On 3/27/2015 10:13 PM, David Jones wrote:
The invaluement RBL is not expensive either and it is awesome. We pay
thousands per year for
a Spamhaus feed because of our volume and mailboxes. The invaluement RBL is
only hundreds
per year and it's almost as good as Spamhaus Zen. I have Spamhaus i
Dear list,
i have a system with SpamAssassin 3.4.0 installed. I have installed the
rules provided in Downloads link.
http://apache.bytenet.in//spamassassin/source/Mail-SpamAssassin
-rules-3.4.0.r1565117.tgz
the system is not connected to internet. I need to download the rules
(new) from a syste
>You also may want to look at the Invaluement IP/URI lists.
>(Invaluement.com). Detection rate is real good and FP level is
>extraordinary.
+1. Very happy with invaluement at $DAYJOB.
--
Dave Pooser
Cat-Herder-in-Chief, Pooserville.com
David Jones skrev den 2015-03-28 03:13:
I have Spamhaus in
front of invaluement in
my postfix configuration but I may try flipping the order just to see
if it will start blocking more
than Spamhaus.
with postfix posttscreen one can test all ips on all rbls in same single
smtpd client check, s
On 03/27/2015 03:44 PM, Amir Caspi wrote:
> On Mar 27, 2015, at 3:34 PM, Richard Doyle
> wrote:
>
>> All of these were "From:" domains created today.
> Shouldn't they have been picked up by DOB? Or do I need to manually enable
> some DOB plugin in SA? (If so, please let me know how...) When I
>From: Amir Caspi
>Sent: Friday, March 27, 2015 7:30 PM
>To: RW
>Cc: users@spamassassin.apache.org
>Subject: Re: Uptick in spam
>On Mar 27, 2015, at 6:19 PM, RW wrote:
>> There are deep checks for SBL (via zen) and SPAMCOP. XBL/PBL are
>> last-external only
>Interesting. I wonder why I see t
On Mar 27, 2015, at 6:19 PM, RW wrote:
> There are deep checks for SBL (via zen) and SPAMCOP. XBL/PBL are
> last-external only
Interesting. I wonder why I see those XBL/PBL hits, then. Maybe Zen timed out
on those queries from sendmail... or something. Either way I guess this means
I shoul
On 03/28/2015 12:40 AM, Amir Caspi wrote:
On Mar 27, 2015, at 5:12 PM, Axb wrote:
DOB isn't realtime/zero hour.
That kind of defeats the point, isn't it? I mean, if you wait too
long, it's no longer DOB, it's "few-DOB"...
I would have imagined that a DOB server would operate in a caching
m
On Fri, 27 Mar 2015 17:40:58 -0600
Amir Caspi wrote:
> On Mar 27, 2015, at 5:12 PM, Axb wrote:
>
> > DOB isn't realtime/zero hour.
>
> That kind of defeats the point, isn't it? I mean, if you wait too
> long, it's no longer DOB, it's "few-DOB"...
I think it's 5 days, and the "day-old" bit is
On Mar 27, 2015, at 5:12 PM, Axb wrote:
> DOB isn't realtime/zero hour.
That kind of defeats the point, isn't it? I mean, if you wait too long, it's
no longer DOB, it's "few-DOB"...
I would have imagined that a DOB server would operate in a caching mode where
the first query on a domain woul
On 03/27/2015 11:44 PM, Amir Caspi wrote:
On Mar 27, 2015, at 3:34 PM, Richard Doyle
wrote:
All of these were "From:" domains created today.
Shouldn't they have been picked up by DOB? Or do I need to manually
enable some DOB plugin in SA? (If so, please let me know how...)
When I ran the th
On Mar 27, 2015, at 3:34 PM, Richard Doyle wrote:
> All of these were "From:" domains created today.
Shouldn't they have been picked up by DOB? Or do I need to manually enable
some DOB plugin in SA? (If so, please let me know how...) When I ran the third
spample manually a few hours ago, I s
On Mar 27, 2015, at 2:09 PM, Axb wrote:
> As an AV product I'd recommend Sophos AND ESETS/Nod32.
I'll look into Sophos, I'm not entirely sure if I can deploy it on my system or
not. We have to use RPMs that can be distributed to the virtual hosts, etc...
I'll definitely look into it. Haven't
Hi,
Yes, that's true. But if I'm right, new mails stay in "new" until the
appropriate folder in the IMAP client has been opened, right? I just
assume, if the use has some false negatives in the folder, he will
either immediately delete it or just move it into the Spam folder.
People can have m
On Fri, 27 Mar 2015 20:03:18 +0100
Michael wrote:
> On 27.03.2015 19:09, RW wrote:
> > On Fri, 27 Mar 2015 15:16:13 +
> > "cur" doesn't imply that the mail has been read; for that you
> > need to check the seen flag in the filename, an S somewhere after
> > the colon.
>
> Yes, that's true. B
On 03/27/2015 11:51 AM, Amir Caspi wrote:
> On Mar 27, 2015, at 12:20 PM, Axb wrote:
>
>> - Please post missed spam samples in pastebin.com - do not post samples to
>> mailing lists
> Of course, I would never post it to the list. I will put up a few in
> pastebin but there are so many of them,
On Fri, 27 Mar 2015, Amir Caspi wrote:
On Mar 27, 2015, at 12:56 PM, Matus UHLAR - fantomas wrote:
I see no network checks here... do you use network checks?
On Mar 27, 2015, at 1:11 PM, Kevin A. McGrail wrote:
Are you using network tests? These are scoring pretty high for me.
I presu
On Fri, 27 Mar 2015, Amir Caspi wrote:
On Mar 27, 2015, at 1:38 PM, sha...@shanew.net wrote:
Apologies if this is an overly obvious answer, but are you using any
greylisting? This would (potentially) move your user away from the
"wavefront" of a spam's distribution, and give it a better chanc
On 03/27/2015 08:45 PM, Amir Caspi wrote:
On Mar 27, 2015, at 1:33 PM, Axb wrote:
Are you using Mailscanner? if yes then it's you munging URIS so
they breaking lookups on any hash type as in
Yes, I am using MailScanner. Some URIs are munged, others are not.
For example, you can see in that
On Mar 27, 2015, at 1:38 PM, sha...@shanew.net wrote:
> Apologies if this is an overly obvious answer, but are you using any
> greylisting? This would (potentially) move your user away from the
> "wavefront" of a spam's distribution, and give it a better chance of
> triggering the network-based t
On Mar 27, 2015, at 1:33 PM, Axb wrote:
> Are you using Mailscanner? if yes then it's you munging URIS so they breaking
> lookups on any hash type as in
Yes, I am using MailScanner. Some URIs are munged, others are not. For
example, you can see in that very pastebin you noted that there are
Apologies if this is an overly obvious answer, but are you using any
greylisting? This would (potentially) move your user away from the
"wavefront" of a spam's distribution, and give it a better chance of
triggering the network-based tests.
On Fri, 27 Mar 2015, Amir Caspi wrote:
This is my whol
On 03/27/2015 08:20 PM, Amir Caspi wrote:
On Mar 27, 2015, at 12:56 PM, Matus UHLAR - fantomas
wrote:
I see no network checks here... do you use network checks?
On Mar 27, 2015, at 1:11 PM, Kevin A. McGrail
wrote:
Are you using network tests? These are scoring pretty high for
me.
I pre
On Mar 27, 2015, at 1:20 PM, Axb wrote:
> These three samples are very different in the sense that #1 is a hacked
> site, #2 & #3 are the regular snowshoe.
Of course, I picked three different samples on purpose. But, I have hundreds
that replicate these.
> What I miss in your sample's SA repo
On 03/27/2015 07:51 PM, Amir Caspi wrote:
Here are a few spamples:
http://pastebin.com/3nSLurGv (this scored BAYES_99 but would still
have been FN with BAYES_999) http://pastebin.com/LaKT5ZZK (I have a
rule template for these URIs but recent spams have modified them to
cause high risk of FPs
On Mar 27, 2015, at 12:56 PM, Matus UHLAR - fantomas wrote:
> I see no network checks here... do you use network checks?
On Mar 27, 2015, at 1:11 PM, Kevin A. McGrail wrote:
> Are you using network tests? These are scoring pretty high for me.
I presume you're talking about things like Razor,
On 27.03.2015 19:54, Matus UHLAR - fantomas wrote:
the easiest way is to train on false positives and false negatives.
dovecot imapd has plugin to train when mail is moved from/to spam.
On 27.03.15 20:10, Michael wrote:
My concerns are the following:
Sometimes new kind of spam is appearing. Th
On 3/27/2015 2:51 PM, Amir Caspi wrote:
On Mar 27, 2015, at 12:20 PM, Axb wrote:
- Please post missed spam samples in pastebin.com - do not post samples to
mailing lists
Of course, I would never post it to the list. I will put up a few in pastebin
but there are so many of them, and there a
On 27.03.2015 19:54, Matus UHLAR - fantomas wrote:
> On 27.03.15 15:16, Michael wrote:
>> I would like automatically learn each users Bayes database in the
>> following way:
>>
>> Do the following once a day for each user:
>> 1.) sa-learn -u username --ham ../maildir/cur
>> 2.) sa-learn -u userna
On 27.03.2015 16:21, Reindl Harald wrote:
>
>
> Am 27.03.2015 um 16:16 schrieb Michael:
>> I would like automatically learn each users Bayes database in the
>> following way:
>>
>> Do the following once a day for each user:
>> 1.) sa-learn -u username --ham ../maildir/cur
>> 2.) sa-learn -u use
On 27.03.2015 19:09, RW wrote:
> On Fri, 27 Mar 2015 15:16:13 +
> Michael wrote:
>
>> Hi,
>>
>> I would like automatically learn each users Bayes database in the
>> following way:
>>
>> Do the following once a day for each user:
>> 1.) sa-learn -u username --ham ../maildir/cur
>> 2.) sa-lear
On 27.03.15 12:51, Amir Caspi wrote:
Here are a few spamples:
http://pastebin.com/3nSLurGv (this scored BAYES_99 but would still have been
FN with BAYES_999)
http://pastebin.com/LaKT5ZZK (I have a rule template for these URIs but recent
spams have modified them to cause high risk of FPs for s
On Mar 27, 2015, at 12:22 PM, Reindl Harald wrote:
> we have currently 577 different subjects and subject-parts scored , i don't
> want to publish them because i'd like the spammers don't change to new ones
> :-)
Sadly, that doesn't help me. I don't have time to compile hundreds of subject
r
On 27.03.15 15:16, Michael wrote:
I would like automatically learn each users Bayes database in the
following way:
Do the following once a day for each user:
1.) sa-learn -u username --ham ../maildir/cur
2.) sa-learn -u username --spam ../maildir/.Spam/cur
What do you think about this strate
On Mar 27, 2015, at 12:20 PM, Axb wrote:
> - Please post missed spam samples in pastebin.com - do not post samples to
> mailing lists
Of course, I would never post it to the list. I will put up a few in pastebin
but there are so many of them, and there are a few different templates in use,
s
On Fri, 27 Mar 2015 12:13:30 -0600
Amir Caspi wrote:
> On Feb 16, 2015, at 11:47 AM, Kevin A. McGrail
> wrote:
>
> > I'm happy to look at a recent sample and throw it through my system
> > to see what it hits but overall, I've been seeing the exact
> > opposite.
>
> So, one of my users has been
Am 27.03.2015 um 19:13 schrieb Amir Caspi:
On Feb 16, 2015, at 11:47 AM, Kevin A. McGrail wrote:
I'm happy to look at a recent sample and throw it through my system to see what
it hits but overall, I've been seeing the exact opposite.
So, one of my users has been getting dozens (sometimes
On 03/27/2015 07:13 PM, Amir Caspi wrote:
On Feb 16, 2015, at 11:47 AM, Kevin A. McGrail
wrote:
I'm happy to look at a recent sample and throw it through my system
to see what it hits but overall, I've been seeing the exact
opposite.
So, one of my users has been getting dozens (sometimes nea
On Feb 16, 2015, at 11:47 AM, Kevin A. McGrail wrote:
> I'm happy to look at a recent sample and throw it through my system to see
> what it hits but overall, I've been seeing the exact opposite.
So, one of my users has been getting dozens (sometimes nearly 100) FNs per DAY
over the last few w
On Fri, 27 Mar 2015 15:16:13 +
Michael wrote:
> Hi,
>
> I would like automatically learn each users Bayes database in the
> following way:
>
> Do the following once a day for each user:
> 1.) sa-learn -u username --ham ../maildir/cur
> 2.) sa-learn -u username --spam ../maildir/.Spam/cur
>
Am 27.03.2015 um 16:16 schrieb Michael:
I would like automatically learn each users Bayes database in the
following way:
Do the following once a day for each user:
1.) sa-learn -u username --ham ../maildir/cur
2.) sa-learn -u username --spam ../maildir/.Spam/cur
The idea is to train the Bayes
Hi,
I would like automatically learn each users Bayes database in the
following way:
Do the following once a day for each user:
1.) sa-learn -u username --ham ../maildir/cur
2.) sa-learn -u username --spam ../maildir/.Spam/cur
The idea is to train the Bayes for each user without the need to
42 matches
Mail list logo
