Re: How to get removed from spamcop?

On Mon, Oct 28, 2013 at 3:08 PM, John Levine wrote: >>They have several of our IP addresses listed and delisting >>doesn't seem to work. We're a spam filtering company (Junk Email Filter) >>and if we fail to block a spam it can appear we are the source. > > Uh, Marc, if the spam comes out of your

Re: Really getting discouraged... when does the learning happen?

On Mon, Sep 16, 2013 at 1:38 PM, Harry Putnam wrote: > > Yes, here is an example of a message rated as spam: > > X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% > * [score: 0.] OK, so you've got a BAYES_99 on that message, which is a pretty good indicati

Re: Really getting discouraged... when does the learning happen?

On Sun, Sep 15, 2013 at 7:53 PM, Harry Putnam wrote: > I've been trying to `teach' SA to spam from ham in my mail system. > > I've made it thru two main learning sessions where I ran around 450 > msgs (each time) thru sa-learn spam/ham and yet SA is still incapable > of getting it right more than

Re: procmail/spassassin training session

On Sat, Sep 14, 2013 at 1:07 PM, Harry Putnam wrote: > > 1) Does it matter that I have autolearn turned off in spamassassin > conf filt 'local.cf' while doing my sandbox work No, it doesn't. In fact it's probably better that way because SA won't waste time updating the bayes database with the mi

Re: Comment - GFI/SORBS

http://blog.wordtothewise.com/2010/12/gfi-sorbs-considered-harmful-part-5/

RAZOR2 and SpamAssassin version or configuration

We have a couple of mail servers running SpamAssassin. One is stock CentOS5 and therefore running SA 3.2.4. The other is a test platform running SA 3.3.1 (installed from rpmforge in case that matters). Both have the latest sa-update configurations for their respective versions. On both hosts, w

OT: SPF: Some statistics

Coincidental to the recent thread on SPF comes this from Terry Zink: http://blogs.msdn.com/tzink/archive/2010/02/23/some-stats-and-figures-on-dkim-and-spf.aspx

Re: outlook 2007 "Test" email scores 30+

On Sat, Oct 31, 2009 at 9:31 AM, John Hardin wrote: > Here is a site that gives you your IP address and lets you check it against > DNSBLs: > >   http://cqcounter.com/rbl_check/ Just as a word of warning, that site is still checking blacklist.spambag.org, which has been offline since 2007 and now

Re: Problem starting/stoping spamassasin

On RedHat systems, at least, the init.d script that runs spamd is named "spamassassin". So possibly what was meant here was service spamassassin start service spamassassin stop

Re: googlepages.com abuse

On Nov 13, 2007 3:32 AM, Michael Scheidell <[EMAIL PROTECTED]> wrote: > > > How do you folks trap these mails , And how do we report > > abuse to google ( if they really bother ) > You can't. Google ignores complaints, and email to @googlepages.com > will bounce in 5 days due to their refusal to e

Re: Myspace's mail headers

On Oct 30, 2007 12:27 PM, Joseph Brennan <[EMAIL PROTECTED]> wrote: > > Notice the all-lower-case field names, which do not conform to the > RFC 2822 field names that they almost match. That is, a "from:" > header is not the same as a "From:" header! It's *supposed* to be the same. RFC *822 does

Re: Bit OT but it's about SPAM

On 10/17/07, Randal, Phil <[EMAIL PROTECTED]> wrote: > Hyperbole? > > Well, let's take a look at the figures on my mail relay boxes Not to single out Phil, but so far everyone is quoting (among other things) the percentage of mail that they reject out of hand. You're all 100% confident that none

Re: Bit OT but it's about SPAM

On 10/17/07, Tom Ray <[EMAIL PROTECTED]> wrote: > I just thought if anyone hasn't read it yet, this article might be > interesting to many of you. According to this report SPAM has now > reached being 95% of all email. This is hyperbole. What it really means is that 95% of the mail processed by s

Re: Suggestion to developers

On 9/13/07, Justin Mason <[EMAIL PROTECTED]> wrote: > > if anyone feels like trying it out to see if they can make an > auto-shortcircuiting plugin which outperforms base SpamAssassin over a > mixed corpus of 50:50 nonspam and spam, go for it ;) I dunno about your mail, but if it outperformed base

Re: another bouncing list person

On 7/25/07, Jerry Durand <[EMAIL PROTECTED]> wrote: > It also is trying to claim to come from me, I don't have a POST or > OFFICE address here. > > Begin forwarded message: > > > From: [EMAIL PROTECTED], [EMAIL PROTECTED] It's almost certainly the case that your own mail server did that. The ori

TQMcube apparently gone dormant

If you read JM's Planet Antispam, you know this already, but: http://www.dnsbl.com/2007/06/status-of-dnsbltqmcubecom-abandoned.html

Re: Blacklist a mailing list

On 7/1/07, dougp23 <[EMAIL PROTECTED]> wrote: How do I go about blocking the mailing list? here are some headers from a recent message: (It seems everyone on [EMAIL PROTECTED] is getting this junk). Prompted by Doug but directed to no one in particular: Please don't use things like "mailingl

Re: A different approach to scoring spamassassin hits

On 6/29/07, Tom Allison <[EMAIL PROTECTED]> wrote: The thought I had, and have been working on for a while, is changing how the scoring is done. Rather than making Bayes a part of the scoring process, make the scoring process a part of the Bayes statistical Engine. As an example you would simp

Re: My Newly Expanded DNS Blacklist - Who wants to try it?

On 6/16/07, Marc Perkel <[EMAIL PROTECTED]> wrote: Using my new ideas here's my raw blacklist file. It has about 80k IP addresses and is updated every 10 minutes. http://iplist.junkemailfilter.com/black.txt Just glancing through the list and reversing an IP address whose first two quads I reco

Re: R: Inappropriate use of E-Mail addresses

On 5/13/07, Gregory P. Ennis <[EMAIL PROTECTED]> wrote: SPF seems very interesting. Does spamAssassin automatically use an SPF record if it exists? There's a plugin. Do I set up an SPF record with whoever manages my MX DNS record? Yes. It's a TXT record. Some DNS hosting companies will s

Re: Weirdsvill

On 4/13/07, Gene Heskett <[EMAIL PROTECTED]> wrote: Now, I *think* I have that X-Originating-Ip: 193.93.97.195 in my .procmailrc, but it didn't fire. Odd... Is that rule before or after the point at which you run the message through spamassassin? If after, it probably ddin't fire because spam

Re: Weirdsvill

On 4/13/07, Gene Heskett <[EMAIL PROTECTED]> wrote: The trail starts at localhost! HTF did they do that? You're looking at the header of the wrapper message created by spamassassin, not at the header of the actual spam (which will be inside a message/rfc822 body part of the message created by

Re: newbie question on spamassassin trainer

On 4/3/07, JOYDEEP <[EMAIL PROTECTED]> wrote: how can I configure spamassassin to look after the spam and ham folder of all the cyrus mail boxes, so that all the users has their own spamassasin trainer ? it is something like white box and black box per user could any one kindly suggest me how to

Re: dkim: lookup failed: DNS query timeout for _policy._domainkey.joysticktowers.com

On 3/10/07, Chris <[EMAIL PROTECTED]> wrote: For some reason when this happens fetchmail will not delete the message after downloading it therefore it just sits there and get downloaded over and over again and prevents othere mail after it from being downloaded. Could this be a) a fetchmail iss

Re: Sorting SA Discussion List Messages

On 3/3/07, Don Ireland <[EMAIL PROTECTED]> wrote: Every email list I've ever subscribed to has had something in the subject line (usually in square brackets) to identify 1) that it is a mailing list and 2) what list it is. Why doesn't this list have something similar? Because it's a really ann

False positive on LONGWORDS

A technical newsletter about transistors contains the introductory paragraph "Use of gallium nitride (GaN) power transistors in microwave applications is expected to increase significantly with recent technology improvements, but lateral double diffuse metal oxide semiconductor (LDMOS) transistor

Re: Google Summer of Code 2007 ...

On 2/16/07, Justin Mason <[EMAIL PROTECTED]> wrote: Also, any suggestions from outside the dev team? Anyone got good ideas for new SpamAssassin features that would be good to pay someone to work on for 3 months? http://issues.apache.org/SpamAssassin/show_bug.cgi?id=3785

Re: Yum and Spamassassin

On 2/7/07, Theo Van Dinter <[EMAIL PROTECTED]> wrote: On Wed, Feb 07, 2007 at 03:04:43PM +, Michael Bartlett wrote: > I can't believe the yum package is so out of date, am I missing something? You're running Fedora Core 4 (hey, me too,) which is generally out of date at this point. I'd sugg

Re: spamdoptions ???

On 1/23/07, R Lists06 <[EMAIL PROTECTED]> wrote: On Redhat or CentOS machines would that be under SPAMDOPTIONS ? Using the RPM install of spamassassin from either the CentOS project or rpmforge, you make changes to the spamd command line in /etc/sysconfig/spamassassin, and yes, you place those

Re: procmailrc question

On 1/10/07, D Ivago <[EMAIL PROTECTED]> wrote: :0: * ^Subject:.*\<[SPAM]\> /dev/null Square brackets have special meaning: [SPAM] is a character class matching one of any of the characters S, P, A, or M. What you need is: :0 * ^Subject:.*\<\[SPAM\] /dev/null However, I'd not recommend that.

Re: Salesforce web bug

On 12/20/06, Loren Wilton <[EMAIL PROTECTED]> wrote: > Why do you want to consider this a spam sign? I'm just curious. Bugs in mail messages are generally a suspicious circumstance, and probably good for a fractional point all by themselves. In general any tracking that will auto-identify with

Re: Salesforce web bug

On 12/19/06, Michael Scheidell <[EMAIL PROTECTED]> wrote: I noticed an email from salesforce has a 'user tracking' web bug in it but it isn't currently detected by SA or SARES Why do you want to consider this a spam sign? I'm just curious.

Ongoing trusted_networks confusion

Maybe the name of that config option should be changed to "truthful_networks".

Re: sa-update is broken

On 12/18/06, Christian Eichert <[EMAIL PROTECTED]> wrote: server:~# perl -MCPAN -e 'install LWP::UserAgent' Can't locate object method "install" via package "LWP::UserAgent" at -e line 1. # perl -MCPAN -e shell cpan> install LWP::UserAgent

Re: Easyjet e-mail scoring very high

On 12/1/06, Chris Lear <[EMAIL PROTECTED]> wrote: In fact, every full stop in the html is represented as . for some reason. In SMTP, a dot all by itself on a line is interpreted as the end of the message. The SMTP client is supposed to double any such dot that is truly present in the message b

Re: Bayes failure on "hi, it's Somebody" spam

On 11/16/06, Jon Trulson <[EMAIL PROTECTED]> wrote: Hmm, that has not been my experience at all... Bayes (99) is still catching every one for me. In this instance, SpamAssassin is running after POP download from gmail, so I'm only seeing the samples that have already made it t

Bayes failure on "hi, it's Somebody" spam

It looks to me as if the recent spate of pump'n'dump spams are deliberately crafted to avoid being Bayes-learned by spamassassin. In spite of all having different subject lines and senders and other minor differences, once you've learned one of them sa-learn ignores all the rest -- and they all s

Re: RPM -vs- CPAN install

On 9/6/06, jdow <[EMAIL PROTECTED]> wrote: From: "Bart Schaefer" <[EMAIL PROTECTED]> > The rpmforge project packages the tools as a separate RPM, named, > surprisingly enough, spamassassin-tools. And then one distro spamassassin-tools was no longer present. I

Re: RPM -vs- CPAN install

On 9/6/06, jdow <[EMAIL PROTECTED]> wrote: The RPM installs do not seem to include the tools that you get with the CPAN install. The rpmforge project packages the tools as a separate RPM, named, surprisingly enough, spamassassin-tools.

Re: Calling Regex Experts

On 8/24/06, D. J. <[EMAIL PROTECTED]> wrote: I'm expecting these type of strings for sure: cat dog cat dog dog cat But I may get something like this too: cat cat dog dog dog Essentially I want it to match if anything other than cat or dog is in the string. That constraint means you have to

Re: What changes would you make to stop spam? - United Nations Paper

On 8/2/06, Marc Perkel <[EMAIL PROTECTED]> wrote: doesn't require a separate connection on a separate port. Why use 2 protocols when you can use one? Indeed, why don't we just close all ports except 80 and layer everything atop HTTP? For heavens sake, Marc. This debate about using IMAP/POP f

Re: What changes would you make to stop spam? - United Nations Paper

On 8/2/06, Marc Perkel <[EMAIL PROTECTED]> wrote: Here's what I've written so far. Deadline is today. Still working on it. http://wiki.ctyme.com/index.php/UN_Spam_Paper Rather than "extend POP/IMAP to send mail", which quite frankly will never happen (contact the author of the IMAP protocol, M

Re: postini.com

On 7/31/06, jdow <[EMAIL PROTECTED]> wrote: Both headers seem to feature X-Keywords: . I seem to be dumb this "virtual morning" and can't get a test to work for it. My guess is that X-IMAPbase, X-UID, Content-Length, and X-Keywords were added by the POP3 server at the last hop before your fetch

Re: Why is there so much hype behind Image spam

On 7/16/06, John Andersen <[EMAIL PROTECTED]> wrote: The comment was off-hand and not researched. One of my earliest ISPs recommended Spamassassin when it was just a bunch of scripts written by some woman who's name escapes me. I suspect you're thinking of SpamBouncer. Catherine A. Hampton. O

Re: The best way to use Spamassassin is to not use Spamassassin

On 7/12/06, Marc Perkel <[EMAIL PROTECTED]> wrote: Depends on what he's doing it might work. He's writing procmail recipes. He's a user on a hosted shell server, not a sysadmin. Strictly delivery-time header text analysis, no MTA-level configuration games. For example, anyone can do this t

Re: The best way to use Spamassassin is to not use Spamassassin

On 7/12/06, Marc Perkel <[EMAIL PROTECTED]> wrote: Bart Schaefer wrote: > There's been a fellow over on the procmail list claiming for well over > a year now that he can get better accuracy than SA through message > header analysis alone His claim might well be true. Oh,

Re: The best way to use Spamassassin is to not use Spamassassin

On 7/12/06, Marc Perkel <[EMAIL PROTECTED]> wrote: Catchy subject line eh? What you really mean is "the best way to use SpamAssassin is as an analysis tool." Which of course is what the best way to use it always was. You're just abstracting the analysis rather than applying it directly. The

Re: sa-learn script

On 7/11/06, Nicholas Payne-Roberts <[EMAIL PROTECTED]> wrote: Does anybody know a good way to script sa-learn to daily check on junk e-mail folders? I use logrotate because it handles automatically removing or renaming the files after learning, but I don't use maildir-format folders so I can't

Re: Warnings in procmail log

On 7/9/06, Geoff Soper <[EMAIL PROTECTED]> wrote: Apologies, I've little idea of what is traditional and didn't realise my situation was unusual! I didn't say it was unusual ... it's just not the assumed default state of affairs. I mean all users should have the same rules and spam threshold,

Re: Warnings in procmail log

On 7/8/06, Geoff Soper <[EMAIL PROTECTED]> wrote: Bart Schaefer wrote: I think I need to specify the .procmailrc as the .procmailrc file is per e-mail address, not per user or even system-wide I think we've just uncovered a crucial bit of missing information. You're ap

Re: Warnings in procmail log

On 7/8/06, Geoff Soper <[EMAIL PROTECTED]> wrote: .qmail contains the lines: | true ./Maildir/ Caveat: I don't use qmail, and don't even particularly like qmail, so what I'm about to say are really educated guesses rather than definitive answers. which I've altered to: | true | /usr/bin/pro

Re: Warnings in procmail log

On 7/5/06, jdow <[EMAIL PROTECTED]> wrote: You need "DROPPRIVS=yes" somewhere near the front of your .procmailrc. No, you don't. By the time the .procmailrc is read, privileges have already been dropped. The only place you need DROPPRIVS=yes is in /etc/procmailrc in the event that you want to

Re: Looking for Turn-key SA solution

On 7/5/06, Burton Windle <[EMAIL PROTECTED]> wrote: Does anybody know of a vendor that sells boxes with SpamAssassin pre-installed, with a pretty GUI with quarantine ability? (My company won't allow home-brewed solutions, as they want a vendor to call if I get hit by a spam bus). It's not exact

Re: spamassassin-3.0.4-1.el4

On 7/3/06, Kaushal Shriyan <[EMAIL PROTECTED]> wrote: I did what you said exactly and its up and running, How do i test all this configurations for SPAM sendmail YourLocalEmailAddress < /usr/share/doc/spamassassin-3.1.3/sample-spam.txt

Re: spamassassin-3.0.4-1.el4

On 7/3/06, Kaushal Shriyan <[EMAIL PROTECTED]> wrote: Thanks for the quick turnaround. I installed the latest spamassassin version for RHEL4 [EMAIL PROTECTED] kaushal]# rpm -qa | grep spam spamass-milter-0.3.0-1.2.el4.rf spamassassin-3.1.3-1 Where did you get that spamassassin RPM? schaefer[5

Re: spamassassin-3.0.4-1.el4

On 7/3/06, Kaushal Shriyan <[EMAIL PROTECTED]> wrote: I have spamassassin-3.0.4-1.el4 installed by default in RHEL4 Linux There have been updates since then. Current is spamassassin-3.0.6-1.el4 -- but note that I recently reported that spamd in that package has a problem with whitelist_from_r

It worked on BlueFrog, so now they're trying it with SORBS

The amusing thing about this is that (a) SORBS doesn't maintain a list of "members", and (b) the mail server that received this trash has never to my knowledge used the DUL. empty-threats Description: Binary data

Re: >From header being added..???

On 7/2/06, <[EMAIL PROTECTED]> wrote: I'm not 100% positive this is even a SA issue but it is driving me up the wall. Some mailings are having this added right after the SA report. It usually isn't an issue except that some user fetch their mail from Exchange and these mailings are show

Re: RFC: spamd disables virtual-config when no @ in user name

On 7/2/06, martin f krafft <[EMAIL PROTECTED]> wrote: On mail systems with virtual and local users, it's not easily possible to run per-user spamc with user configuration. I run two copies of spamd with different -p port options, and point the virtual users' spamc at the port corresponding to t

Re: White List and Yellow List DNS Servers - Proposal

On 6/30/06, Marc Perkel <[EMAIL PROTECTED]> wrote: Yeah - but what I'm thinking of is something that is automatic and reputation based rather that paying someone to certify you. In other words your server get whitelisted because you never send spam. Paid or otherwise, how do you get on the lis

spamd not properly resetting whitelist?

We recently installed a new CentOS4 server, which comes with SA 3.0.6 prepackaged, to serve as our local mail store (runs sendmail, clamassassin, spamd, and an imap server). The perl version is 5.8.5, and it's an x86_64 platform. Since migrating our users to this machine we frequently have spam

Re: internal/trusted again, MSA tested for SPF ?

On 6/30/06, Daryl C. W. O'Shea <[EMAIL PROTECTED]> wrote: OK, I see now that you want to unconditionally trust the MSA *and* all hosts after it. Which is reasonable if the MSA is just an MSA. For whatever reason you don't want to rely on auth tokens, etc. Seems reasonable to me. That would

Re: White List and Yellow List DNS Servers - Proposal

On 6/30/06, Marc Perkel <[EMAIL PROTECTED]> wrote: Who likes this idea? Evidently habeas.com does, as that's now their business model. Also Bonded Sender (I think they changed the name recently, but I forget to what). And I believe the ISIPP maintains several such lists. Do a Google on "repu

Re: trusted_networks confusion

On 6/29/06, Daryl C. W. O'Shea <[EMAIL PROTECTED]> wrote: Bart Schaefer wrote: > > Under what circumstances would one list something as internal but not > trusted? NEVER. Newer versions of SA won't even allow you to make that misconfiguration. Ah, good. That&

Re: trusted_networks confusion

On 6/29/06, Daryl C. W. O'Shea <[EMAIL PROTECTED]> wrote: EVERYTHING after an MX MUST be listed as BOTH trusted and internal networks. Under what circumstances would one list something as internal but not trusted?

Re: Not just use_bayes_rules 0

No one has any comments at all? -- Forwarded message -- From: Bart Schaefer <[EMAIL PROTECTED]> Date: Jun 23, 2006 10:49 PM Subject: Not just use_bayes_rules 0 To: Spamassassin Users List I want to make sure I'm not misinterpreting something else before I report th

Not just use_bayes_rules 0

I want to make sure I'm not misinterpreting something else before I report this as a bug. I just tried use_bayes 1 use_bayes_rules 0 The effect of this seems to be that NONE of the rules are applied, except whitelist_from and blacklist_from. I had assumed it would just turn off the BAYES_* rul

Re: Trouble with UNwhitelist_from_rcvd

On 6/23/06, Daryl C. W. O'Shea <[EMAIL PROTECTED]> wrote: Well you could s/address/address pattern/. I could, but plainly what I did was s/used in/used in processing/, because it seemed a whole lot more intuitive for it to function that way. Ah, well. This will probably change in a future v

Re: Trouble with UNwhitelist_from_rcvd

On 6/23/06, Daryl C. W. O'Shea <[EMAIL PROTECTED]> wrote: Did you read the Mail::SpamAssassin::Conf perldoc? Yes ... so what you're saying is, "previously used in" means "written in the config file entry" not "used in spamassassin when matching". The phrase "the address" is what threw me; the s

Trouble with UNwhitelist_from_rcvd

The short of it is that I can't get unwhitelist_from_rcvd to unwhitelist anything. Here's the situation: We have a brand-new machine that's going to be swapped in as our mail server. We're trying to test everything thoroughly before we switch over to it. To avoid any loss of mail, I have a tes

Re: Black Copy filtering problem

On 5/28/06, Phil (Sphinx) <[EMAIL PROTECTED]> wrote: I really don't understand. I haven't attempted to figure out what the SARE rule is doing, I'm afraid. Do you think I should ask the exim-users list ? If the goal is to limit the volume of mail that any particular user can cause to be del

Re: Black Copy filtering problem

On 5/28/06, Phil (Sphinx) <[EMAIL PROTECTED]> wrote: I also tried to set up my own rule : header NETW_BCC_MANY ^Bcc =~ /,.*,.*,/ The Bcc header is stripped out by the transport system, so you can't compare on it directly. What you have to discover is whether there are a lot of recipients in t

Re: AOL X-Spam-Flag: NO

On 5/28/06, JP Kelly <[EMAIL PROTECTED]> wrote: Is there a way to strip the X-Spam-Flag: NO on RCPT before any other processing is done? Maybe. http://www.exim.org/exim-html-4.62/doc/html/spec_html/ch43.html#SECTheadersaddrem

Virtual user config and auto-whitelist (again)

A while ago, I asked about updating the AWL when using spamd --virtual-config-dir. The discussion got sidetracked onto the topic of the obsolete -a option and the AWL plugin, and consequently my original question never got a satisfactory answer. Here it is again: On 4/26/06, Bart Schaefer

Re: SA and Bayes in a multi-user environment

Bayes is only as accurate as its trainer(s). http://www.jgc.org/blog/2006/05/theres-one-born-every-minute-spam-and.html

A few more sa-update questions

As sa-update appears to have been successful, I decided to diff the downloaded files against the installed 3.1.1 ruleset before blindly restarting spamd. This immediately jumped out at me: == --- /usr/share/spamassassin/10_misc.cf 2006-03-15 14:02

Re: sa-update vs. RDJ -- Default rules directory changed somehow?

On 5/13/06, Theo Van Dinter <[EMAIL PROTECTED]> wrote: It's not empty if the download is successful. I believe there's a ticket about changing the behavior so an empty directory isn't left behind if the first attempt to do an update fails. Sounds good. > In that case I would argue that eithe

Re: sa-update vs. RDJ -- Default rules directory changed somehow?

On 5/13/06, Theo Van Dinter <[EMAIL PROTECTED]> wrote: On Sat, May 13, 2006 at 10:57:11AM -0700, Bart Schaefer wrote: > Well, guess what. "sa-update" creates the > /var/lib/spamassassin/3.001001 directory if it does not exist, rather > than finding the directory that

Re: sa-update vs. RDJ -- Default rules directory changed somehow?

On 5/13/06, Bart Schaefer <[EMAIL PROTECTED]> wrote: I think there's some kind of conflict between sa-update and RulesDuJour that has borked my spamassassin installation, but I can't figure out how. Apparently the conflict is only that RDJ restarts spamd automatically, but sa

Re: So, when do we start handling [dot] in a URI

On 5/12/06, jdow <[EMAIL PROTECTED]> wrote: << jdow >> And you propose we do what instead? Look for other characteristics of the messages that could be filtered. I haven't seen any of these spams, so I don' t know what those might be, but this can hardly be the *only* thing the spammer is doin

sa-update vs. RDJ -- Default rules directory changed somehow?

I think there's some kind of conflict between sa-update and RulesDuJour that has borked my spamassassin installation, but I can't figure out how. This morning after RDJ restarted spamd, spamc started returning messages with ONLY the spamassassin version header added, not the score report. Runnin

Re: So, when do we start handling [dot] in a URI

On 5/12/06, Kai Schaetzl <[EMAIL PROTECTED]> wrote: Bart Schaefer wrote on Fri, 12 May 2006 07:34:05 -0700: > So now that the spammers are using our own defenses against us, you > suggest that we should invent the technology to defeat those defenses? What's there to "inve

Re: So, when do we start handling [dot] in a URI

On 5/12/06, Bret Miller <[EMAIL PROTECTED]> wrote: Seems spammers have taken up to doing what many of us have in posting e-mail addresses, putting [dot] instead of the . in the URL and telling people to replace it Gosh, exactly what "regular" people have been doing on web sites and in news/list

Re: Those "Re: good obfupills" spams (bayes scores)

Incidentally, the FAQ answer for "HowScoresAreAssigned" on the SA wiki is out of date.

Re: unpacking spam attachments for sa-learn

On 5/1/06, Jeff Portwine <[EMAIL PROTECTED]> wrote: I tried ripmime, and it does extract the attachments but it throws away all of the header information and gives me only the attachment by itself. I wrote an extractor in procmail for simple (as in, it doesn't handle nested structure well) MIME

Re: Those "Re: good obfupills" spams (bayes scores)

On 4/29/06, Matt Kettler <[EMAIL PROTECTED]> wrote: In SA 3.1.0 they did force-fix the scores of the bayes rules, particularly the high-end. The perceptron assigned BAYES_99 a score of 1.89 in the 3.1.0 mass-check run. The devs jacked it up to 3.50. That does make me wonder if: 1) When BAYE

Re: Those "Re: good obfupills" spams

On 4/29/06, Matt Kettler <[EMAIL PROTECTED]> wrote: Besides.. If you want to make a mathematics based argument against me, start by explaining how the perceptron mathematically is flawed. It assigned the original score based on real-world data. Did it? I thought the BAYES_* scores have been fi

Re: Those "Re: good obfupills" spams

On 4/29/06, List Mail User <[EMAIL PROTECTED]> wrote: While SA is quite robust largely because of the design feature that no single reason/cause/rule should by itself mark a message as spam, I have to guess that the FP rate that the majority of users see for BAYES_99 is far below 1%.

Re: Those "Re: good obfupills" spams

On 4/28/06, <[EMAIL PROTECTED]> wrote: I would make a subject ""Re: good "" rule that scores just high enough to push it to the spam level. They're only scoring about 3.3, and I'm reluctant to make "Re: good" worth 2 points all by itself. That'd be worse than increasing the spamcop scor

Those "Re: good obfupills" spams

The largest number of spam messages currently getting through SA at my site are short text-only spams with subject "Re: good " followed by an obfuscated drug name (so badly mangled as to be unrecognizable in many cases). The body contains a gappy-text list of several other kinds of equally unread

Re: Virtual user config and auto-whitelist

On 4/26/06, Rosenbaum, Larry M. <[EMAIL PROTECTED]> wrote: > > > From: Bart Schaefer [mailto:[EMAIL PROTECTED] > > ... > > (Someone remind me why the spamd option to disable the auto-whitelist > > was dropped?) > > It hasn't been dropped; they just moved

Virtual user config and auto-whitelist

I've recently switched from running spamd on our mail server machine, where all users have direct access to their SA config in their home directory, to running spamd on a second machine and using --virtual-config-dir for user configuration. (SA 3.1.1) One side-effect of this was that the bayes da

Re: (OT, but relevant) Playing with AOL?

On 2/23/06, Peter P. Benac <[EMAIL PROTECTED]> wrote: > Get enough of those TOS messages in one day and they will still block you > IP address and any IP address that you have assigned to you. FUD. They don't block multiple IPs at once as far as I can tell. > Furthermore, they have already annou

Re: Bayes rocks

On 9/16/05, jdow <[EMAIL PROTECTED]> wrote: > You are better off to use a normal SpamAssassin meta rule. How so? SA doesn't know how to interpret "not to me" (unless I write a plugin) -- it has no built-in knowledge of, for example, all possible sendmail aliases for my personal account -- and ind

Bayes rocks

On 9/16/05, jdow <[EMAIL PROTECTED]> wrote: > Yes indeedy. And I've been looking at Bayes scores here just a wee bit. > BAYES_99 just does not hit on ham and hits on high percentages of spam. > Even BAYES_95 does not hit ham. I go down to BAYES_80 before I hit 0.05 > percent of ham. During a two-w

More unintentional spam humor/irony

The choice of anti-bayes-filler below is unfortunate on so many levels ... and on top of that, they spammed our abuse address. (Links to spammer site deleted.) -- Forwarded message -- Date: Sun, 11 Sep 2005 09:45:40 +0500 From: Nadia Joyner <[EMAIL PROTECTED]> To: abuse Subject: R

Re: ANNOUNCE: SpamAssassin 3.1.0-rc2 release candidate available!

On 9/7/05, Loren Wilton <[EMAIL PROTECTED]> wrote: > > has this been opened as a bug in BZ yet? > > I haven't seen a sign of it. I hope the OP does this, I'd hate to have to > try to track back through 3 weeks of deleted mail to find the original > posting. Especially since I don't remember who

Re: Rather too refreshing: bayes.lock

On 5/19/05, Ben Wylie <[EMAIL PROTECTED]> wrote: > > debug: refresh: 3392 refresh F:/DOCUME~1/ADMINI~1/SPAMAS~1/bayes.lock [...] > debug: expired old Bayes database entries in 1533 seconds: 485101 entries No real help here, but another data point: I've been seeing occasional problems on my Linux

Re: Bombarded by German political spam

On 5/15/05, Raymond Dijkxhoorn <[EMAIL PROTECTED]> wrote: > > http://mailscanner.prolocation.net/german.cf You've got a bit of duplication in there (rules 02 and 22 are the same, as are 04 and 26).

Re: Confession and rage

On 5/6/05, List Mail User <[EMAIL PROTECTED]> wrote: > Again, there is an unfortunate exception provided by Sec 3.17 > which allows "Transactional or relationship message-" and in particular > clause A.iii.I specifically allows "notification concerning a change in > the terms or features of

  1   2   >