On 09.06.14 05:49, Karsten Bräckelmann wrote:
Found the culprit after some digging. Bug 6915 [1], revision 1453407. As
a band-aid, the following trivial one-line patch fixes it. Can easily be
applied manually.
can that by any chance fix problem with Date: in mail received by SSL ?
That one
As far as I found out SpamAssassin calculates the spam score and puts the value
into the email header.
What is the maximum range of the score?
-10,,+10
or other?
Is there a statistic for an average email account how much emails get which
score?
In other words is there something like a
I have a few messages that have been incorrectly tagged because the
sender
used their yahoo address as the sender, but used a mass mailer (
contactbeacon.com) to send their newsletter for them. Apparently this is
enough for it to hit FORGED_YAHOO_RCVD and L_UNVERIFIED_YAHOO, causing it
to be
On 09.06.14 09:47, Ben Stover wrote:
As far as I found out SpamAssassin calculates the spam score and puts the
value into the email header.
What is the maximum range of the score?
-10,,+10
I don't think it has limits. Maybe just limist for integer.
--
Matus UHLAR - fantomas,
On Monday 09 June 2014 at 09:50, Matus UHLAR - fantomas wrote:
On 09.06.14 09:47, Ben Stover wrote:
As far as I found out SpamAssassin calculates the spam score and puts the
value into the email header.
What is the maximum range of the score?
-10,,+10
I don't think it has limits.
On Mon, 2014-06-09 at 05:49 +0200, Karsten Bräckelmann wrote:
On Sun, 2014-06-08 at 20:56 -0500, Chris wrote:
In my etc/mail/spamassassin/local.cf I have the above line. I just
For completeness: That add_header option does work, although there are
actually exactly 3 arguments.
On 06/07/2014 03:55 PM, Matus UHLAR - fantomas wrote:
On 06.06.14 18:06, Daniele Paoni wrote:
I deleted the bayes database and trained it using real spamham
I would not clear the BAYES DB so fast. Even BAYES_00 spam can become
BAYES_99 after a few properly trained samples.
OK, I will keep
On 6/7/2014 3:31 AM, David B Funk wrote:
This does require
some baby-sitting as it will get traffic that is the results of a real
human
fat-fingering a legit recipient.
Perhaps use just subdomains then? Such as
venusflyt...@invalid.uiowa.edu to eliminate the risk of legit
fat-fingered
On 6/8/2014 10:49 PM, Alex wrote:
I have a few messages that have been incorrectly tagged because the
sender used their yahoo address as the sender, but used a mass mailer
(contactbeacon.com http://contactbeacon.com) to send their
newsletter for them. Apparently this is enough for it to hit
On 6/9/2014 3:47 AM, Ben Stover wrote:
As far as I found out SpamAssassin calculates the spam score and puts the value
into the email header.
What is the maximum range of the score?
-10,,+10
or other?
There are no limits on the score. The higher the score, the more likely
the email
On 6/9/2014 11:34 AM, Bowie Bailey wrote:
On 6/9/2014 3:47 AM, Ben Stover wrote:
As far as I found out SpamAssassin calculates the spam score and puts
the value into the email header.
What is the maximum range of the score?
-10,,+10
or other?
There are no limits on the score. The
I have been tracking this for about 2 weeks now myself.
Comparing my list of new domains, shows that DOB seems to pick them up
after they are 2 days old.
I also tried to compair my list to fresh.spameatingmonkey.net, but
none of my domains in the 0-5days old would get a match for com/net
On Mon, 2014-06-09 at 11:34 -0400, Bowie Bailey wrote:
In other words is there something like a gaussian distribution
graphic visualisation?
That would be different on every server depending on what type of spam
and ham you see and which rule sets you are running. I graphed mine out
of
On 6/9/2014 1:23 PM, Patrick Domack wrote:
I have been tracking this for about 2 weeks now myself.
Comparing my list of new domains, shows that DOB seems to pick them up
after they are 2 days old.
I also tried to compair my list to fresh.spameatingmonkey.net, but
none of my domains in the
Quoting Kevin A. McGrail kmcgr...@pccc.com:
On 6/9/2014 1:23 PM, Patrick Domack wrote:
I have been tracking this for about 2 weeks now myself.
Comparing my list of new domains, shows that DOB seems to pick them
up after they are 2 days old.
I also tried to compair my list to
On Mon, 9 Jun 2014, Kevin A. McGrail wrote:
On 6/9/2014 1:23 PM, Patrick Domack wrote:
Comparing my list of new domains, shows that DOB seems to pick them up
after they are 2 days old.
I wonder how we can use DNS, an RBL and distributed lookups to get the age of
domains AND share the
On 6/9/2014 2:24 PM, Patrick Domack wrote:
Quoting Kevin A. McGrail kmcgr...@pccc.com:
On 6/9/2014 1:23 PM, Patrick Domack wrote:
I have been tracking this for about 2 weeks now myself.
Comparing my list of new domains, shows that DOB seems to pick them
up after they are 2 days old.
I
On Mon, 09 Jun 2014 14:24:19 -0400
Patrick Domack patric...@patrickdk.com wrote:
That could be easily done. Only issue is, if you trust the
distributed lookups to have accurate infomation.
I suppose we could build in a trust system, where if enough
distributed clients upload the same info,
On 6/9/2014 2:33 PM, John Hardin wrote:
On Mon, 9 Jun 2014, Kevin A. McGrail wrote:
On 6/9/2014 1:23 PM, Patrick Domack wrote:
Comparing my list of new domains, shows that DOB seems to pick them up
after they are 2 days old.
I wonder how we can use DNS, an RBL and distributed lookups to
On 6/9/2014 2:38 PM, David F. Skoll wrote:
On Mon, 09 Jun 2014 14:24:19 -0400
Patrick Domack patric...@patrickdk.com wrote:
That could be easily done. Only issue is, if you trust the
distributed lookups to have accurate infomation.
I suppose we could build in a trust system, where if enough
On Mon, 9 Jun 2014, Kevin A. McGrail wrote:
On 6/9/2014 2:33 PM, John Hardin wrote:
On Mon, 9 Jun 2014, Kevin A. McGrail wrote:
On 6/9/2014 1:23 PM, Patrick Domack wrote:
Comparing my list of new domains, shows that DOB seems to pick
them up after they are 2 days old.
I wonder
On Mon, 9 Jun 2014, Kevin A. McGrail wrote:
So there is merit in building a distributed look-up system using SA.
Distributed lookup of *what*, though? Can you clarify that part of your
idea? Are you referring to distributed whois queries for a domain name, to
determine its age?
--
John
Quoting Kevin A. McGrail kmcgr...@pccc.com:
On 6/9/2014 2:24 PM, Patrick Domack wrote:
Quoting Kevin A. McGrail kmcgr...@pccc.com:
On 6/9/2014 1:23 PM, Patrick Domack wrote:
I have been tracking this for about 2 weeks now myself.
Comparing my list of new domains, shows that DOB seems to
On Mon, Jun 9, 2014 at 2:39 PM, Kevin A. McGrail kmcgr...@pccc.com wrote:
On 6/9/2014 2:33 PM, John Hardin wrote:
On Mon, 9 Jun 2014, Kevin A. McGrail wrote:
On 6/9/2014 1:23 PM, Patrick Domack wrote:
Comparing my list of new domains, shows that DOB seems to pick them up
after they are
On 06/09/2014 08:39 PM, Kevin A. McGrail wrote:
On 6/9/2014 2:33 PM, John Hardin wrote:
On Mon, 9 Jun 2014, Kevin A. McGrail wrote:
On 6/9/2014 1:23 PM, Patrick Domack wrote:
Comparing my list of new domains, shows that DOB seems to pick them up
after they are 2 days old.
I wonder how we
Domain age is a good metric to factor in. But I'm always fascinated with
some people's desire to block all messages with extremely new domains.
(NOT saying that this applies to everyone who posted on this thread!)
Keep in mind that many large and famous businesses... who have fairly
good mail
On Mon, 9 Jun 2014 11:51:21 -0700 (PDT)
John Hardin jhar...@impsec.org wrote:
So there is merit in building a distributed look-up system using SA.
Distributed lookup of *what*, though? Can you clarify that part of
your idea? Are you referring to distributed whois queries for a
domain name,
On 6/9/2014 2:51 PM, John Hardin wrote:
On Mon, 9 Jun 2014, Kevin A. McGrail wrote:
So there is merit in building a distributed look-up system using SA.
Distributed lookup of *what*, though? Can you clarify that part of
your idea? Are you referring to distributed whois queries for a domain
On 6/9/2014 3:02 PM, Rob McEwen wrote:
Domain age is a good metric to factor in. But I'm always fascinated with
some people's desire to block all messages with extremely new domains.
(NOT saying that this applies to everyone who posted on this thread!)
Keep in mind that many large and famous
Quoting David F. Skoll d...@roaringpenguin.com:
On Mon, 9 Jun 2014 11:51:21 -0700 (PDT)
John Hardin jhar...@impsec.org wrote:
So there is merit in building a distributed look-up system using SA.
Distributed lookup of *what*, though? Can you clarify that part of
your idea? Are you
On Mon, 9 Jun 2014, David F. Skoll wrote:
On Mon, 9 Jun 2014 11:51:21 -0700 (PDT)
John Hardin jhar...@impsec.org wrote:
So there is merit in building a distributed look-up system using SA.
Distributed lookup of *what*, though? Can you clarify that part of
your idea? Are you referring to
On Mon, 09 Jun 2014 15:24:29 -0400
Patrick Domack patric...@patrickdk.com wrote:
The point was, I have already done this, and have it in production.
I did this cause this subject keeps coming up from time to time, and
I was personally interested to see the results of it.
Interesting. If you
On 6/9/2014 3:24 PM, Patrick Domack wrote:
The point was, I have already done this, and have it in production. I
did this cause this subject keeps coming up from time to time, and I
was personally interested to see the results of it.
And I do agree with Rob McEwen on many points. And I would
If SEM was able to detect newly registered domains more quickly then that would
solve the problem.
From: John Hardin jhar...@impsec.org
Sent: Monday, June 09, 2014 2:24 PM
To: users@spamassassin.apache.org
Subject: Re: Domain ages (was Re: SPAM from a
On Mon, 9 Jun 2014, Kevin A. McGrail wrote:
On 6/9/2014 2:51 PM, John Hardin wrote:
On Mon, 9 Jun 2014, Kevin A. McGrail wrote:
So there is merit in building a distributed look-up system using SA.
Distributed lookup of *what*, though? Can you clarify that part of your
idea? Are you
On 6/9/2014 3:33 PM, John Hardin wrote:
On Mon, 9 Jun 2014, Kevin A. McGrail wrote:
On 6/9/2014 2:51 PM, John Hardin wrote:
On Mon, 9 Jun 2014, Kevin A. McGrail wrote:
So there is merit in building a distributed look-up system using SA.
Distributed lookup of *what*, though? Can you
On 6/9/2014 3:31 PM, David Jones wrote:
If SEM was able to detect newly registered domains more quickly then that would
solve the problem.
That is the crux of the issue, yes. So how do you identify new domains
if the registrars/registries won't give you the data? That's the problem
my idea
On Mon, 9 Jun 2014, David Jones wrote:
If SEM was able to detect newly registered domains more quickly then
that would solve the problem.
Oh, agreed.
The problem is, a registrar feed of registration changes costs a lot, and
this is a free project.
That's why I suggested trying to develop
On 06/09/2014 09:38 PM, Kevin A. McGrail wrote:
That is the crux of the issue, yes. So how do you identify new domains
if the registrars/registries won't give you the data? That's the problem
my idea solves by monitoring newly seen domains with the idea being that
spammers are not going to buy
On Mon, Jun 9, 2014 at 8:43 PM, Kevin A. McGrail kmcgr...@pccc.com wrote:
I think the core issue is that age of domains is a good indicator of spam.
So there is merit in building a distributed look-up system using SA.
I have more ideas than resources, of course...
I repeat my question:
On 6/9/2014 4:25 PM, Matthias Leisi wrote:
On Mon, Jun 9, 2014 at 8:43 PM, Kevin A. McGrail kmcgr...@pccc.com
mailto:kmcgr...@pccc.com wrote:
I think the core issue is that age of domains is a good indicator
of spam. So there is merit in building a distributed look-up
system
On Mon, Jun 9, 2014 at 9:11 PM, David F. Skoll d...@roaringpenguin.com
wrote:
The clever part is that once lots of sites begin using this in their
SA setups, we'll very quickly build up quite an accurate database of
newly-seen domains that's completely independent of any registrar for
a data
Quoting Matthias Leisi matth...@leisi.net:
On Mon, Jun 9, 2014 at 8:43 PM, Kevin A. McGrail kmcgr...@pccc.com wrote:
I think the core issue is that age of domains is a good indicator of spam.
So there is merit in building a distributed look-up system using SA.
I have more ideas than
On 06/09/2014 10:32 PM, Patrick Domack wrote:
Quoting Matthias Leisi matth...@leisi.net:
On Mon, Jun 9, 2014 at 8:43 PM, Kevin A. McGrail kmcgr...@pccc.com
wrote:
I think the core issue is that age of domains is a good indicator of
spam.
So there is merit in building a distributed look-up
On Mon, 9 Jun 2014 22:31:55 +0200
Matthias Leisi matth...@leisi.net wrote:
*But*, again: which domains would be queried for such a list?
I think MAIL FROM domain.
Regards,
David.
On Mon, June 9, 2014 15:35, Patrick Domack wrote:
I guess what would need to be hammered out, is, the exact info wanted.
We know age, and registrar. Though doing the registrar isn't so
simple, as the same for just ENOM changes between tld, and even within
a single tld (likely from the
On Mon, Jun 9, 2014 at 9:11 PM, David F. Skoll d...@roaringpenguin.com
wrote:
The DNS software that serves the zone newdomain.example.net runs
the following pseudo-code when example.org is looked up:
[..]
So who's volunteering to do this? :)
*raises hand*
I still have an experimental
I’d like to add a plugin (and eventually share it once the bugs are out) that
uses either Net::CIDR::Lite to allow manual entry of IP-based blacklists for
known offending address blocks, or else using the Geo::IP module to blacklist
based on the country or ISP.
It would need to expose parts of
On 06/09/2014 10:46 PM, Philip Prindeville wrote:
I’d like to add a plugin (and eventually share it once the bugs are
out) that uses either Net::CIDR::Lite to allow manual entry of
IP-based blacklists for known offending address blocks, or else using
the Geo::IP module to blacklist based on the
On Jun 6, 2014, at 3:50 PM, Axb axb.li...@gmail.com wrote:
If you have to post a spam sample, pls use pastebin and post the full msg
On 06/06/2014 11:32 PM, Philip Prindeville wrote:
We’re getting a lot of spam that contains URL’s which look like (remove the
):
On 06/09/2014 10:43 PM, James B. Byrne wrote:
On Mon, June 9, 2014 15:35, Patrick Domack wrote:
I guess what would need to be hammered out, is, the exact info wanted.
We know age, and registrar. Though doing the registrar isn't so
simple, as the same for just ENOM changes between tld, and
On 06/09/2014 11:03 PM, Philip Prindeville wrote:
On Jun 6, 2014, at 3:50 PM, Axb axb.li...@gmail.com wrote:
If you have to post a spam sample, pls use pastebin and post the full msg
On 06/06/2014 11:32 PM, Philip Prindeville wrote:
We’re getting a lot of spam that contains URL’s which look
On 06/09/2014 12:29 PM, Kevin A. McGrail wrote:
On 6/9/2014 3:24 PM, Patrick Domack wrote:
The point was, I have already done this, and have it in production. I
did this cause this subject keeps coming up from time to time, and I
was personally interested to see the results of it.
And I do
On Mon, 9 Jun 2014, Axb wrote:
On 06/09/2014 10:46 PM, Philip Prindeville wrote:
I’d like to add a plugin (and eventually share it once the bugs are
out) that uses either Net::CIDR::Lite to allow manual entry of
IP-based blacklists for known offending address blocks, or else using
the
On Mon, Jun 9, 2014 at 11:31 PM, Richard Doyle lists...@islandnetworks.com
wrote:
A caching whois client (jwhois, for example) can significantly reduce
the volume of queries.
You will need to query potentially hundreds or thousands of domains *per
day* - mostly throw away domains from
Quoting Matthias Leisi matth...@leisi.net:
On Mon, Jun 9, 2014 at 11:31 PM, Richard Doyle lists...@islandnetworks.com
wrote:
A caching whois client (jwhois, for example) can significantly reduce
the volume of queries.
You will need to query potentially hundreds or thousands of domains
On Jun 9, 2014, at 3:10 PM, Axb axb.li...@gmail.com wrote:
On 06/09/2014 11:03 PM, Philip Prindeville wrote:
On Jun 6, 2014, at 3:50 PM, Axb axb.li...@gmail.com wrote:
If you have to post a spam sample, pls use pastebin and post the full msg
On 06/06/2014 11:32 PM, Philip Prindeville
On Jun 9, 2014, at 3:36 PM, John Hardin jhar...@impsec.org wrote:
On Mon, 9 Jun 2014, Axb wrote:
On 06/09/2014 10:46 PM, Philip Prindeville wrote:
I’d like to add a plugin (and eventually share it once the bugs are
out) that uses either Net::CIDR::Lite to allow manual entry of
IP-based
On Mon, 9 Jun 2014, Philip Prindeville wrote:
We’re getting a lot of spam that contains URL’s which look like (remove the
):
On 06/09/2014 02:42 PM, Matthias Leisi wrote:
On Mon, Jun 9, 2014 at 11:31 PM, Richard Doyle
lists...@islandnetworks.com mailto:lists...@islandnetworks.com wrote:
A caching whois client (jwhois, for example) can significantly reduce
the volume of queries.
You will need to query
On Mon, 9 Jun 2014, Philip Prindeville wrote:
On Jun 9, 2014, at 3:36 PM, John Hardin jhar...@impsec.org wrote:
On Mon, 9 Jun 2014, Axb wrote:
On 06/09/2014 10:46 PM, Philip Prindeville wrote:
I’d like to add a plugin (and eventually share it once the bugs are
out) that uses either
On Mon, 2014-06-09 at 05:49 +0200, Karsten Bräckelmann wrote:
Found the culprit after some digging. Bug 6915 [1], revision 1453407. As
a band-aid, the following trivial one-line patch fixes it. Can easily be
applied manually.
Since it is kind of way past getting late here, and there may be
On Mon, 2014-06-09 at 09:23 +0200, Matus UHLAR - fantomas wrote:
On 09.06.14 05:49, Karsten Bräckelmann wrote:
Found the culprit after some digging. Bug 6915 [1], revision 1453407. As
a band-aid, the following trivial one-line patch fixes it. Can easily be
applied manually.
can that by
On Jun 9, 2014, at 4:25 PM, John Hardin jhar...@impsec.org wrote:
On Mon, 9 Jun 2014, Philip Prindeville wrote:
On Tue, 2014-06-10 at 02:03 +0200, Karsten Bräckelmann wrote:
On Mon, 2014-06-09 at 09:23 +0200, Matus UHLAR - fantomas wrote:
can that by any chance fix problem with Date: in mail received by SSL ?
That one behaves similarly...
On Mon, 9 Jun 2014, Amir Caspi wrote:
On Jun 9, 2014, at 4:25 PM, John Hardin jhar...@impsec.org wrote:
On Mon, 9 Jun 2014, Philip Prindeville wrote:
On Jun 9, 2014, at 4:25 PM, John Hardin jhar...@impsec.org wrote:
On Mon, 9 Jun 2014, Philip Prindeville wrote:
We’re getting a lot of spam that contains URL’s which look like (remove
the ):
Hi,
is enough for it to hit FORGED_YAHOO_RCVD and L_UNVERIFIED_YAHOO,
causing it to be marked as spam.
Scores of 1.63 and 2.5 respectively, according to your sample. With a
total score of 6.995, it is the latter one pushing it over the 5.0
threshold, not the first one.
Moreover, the
On Jun 9, 2014, at 7:11 PM, David B Funk dbf...@engineering.uiowa.edu wrote:
Just beware of FPs, I've seen some ugly URLs from things like airline
reservation confirmations. (spammers are getting better at stealing
features from legit messages to protect their garbage).
FWIW, I haven't had a
Hi,
On Mon, Jun 9, 2014 at 11:27 AM, Kevin A. McGrail kmcgr...@pccc.com wrote:
On 6/8/2014 10:49 PM, Alex wrote:
I have a few messages that have been incorrectly tagged because the
sender used their yahoo address as the sender, but used a mass mailer (
contactbeacon.com) to send their
Since having to wipe my bayes db I've thought about going back to having
'auto-learn' setup for awhile. It's been so long since I did this I have
a fairly dumb question. Do I need the two below lines to be set and if
so is this the correct setting? Anything here about a score of 5 is
considered
On Mon, 2014-06-09 at 21:40 -0400, Alex wrote:
For amusement, search google for UNVERIFIED_YAHOO (and insist you really
mean it literally with the underscore rather than two words).
This was a set of rules created by Mark back in 2011. Thanks for not
flaming me.
Heh. ;)
Sorry, but I kind
On Mon, 2014-06-09 at 21:40 -0500, Chris wrote:
Since having to wipe my bayes db I've thought about going back to having
'auto-learn' setup for awhile. It's been so long since I did this I have
a fairly dumb question. Do I need the two below lines to be set and if
so is this the correct
Hi,
This was a set of rules created by Mark back in 2011. Thanks for not
flaming me.
Heh. ;)
Sorry, but I kind of expect some due diligence, in particular by long
time and experienced community members. Coming across blatantly obvious
cases of local rules being complained about to
On Tue, 2014-06-10 at 05:13 +0200, Karsten Bräckelmann wrote:
On Mon, 2014-06-09 at 21:40 -0500, Chris wrote:
Since having to wipe my bayes db I've thought about going back to having
'auto-learn' setup for awhile. It's been so long since I did this I have
a fairly dumb question. Do I need
On Jun 7, 2014, at 9:49 PM, Christian Laußat us...@spamassassin.shambhu.info
wrote:
Am 07.06.2014 19:55, schrieb Franck Martin:
As DMARC provide a feedback mechanism to the sender, then it is up to
the sender to deal with these issues, you are just following their
policy, you don’t need to
76 matches
Mail list logo