:24 PM, John Hardin wrote:
On Wed, 15 Aug 2012, Ben Johnson wrote:
Some 99% of the spam that I receive, which is grossly spammy (we're
talking auto loans, cash advances, dink pills, the whole lot) contains
BAYES_00=-1.9 in the tests portion of the X-Spam-Status header.
Might
On Tue, Aug 14, 2012 at 8:19 PM, David F. Skoll d...@roaringpenguin.com wrote:
On Tue, 14 Aug 2012 20:01:13 -0700
Ori Bani orib...@gmail.com wrote:
There are a few changes we want to make to our outgoing email headers,
including to the Received headers that our MTA adds. I know that some
I have messages marked as such:
RDNS_NONE Delivered to internal network by a host with no rDNS
Problem is they very clearly have reverse and matching forward DNS
that Exim even agrees on. Why is SA tagging them as such?
On 08/15, Ori Bani wrote:
I tried to intentionally make a terribly wrong Received to see if SA
would give me a rule hit but it did not. Is there a rule for this? If
so, how can I turn it on and off?
I don't think there is actually a rule for unparsable headers. I think it
effectively just
On 08/15, Matt wrote:
I have messages marked as such:
RDNS_NONE Delivered to internal network by a host with no rDNS
Problem is they very clearly have reverse and matching forward DNS
that Exim even agrees on. Why is SA tagging them as such?
I wonder how much this is related to the other
On Wed, 15 Aug 2012, Ben Johnson wrote:
On 8/15/2012 2:24 PM, John Hardin wrote:
On Wed, 15 Aug 2012, Ben Johnson wrote:
Some 99% of the spam that I receive, which is grossly spammy (we're
talking auto loans, cash advances, dink pills, the whole lot) contains
BAYES_00=-1.9 in the tests
John Hardin wrote:
I wasn't aware that autolearning could do a cold-start of Bayes, can
anyone confirm whether this is the case?
If you let it run long enough to pass the 200/200 ham/spam thresholds,
yes; there's no distinction I've ever met about where the learning came
from.
That said, I
On 8/15/2012 4:19 PM, Kris Deugau wrote:
John Hardin wrote:
I wasn't aware that autolearning could do a cold-start of Bayes, can
anyone confirm whether this is the case?
If you let it run long enough to pass the 200/200 ham/spam thresholds,
yes; there's no distinction I've ever met about
On Wed, 15 Aug 2012, Kris Deugau wrote:
John Hardin wrote:
I wasn't aware that autolearning could do a cold-start of Bayes, can
anyone confirm whether this is the case?
If you let it run long enough to pass the 200/200 ham/spam thresholds,
yes; there's no distinction I've ever met about
On 8/15/2012 5:00 PM, John Hardin wrote:
Right. It might be prudent to review the defaults before the next
major release.
I wonder if we shouldn't disable auto-learning by default (assuming it's
on by default)...
Bayes should really be trained.
On Wed, 15 Aug 2012, Kevin A. McGrail wrote:
On 8/15/2012 5:00 PM, John Hardin wrote:
Right. It might be prudent to review the defaults before the next major
release.
I wonder if we shouldn't disable auto-learning by default (assuming it's on
by default)...
It is.
Bayes should
On Wed, 15 Aug 2012, John Hardin wrote:
I might not go so far as to say autolearn should be disabled by default,
as it is a major good if well trained;
Sorry, poor wording, I meant to say as _Bayes_ is a major good if well
trained.
--
John Hardin KA7OHZ
On 8/15/2012 5:18 PM, John Hardin
wrote:
On Wed, 15 Aug 2012, Kevin A. McGrail wrote:
On 8/15/2012 5:00 PM, John Hardin wrote:
Right. It might be prudent to review the defaults before the
next major
Dumb question:
How can I set the autolearn thresholds?
On Aug 15, 2012, at 15 2:18 PM, John Hardin jhar...@impsec.org wrote:
Setting the ham default threshold to -3 or even -5 seems prudent (_much_
better than the current 0.1)
On 08/15/2012 11:28 PM, JP Kelly wrote:
Dumb question:
How can I set the autolearn thresholds?
On Aug 15, 2012, at 15 2:18 PM, John Hardin jhar...@impsec.org wrote:
Setting the ham default threshold to -3 or even -5 seems prudent (_much_ better
than the current 0.1)
In local.cf
On 8/15/2012 5:28 PM, JP Kelly wrote:
Dumb question:
How can I set the autolearn thresholds?
perldoc Mail::SpamAssassin::Plugin::AutoLearnThreshold
bayes_auto_learn_threshold_nonspam n.nn (default: 0.1)
The score threshold below which a mail has to score, to be
fed into
On Wed, 15 Aug 2012 17:05:00 -0400
Kevin A. McGrail wrote:
On 8/15/2012 5:00 PM, John Hardin wrote:
Right. It might be prudent to review the defaults before the next
major release.
I wonder if we shouldn't disable auto-learning by default (assuming
it's on by default)...
Bayes
On 2012-08-15 10:15, Kevin A. McGrail wrote:
On 8/15/2012 11:24 AM, Henrik K wrote:
On Wed, Aug 15, 2012 at 11:14:58AM -0400, Kevin A. McGrail wrote:
Henrik, why don't you think the timeout hit?
Probably because regexps hanging and it's impossible to timeout
them.
Interesting. OK. I look
On Wed, 15 Aug 2012, Kevin A. McGrail wrote:
On 8/15/2012 5:18 PM, John Hardin wrote:
I might not go so far as to say autolearn should be disabled by default,
as it is a major good if well trained; but setting the defaults extreme
enough that it is reliably, if slowly, initially trained
On Wed, 15 Aug 2012, John Evans wrote:
On 2012-08-15 10:15, Kevin A. McGrail wrote:
On 8/15/2012 11:24 AM, Henrik K wrote:
On Wed, Aug 15, 2012 at 11:14:58AM -0400, Kevin A. McGrail wrote:
Henrik, why don't you think the timeout hit?
Probably because regexps hanging and it's
Hello all,
wondering if there could be a rule where the email that is delivered from
the server could be checked the FROM that the domain exist on the server,
Is it possible?
What I am looking is to block any email that is send from my server that is
not using any of the domain accounts that
On Wed, 15 Aug 2012, Sergio wrote:
Hello all,
wondering if there could be a rule where the email that is delivered from
the server could be checked the FROM that the domain exist on the server,
Is it possible?
What I am looking is to block any email that is send from my server that is
not
On Wed, 15 Aug 2012, Sergio wrote:
Hello all,
wondering if there could be a rule where the email that is delivered from the
server could be checked the FROM that the domain exist on the server, Is it
possible?
What I am looking is to block any email that is send from my server that is not
47 matches
Mail list logo