Below is a complete log dump from the -D option on sa-learn. I am
really curious that the file name I passed in is never even mentioned in
the log. Is that expected? Do I have some sort of syntax error passing
the mbox filename in? Here's the command:
[C:\Program Files\JAM Software\Spam
On 7 Jul 2017, at 13:04, Alex wrote:
I'm interested in how your system would have (or currently does)
handle this email I received some days ago:
https://pastebin.com/innRFvZt
Its IP (106.186.119.240) is still not listed with spamhaus, sorbs or
hostkarma, and has an 83 rating with senderscore.
Hi,
> Without that rule it might have flown below my sa-radar.
> Got some scoring on it by using this plugin:
> https://github.com/eilandert/Botnet.pm
Be careful with the botnet plugin - it's terribly out of date and very
prone to false-positives. It's just not effective anymore.
HI,
>> __HAS_LIST_ID exists:exists:List-Id
>
> typo ?
It also already exists:
# grep __HAS_LIST_ID *
10_hasbase.cf:header __HAS_LIST_ID exists:List-Id
> imho it should be exists:headername
>
>> HAS_LIST_UNSUB exists:List-Unsubscribe
So does this one:
72_active.cf:header __
Hi,
> Ummm. Well. I don't have any hits on that RHSBL rule in the past 2 weeks
> so maybe that is not a valid rule. Ignore that one. I think I will take it
> out of my ivm.cf file.
>
> To all, please don't setup these rules and flood the IVM DNS servers with
> requests. IVM is a private RBL f
My client mail repository is in a sql db and is not an option for
sa-learn to read directly. That's fine. I wrote a utility that reads
all the mail out of the uncaught-spam folder from my db and creates an
mbox folder using the mstor java package. The mbox file gets created
with no problem.
Tobi skrev den 2017-07-07 19:40:
https://pastebin.com/innRFvZt
__HAS_LIST_ID exists:exists:List-Id
typo ?
imho it should be exists:headername
HAS_LIST_UNSUB exists:List-Unsubscribe
that would score 1.0, intended ?
if not change to __HAS_LIST_UNSUB
but check spamasassin own r
On 7 Jul 2017, at 12:15, jdow wrote:
> On the other hand, FireFox reports:
> This site can’t be reached
>
> updates.spamassassin.org’s server DNS address could not be found.
Which is simultaneously:
1. True
2. Normal
3. Neither a cause nor symptom of any operational problem.
Am 07.07.2017 um 19:04 schrieb Alex:
>
> I'm interested in how your system would have (or currently does)
> handle this email I received some days ago:
> https://pastebin.com/innRFvZt
>
that one triggers one of my redpill meta rules and scores at 24.1 :-)
__HAS_LIST_ID exists:exists:List-Id
H
On 07/07/2017 05:39 PM, Alex wrote:
Hi,
urirhssub URIBL_IVMRHSBL uri.invaluement.com. A127.0.0.2
tflags URIBL_IVMRHSBL net
score URIBL_IVMRHSBL 3.2
I did not have this one or the reuse line. Is that "right-hand-side"?
Do you have one such example?
header
Hi,
> urirhssub URIBL_IVMRHSBL uri.invaluement.com. A127.0.0.2
> tflags URIBL_IVMRHSBL net
> score URIBL_IVMRHSBL 3.2
I did not have this one or the reuse line. Is that "right-hand-side"?
Do you have one such example?
> header RCVD_IN_IVMBL
> eval:check
On 07/07/2017 03:08 PM, Alex wrote:
Hi,
On Fri, Jul 7, 2017 at 3:45 PM, John Hardin wrote:
On Fri, 7 Jul 2017, Alex wrote:
It's just a short body with a URI which downloads malware. We got hit
by this pretty hard. This is where the real threats are. Receive one
of these to an Exchange distri
On Fri, 7 Jul 2017, Alex wrote:
On Fri, Jul 7, 2017 at 3:45 PM, John Hardin wrote:
On Fri, 7 Jul 2017, Alex wrote:
It's just a short body with a URI which downloads malware. We got hit
by this pretty hard. This is where the real threats are. Receive one
of these to an Exchange distribution l
Am 07.07.2017 um 19:04 schrieb Alex:
>
> I'm interested in how your system would have (or currently does)
> handle this email I received some days ago:
> https://pastebin.com/innRFvZt
>
that one triggers one of my redpill meta rules and scores at 24.1
__HAS_LIST_ID exists:exists:List-Id
HAS_L
Hi,
On Fri, Jul 7, 2017 at 3:45 PM, John Hardin wrote:
> On Fri, 7 Jul 2017, Alex wrote:
>
>> It's just a short body with a URI which downloads malware. We got hit
>> by this pretty hard. This is where the real threats are. Receive one
>> of these to an Exchange distribution list and your reputat
Mostly autolearn ham and train some spam, have found that one account needed
ham though.
Most user accounts in question are at least 200/200, most are well over a few
thousand each (I believe)
>> I need to read up bayes a bit, I was surprised to learn that after
>> using sa-learn --spam, the
On Fri, 7 Jul 2017, Charles Amstutz wrote:
I need to read up bayes a bit, I was surprised to learn that after using
sa-learn --spam, then bayes only tagged it at Bayes_50 instead of
Bayes_99, Unless I did something incorrect.
There is a minimum level of both spam *and ham* that Bayes must be
On Fri, 7 Jul 2017, Alex wrote:
It's just a short body with a URI which downloads malware. We got hit
by this pretty hard. This is where the real threats are. Receive one
of these to an Exchange distribution list and your reputation with the
customer suffers badly.
Defense in depth. For that s
>> I find many don't contribute (despite it being open source) for fear of
>> spammers using these ideas against us, but the project suffers as a result.
I think others don't due to IP rights. I'm glad people do though.
Hi,
On Fri, Jul 7, 2017 at 2:30 PM, David Jones wrote:
> On 07/07/2017 12:04 PM, Alex wrote:
>>
>> Hi,
>>
>> On Fri, Jul 7, 2017 at 12:14 PM, David Jones wrote:
>>>
>>> On 07/07/2017 11:04 AM, Charles Amstutz wrote:
Thank you everyone for the suggestions, I will look into it. One
I need to read up bayes a bit, I was surprised to learn that after using
sa-learn --spam, then bayes only tagged it at Bayes_50 instead of Bayes_99,
Unless I did something incorrect.
Note: I do not use bayes files in user profiles, I use it in mysql database
On 07/07/2017 12:04 PM, Alex wrote:
Hi,
On Fri, Jul 7, 2017 at 12:14 PM, David Jones wrote:
On 07/07/2017 11:04 AM, Charles Amstutz wrote:
Thank you everyone for the suggestions, I will look into it. One thing
I've noticed is that sometimes it takes a day for any *BL's to pick up some
of the
Hi,
On Fri, Jul 7, 2017 at 12:14 PM, David Jones wrote:
> On 07/07/2017 11:04 AM, Charles Amstutz wrote:
>>
>> Thank you everyone for the suggestions, I will look into it. One thing
>> I've noticed is that sometimes it takes a day for any *BL's to pick up some
>> of the spam, and by that time, th
Has anyone ever got something like machine learning (I get that is what bayes
kind of is) or R working with spam assassin? I’ve seen Books on this and maybe
was refering to Bayes, but not sure.
>Also, setup the KAM.cf rules and extra signatures for ClamAV from
>Sanesecurity. These often help with new spam campaigns. I can post
>which signature DBs I am using if that would be helpful.
>--
>Dave
Hi Dave...
i have had problems in the past with the script to download Sanesecurity
DB
I setup spamdyke to block .top and many other TLDs where mostly spam came from.
Unfortunately, I had to remove them, and now have to rely on content analysis
with the use of *BL's.
With setting up pattern matching, in efforts to future proof blocking, it will
catch legit email that use charact
On 2017-07-07 03:38, Rainer Sokoll wrote:
Am 06.07.2017 um 18:27 schrieb Rainer Sokoll :
[...]
Hm, I got an email from cron:
---8<--
/etc/cron.daily/spamassassin:
error: unable to refresh mirrors file for channel updates.spamassassin.org,
using old file
channel: could not find wor
On 07/07/2017 11:04 AM, Charles Amstutz wrote:
Thank you everyone for the suggestions, I will look into it. One thing I've noticed is
that sometimes it takes a day for any *BL's to pick up some of the spam, and by that
time, the run could be done. Greylisting isn't an option. It sometimes feels
Thank you everyone for the suggestions, I will look into it. One thing I've
noticed is that sometimes it takes a day for any *BL's to pick up some of the
spam, and by that time, the run could be done. Greylisting isn't an option. It
sometimes feels like always reactive vs pro-active in filtering
On 07/07/2017 10:15 AM, Kevin A. McGrail wrote:
On 7/7/2017 9:06 AM, Charles Amstutz wrote:
I am new to the group, but have experience with writing some rules and
some meta rules.
Has anyone come up with a good way to detect spam that has random
words in paragraph forms (usually at the bottom
On 7/7/2017 9:06 AM, Charles Amstutz wrote:
I am new to the group, but have experience with writing some rules and
some meta rules.
Has anyone come up with a good way to detect spam that has random
words in paragraph forms (usually at the bottom of the message body)
or they look like they cop
Hello,
I am new to the group, but have experience with writing some rules and some
meta rules.
Has anyone come up with a good way to detect spam that has random words in
paragraph forms (usually at the bottom of the message body) or they look like
they copy parts from various wiki's or other n
I think the difference is between body and rawbody rule:
rawbody: If there's encoding like quoted-printable or base64, the text
parts are decoded, but you still get all the HTML tags and such.
body: If they exist, also html parts are decoded, so you just get the
plain text content.
So it de
> Am 06.07.2017 um 18:27 schrieb Rainer Sokoll :
[...]
> Hm, I got an email from cron:
>
> ---8<--
> /etc/cron.daily/spamassassin:
> error: unable to refresh mirrors file for channel updates.spamassassin.org,
> using old file
> channel: could not find working mirror, channel failed
> s
34 matches
Mail list logo
