Re: Latest spammers' trick - email address in body instead of url

[snip] Phil, Not seen any of these yet, any chance of some examples? C. - -- Craig McLeanhttp://fukka.co.uk [EMAIL PROTECTED] Where the fun never starts Powered by FreeBSD, and GIN! -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.1 (GNU/Linux) iD8DBQFEEZ0gMDDagS2VwJ4RA

Re: SUBJ_ILLEGAL_CHARS

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Philip Prindeville wrote: [snip] > I mean it's not X.400, right? ;-) Thank the Gods... C. - -- Craig McLeanhttp://fukka.co.uk [EMAIL PROTECTED] Where the fun never starts Powered by FreeBSD, and GIN! -B

Re: Importance of SMTP gateway reverse lookup domain?

what DNS software doesn't support > that? > > mfg zmi A better question might be "What DNS hosts don't support TXT records". That would be quite a few. 1and1.co.uk for instance, hence the fact I'm moving... C. - -- Craig McLeanhttp://fu

Re: 3.1.1 Upgrade Problems

having simliar problems? FBSD 5.2.1-RELEASE, SA3.1.1 on Perl 5.8.7 with IO::ZLib 1.04, no problems here. C. - -- Craig McLeanhttp://fukka.co.uk [EMAIL PROTECTED] Where the fun never starts Powered by FreeBSD, and GIN! -BEGIN PGP SIGNATURE- Version: G

Changes to SATest.pm to get SA 3.1.1 "make test" working on FreeBSD jails.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Folks, I've tinkered with t/SATest.pm to help get "make test" working correctly in jails on FreeBSD. What's the best way to get this to the committers? bugzilla? the dev list? Thanks, C. - -- Craig McLeanhttp:

Re: INVALID_DATE

SHO. It doesn't score here. In any case, I'm sure the rules could be tweaked to create metas whereby FROM_LOCAL_HEX or FROM_ENDS_IN_NUMS won't fire if (say) FROM_IS_MOBILE or FROM_MMAIL is true. You'll need to write those rules, but they are trivial. > The real issue is be

Re: some messages does not seem to get to spamassassin

n "X-Everthing-Missed" header which I can grep for. C. - -- Craig McLeanhttp://fukka.co.uk [EMAIL PROTECTED] Where the fun never starts Powered by FreeBSD, and GIN! -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFEI/dKMDDagS

Re: Install help for Spamassasian 3.1.1 on Fedora Core 4

nstall it via cpan. Does anyonr of any experience > getting Spamassasian installed on Fedora Core 4? > > Any help would be apprecciated. > > Abel Jeffcoat [snip] Hey Abel, Axel T has already done the business for you: http://atrpms.net/dist/fc4/spamassassin/ Regards, Craig. -

Re: Stopping recent stock pumping spam

TOCKS and HTML_IMAGE_ONLY is, IIRC, standard issue. Out of interest, simply attaching a GIF to a mail can get you over 4 points here, all the HTML_IMAGE_ONLY rules have had their scores upped pretty high. This system, however, has a total of 2 users. Me and the wife. YMMV. Those mails scored between 10 an

Re: Charity spam - is this a new kind of 419?

ch website > under united States (www.savethechildren.org) > Thanks >Mrs Helen Cockran >Ass. Coordinator >NB: mailto: [EMAIL PROTECTED] Smells like 419 to me, given (among other things) the level of literacy displayed. If you have no objections I'll drop the sende

Re: OR NOT Logic

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Peter P. Benac wrote: [snip] > > And your domain is my Mother's Maiden Name :) > > Regards, > Pete Remind me who you bank with? ;-) C. - -- Craig McLeanhttp://fukka.co.uk [EMAIL PROTECTED] Where

Re: home owner

. - -- Craig McLeanhttp://fukka.co.uk [EMAIL PROTECTED] Where the fun never starts Powered by FreeBSD, and GIN! -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) iD8DBQFEWhuDMDDagS2VwJ4RAlA/AKCtWtELZzpn4eqB4Po3iKO61mMhmACggePg rc2Eete27U0zum5JuQdRIx8= =OZt9

Re: home owner/credit

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jean-Paul Natola wrote: > Still getting hammered, > > Anyone else found a fix, getting these in DAILY > Not being psychic, I can't help. Perhaps you can put some examples up on the web somewhere? C. - -- Craig McLea

Re: Latest sa-stats from last week

8.621.44 18HTML_30_40453 1.683.711.38 19AWL 435 1.170.161.32 20HTML_40_50425 1.523.011.29 - -- Craig McLeanhttp://fukka.co.uk [EMAIL PROTECTED

Re: Suing Spammers

http://spamlegalaction.pbwiki.com/ Rules in CA might be a little different, but the principle is likely to be the same.. C. - -- Craig McLeanhttp://fukka.co.uk [EMAIL PROTECTED] Where the fun never starts Powered by FreeBSD, and GIN! -BEGIN PG

Re: RULE using %

ozen "%" characters. If you are going to match, try doing it with patterns, like (off the top of my head, and untested!) /(?:£\$}\s?\d+(?:[\.,]\d+)?.{1,20}\d.{1,10}%/ might attempt to match: "$250,000 loan at 6.35%" "£ 1 for you just 6%!" C. - -- Craig McLean

Re: RULE using %

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Craig McLean wrote: > Jean-Paul Natola wrote: >>> Hi all >>> >>> These homeowner spasm are still getting through ( a lot less though since >>> adding the KAM_GEO_STRING2 rule. >>> >>> I do NOT

Re: RULE using %

XT_LOANBODY: Loan at a certain rate. 2.0 TVD_DEAR_HOMEOWNER BODY: TVD_DEAR_HOMEOWNER 1.5 CM_CREDIT_SCOREBODY: Your score doesn't matter 1.0 CM_IMMEDIATE_CASH BODY: Immediate cash 1.0 CM_DEAR_HOMEOWNER BODY: Dear Homeowner Plus BAYES_99 for 4 points, and

Re: Comment Crashes

27;i describe T_4_DODGY_DIVS Testing... score T_4_DODGY_DIVS0.01 (note, the regexp should be on one line with no spaces) That will catch it. You'd have to see what it FPs on though. You could also get it to pick on single alphas between html tags with a little tweaking. C. - -- Craig M

Re: Comment Crashes

_DODGY_DIVS m'(?:\s{0,}?[\$%\w]\s{0,}?.{1,40}?){30}'i Stick with rawbody, you don't need full. Also, you'll probably want case-insensitive, and \s{0,}? to match zero or more whitespace. C. - -- Craig McLeanhttp://fukka.co.uk [EMAIL PROTECTED] Where the fun ne

Re: Comment Crashes

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 David B Funk wrote: > On Tue, 16 May 2006, Craig McLean wrote: > >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA1 >> >> [snipped] >> >> I use this style to catch a couple of common text formatting oddities

Re: Delete spam or move to a folder?

spam into different folders. This means we can quickly see misfires either way, and has the added benefit over milter-level bounces that bayes gets to see everything too. C. - -- Craig McLeanhttp://fukka.co.uk [EMAIL PROTECTED] Where the fun never starts Powered

Re: Filtering windows-1252 charset

#x27;t >> even have to scan them. >> >> > > Which brings up the subject... How legitimate is email sent as > windows-1252? I have a bunch of stuff from paypal and ebay, and much more, which include this charset. I'm not attempting to answer the philosophical question,

Re: Delete spam or move to a folder?

gets put in a 'likely-spam' folder. Anything else goes to 'spam'. C. - -- Craig McLeanhttp://fukka.co.uk [EMAIL PROTECTED] Where the fun never starts Powered by FreeBSD, and GIN! -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux)

Re: Proposal: First URI black list, how about email address black lists?

ned... Thanks, C. [1] http://fukka.co.uk/sa-rules/local/PhoneBL.pm [2] http://fukka.co.uk/sa-rules/local/phone.cf [3] http://fukka.co.uk/sa-rules/local/evilnumbers.db - -- Craig McLeanhttp://fukka.co.uk [EMAIL PROTECTED] Where the fun never starts Powered by FreeBSD, and GIN!

Re: AWL whitelist & CGPSA

ad, Given: > -- > 4.8 FROM_KING_COM From known spammer 'king.com' and: > [EMAIL PROTECTED] I'd say that the FROM_KING_COM rule might be misfiring, and for 4.8 points too! C. - -- Craig McLeanhttp://fukka.co.uk [EMAIL PROTECTED] Where the fun never

Re: SA Milter problem

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Chan, Wilson wrote: > Any else having this problem with spamass-milter with spamassassin? Nope. (ask a vague question...) C. - -- Craig McLeanhttp://fukka.co.uk [EMAIL PROTECTED] Where the fun never starts Powered

Re: sa-learn script

> i've come up with this > > #!/bin/bash > > for i in $( ls /home/MYDOMAIN); do > sa-learn --spam /home/MYDOMAIN/i$/mail/Junk > done > > If i set it to run as a cron job once a week, Will that do what I want it > to do? > Almost certainly no

Re: Lots of this kind of spam getting through

rect plugin and a rule which gives any geocities URL a healthy dose of points (a la http://fukka.co.uk/sa-rules/local/misc.cf) for the second 2. XBL and spamcop (no flames please) for all, plus make sure you get your bayes trained on this type of spam to drive the score up there, too. Mine doesn&#

Re: Lots of this kind of spam getting through

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Craig McLean wrote: > > Razor and multi.uribl.com RBL for the first 3 Oops, and multi.surbl.org... C. - -- Craig McLeanhttp://fukka.co.uk [EMAIL PROTECTED] Where the fun never starts Powered by FreeBSD, and GIN!

Re: SA 3.1.3 Binary RPMs for FC4?

> Don't know about 3.1.3, but Axel hosts 3.1.2 at atrpms.net: http://atrpms.net/dist/fc4/spamassassin/ instructions on setting up yum to use the atrpms repo can also be found on the site: http://atrpms.net/install.html C. - -- Craig McLeanhttp://fukka.co.uk [EMAIL PROTECTE

Re: Loading Rules - Possible Memory Issue

ago. FWIW I have had real success using FBSD-6.0-RELEASE, SA from CPAN and spamass-milter and sendmail from the ports collection. Just lately I've moved away from the milter, towards a procmail-based SA setup for better configurability. Ping me if you want more details. C. - -- Craig McLea

Re: Its nice when spammers declare their intentions...

efraud me. Maybe I won't bother > playing their game. > > Loren Heh, got this one yesterday: From: "Lazarus Dennis" To: <[EMAIL PROTECTED]> Subject: bastard And thought, why's he calling me a bastard? Maybe he knows his crap isn't going to get through.

Re: [sa-list] Re: spamd children run as root (again)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 FWIW I *don't* see this issue on FBSD 5.2.1 running SA 3.0.4 with perl 5.6.1 Craig. Justin Mason wrote: > > ah, good to hear -- although it would have been nice to have had that noted on bug 3900, which was still listed as "awaiting confirmation"...

Re: Ham not auto-learning?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Matthew Yette wrote: | Running the sa-stats.pl version 0.9 that produces a chart with stats on | what rules are hit for spam and ham most frequently, I notice that of | all 13,411 autolearns performed, every one of them was for spam. Ham has | 0 messa

Re: SURBL Redirection Problem

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 3.1.0-rc1 nailed it to the wall. Craig. Ilan Aisic wrote: | | pts rule name description | -- - -- | 0.9 RCVD_BY_IP Received by mail server with no na

Re: phish/bayes

; phrases, or "unauthorised # access" phrases. Confirms that the mail came from @paypal and contains # only paypal.com links, otherwise throws scores. # # Craig McLean - 2005/05/22 header __LOCAL_PP_ISFROMPP From:addr =~ /[EMAIL PROTECTED]/i header __LOCAL_PP_S_UPD Subject: =~ m&

Re: SURBL Redirection Problem

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Daryl C. W. O'Shea wrote: | Craig McLean wrote: | |> -BEGIN PGP SIGNED MESSAGE- |> Hash: SHA1 |> |> 3.1.0-rc1 nailed it to the wall. |> |> Craig. | <...> |> domain |> | 4.5 URIBL_SC_SURBL Con

Re: Help with Spam Assassin/MIMEDefang

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Nels Lindquist wrote: | Looks like you're missing IO-stringy and | MIME-tools, at a minimum. | | If you don't like the CPAN route, I believe all the perl modules | required by MIMEDefang are available as RPMs from Dag Wieers' yum | repository. Out o

Re: sa-learn

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 M.Lewis wrote: > > Is there a best practices recommendation for how often to run sa-learn ? In addition to all the good responses you've had I would add that if you keep the spam after learning, as I do (in case the bayes DB get killed) then it can so

Re: OK guys - why did this one get through.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 jdow wrote: [Headers snipped] I've been using the rules below to catch the paypal phishing mails I get. I know they don't counter the header issues you are seeing, but I'd be interested to know if they hit on the full message. If not, I'd appreciate

Re: Can't locate object method "check_hostname"

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Philipp Snizek wrote: > Hi > > when starting SA 3.1.0 I'm getting this in my logs: [snip] > Nov 6 14:46:53 mail spamd[20449]: rules: failed to run > INVALID_HOSTNAME test, skipping: > Nov 6 14:46:53 mail spamd[20449]: _(Can't locate object method >

Re: Typical settings for bayes_ignore_header?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [EMAIL PROTECTED] wrote: > I'm pretty sure my Bayes database is muntered Although I can't help with your problem, I *have* just found my new "word for the week". And for that, I thank you. C. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/

Re: Blocking on tld and/or HELO with own domain

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Andy Pieters wrote: > Hi list > > We have been receiving a lot of spam from the .jp tld lately. What's more is > this: [snip] [Saw this on the fedora list..] Andy, As mentioned on the Fedora list, if you want to block by "fake" HELO at the MTA lev

Re: Blocking on tld and/or HELO with own domain

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Andy Pieters wrote: > On Sunday 13 November 2005 23:06, Craig McLean wrote: >> Andy Pieters wrote: >>> Hi list >>> >>> We have been receiving a lot of spam from the .jp tld lately. What's >>> more

Re: Blocking on tld and/or HELO with own domain

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Kenneth Porter wrote: > --On Sunday, November 13, 2005 11:26 PM +0000 Craig McLean > <[EMAIL PROTECTED]> wrote: > >> Ok, well if you read my last message, I've indicated a better way than >> appending the whole thing

Re: SA Errors on --lint run

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Tracey Gates wrote: > I'm trying to run it as user root but I'm still getting these error > messages: > > > [EMAIL PROTECTED] mail]# /usr/local/sbin/rules_du_jour > mkdir: cannot create directory `/etc/mail/spamassasin/RulesDuJour': No >

Re: [Fwd: Re: uol.com.br]

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 jdow wrote: > > procmail: > :0: > # was from one specific person > * ^From: AntiSpam UOL <[EMAIL PROTECTED]> > /dev/null > > ... > # I just got pissed. > :0: > * ^From: .*uol.com.br > $HOME/mail/uol_crap Or (assuming you are your own MX) /etc/mail/a

Re: Spam not getting tagged as Spam

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Theo Van Dinter wrote: [snip] > Bayes is good at catching words which are spam/ham for you, make sure to > learn those mails. SA will work better for people who tune it to the > mail they receive though -- add your own rules for words and phrases > yo

A thought about phone numbers and URIBLs

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hey folks, I was having a thought about phone numbers in spam messages, and the old brain pinged an idea at me. I'd really appreciate any feedback! It occurred to me that I get a fair amount of spam which includes phone/fax numbers. It also occurred t

Re: A thought about phone numbers and URIBLs

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 List Mail User wrote: >> Hey folks, I was having a thought about phone numbers in spam messages, >> and the old brain pinged an idea at me. I'd really appreciate any feedback! >> >> It occurred to me that I get a fair amount of spam which includes >> p

Re: 3.1 on cpan

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 jdow wrote: >> On Sat, Dec 10, 2005 at 12:07:05PM -0800, JP Kelly wrote: >>> is SA 3.1 available through cpan yet? >>> If not will it be? >> >> Has been since September: >> >> http://cpan.org/modules/by-module/Mail/Mail-SpamAssassin-3.1.0.tar.gz > > S

Re: A thought about phone numbers and URIBLs

s, but your point is well taken. I assume from your comments that email addresses in the body of messages do not currently get looked at? Thanks! C. - -- Craig McLeanhttp://fukka.co.uk [EMAIL PROTECTED] Where the fun never starts Powered by FreeBSD, and GIN! --

Re: A thought about phone numbers and URIBLs

o the list, so if anyone wants them, they're at http://fukka.co.uk/sa-rules/local/phone_rules.cf C. - -- Craig McLeanhttp://fukka.co.uk [EMAIL PROTECTED] Where the fun never starts Powered by FreeBSD, and GIN! -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1

Re: I'm afraid I might have to report this list as a spam source

Jim Nasby's comments that: "It's surprising to me that the SA lists aren't just run through SA. Spam making it past that is a good indication of where SA could be improved afterall." C. - -- Craig McLeanhttp://fukka.co.uk [EMAIL PROTECTED] Where th

Re: I'm afraid I might have to report this list as a spam source

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Martin Hepworth wrote: > > >> -Original Message----- >> From: Craig McLean [mailto:[EMAIL PROTECTED] >> Sent: 23 December 2005 16:03 >> To: users@spamassassin.apache.org >> Subject: Re: I'm afraid I

Re: I'm afraid I might have to report this list as a spam source

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Kai Schaetzl wrote: > Craig McLean wrote on Fri, 23 Dec 2005 16:02:47 +: > >> I'll disagree with you here, I have had to contact the list-owner to get >> a dynamic address unsubscribed > > You mean an address

Re: I'm afraid I might have to report this list as a spam source

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Kai Schaetzl wrote: > Craig McLean wrote on Sun, 25 Dec 2005 13:51:46 +: > >> I *subscribed* with a dyndns-style address in >> a dynamic space, then couldn't *unsubscribe* it because the list bounced >> everything

Re: List of subjects of most common spams?

8 ham (from 4936) for squirrelmail and 6 spam/51 ham for thebat. Kind Regards, C. - -- Craig McLeanhttp://fukka.co.uk [EMAIL PROTECTED] Where the fun never starts Powered by FreeBSD, and GIN! -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (G

Re: correct way of whitelisting mailing lists

to users@spamassassin.apache.org in local.cf. C. - -- Craig McLeanhttp://fukka.co.uk [EMAIL PROTECTED] Where the fun never starts Powered by FreeBSD, and GIN! -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFDvBHJMDDagS2VwJ4RAl5QAKDF

FUZZY_MORTGAGE misfire.

s lines 269/270 (correct me if I'm wrong). Is this expected behaviour? It seems a little extreme? I can easily lower the score locally, and with a little better bayes training we would never have hit the threshold, but thoughts and comments would be appreciated. Thanks in advance,

Re: AWL and Auto Learn Bayes

bayes just fine. My bayes FP rate doesn't get pushed up either. Regards, C. - -- Craig McLeanhttp://fukka.co.uk [EMAIL PROTECTED] Where the fun never starts Powered by FreeBSD, and GIN! -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFDxq

Re: AWL and Auto Learn Bayes

nspam and bayes_auto_learn_threshold_spam C. - -- Craig McLeanhttp://fukka.co.uk [EMAIL PROTECTED] Where the fun never starts Powered by FreeBSD, and GIN! -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFDxquHMDDagS2VwJ4RAu7yAJwMerw6z+HTG

Re: AWL and Auto Learn Bayes

very careful to feed accurate info into it. Set up a spamtrap and a "spam" folder for manually identified spam, feed those into bayes by hand using sa-learn. Do the same for ham. There are plenty of ways to get a sizeable spam corpus fairly quickly :-) C. - -- Craig McLean

Re: spam scores low (Sendmail + smtp-vilter + SA )

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 jdow wrote: > (And sometimes it is fun to exercise morbid curiosity and look at some of > the outlandishly large scores and laugh at the poorly defined > messages. "Die Vile Spam!") > > {^_-} I'm glad it's not

Re: X-Spam Status

Gene, I'm a little confused about your setup, why not just get fetchmail to deliver all mail to procmail as the local MDA (man fetchmail will help you out), then let procmail sort into folders and spam check as necessary, and then use KMail as what it essentially is - a mail reader. Have

Re: RulesDuJour Recommendation

hose is no longer advisable). I also have a bunch of homebrew rules which add weigh to the specific types of spam I see here. They're on the website below if your interested. If you are getting a lot of pump-and-dump stock/microcap image spam, I can heartily recommend SARE_STOCKS. It's a

Re: getmail?

cribe > messages to the getmail-user list over the last 3 days with no response > which is discouraging. OTOH, now that I know it can't do what I want, > who cares. It might be that if there was a manpage for getmail, it > might be possible. A pox on software that doesn

Re: Spammasssin skips rules?

stances that Spamassassin skips any > rules? > > Rules scored at 0 will be skipped by SA. If you want the rule to fire but with a very low score (for testing, etc) assign a score like 0.01 to it. C. - -- Craig McLeanhttp://fukka.co.uk [EMAIL PROTECTED] Where the fun n

Re: getmail?

you could install one on the firewall box and use fetchmail to pull it onto the main server. Assuming you felt suitably insane. Regards, C. - -- Craig McLeanhttp://fukka.co.uk [EMAIL PROTECTED] Where the fun never starts Powered by FreeBSD, and GIN! -BEGIN PGP SIGNAT

Re: Syslog not working

> > I I have "local5.*; /var/log/spamassassin" in my syslogd.conf file. I HUP > syslog, and relaunch spampd, but the messages still go to the console and > not to the file. > Any ideas? You could try "/usr/local/bin/spamd -s /var/log/spamassassin &" C. - -- Craig M

Re: Syslog not working

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Henry F. Camacho Jr wrote: > You need the -d. > > HFC > > > Craig McLean wrote: > > Don O'Neil wrote: > > >>>> Hi all... I've tried using the FAQ entry to get spamd to log to >>&g

Re: It's nice when they tell you they are sending a spam...

Apologies for the top-posting and crappy formatting. I need a better mail client for my handheld... I know that SA strips existing headers these days, but would it be possible to add a custom rule which checks for the existence of such headers, added by an upstream MTA, and scores accordingly?

What to do with my spam?

All, I don't have a massive mail system. Just 2 users, of which this is one ;-) and ~200 messages a day. In order to train bayes I created a junk user and seeded it to a few messageboards to get it on the spam lists. The account isn't used for anything else so every message is spam and gets learned

OT: Bayes for VoIP anyone?

A whole new set of challenges heading our way... http://www.theregister.co.uk/2005/02/17/spam_gets_vocal_with_voip/ Craig.

Re: Update on Autolearn, SA/SA-milter ID problem, etc

Don, some thoughts inline.. Don Levey wrote: If the definition of insanity is doing the same thing multiple times and expecting a different result, what is it when you're doing the same thing multiple times, expecting the same result, and you get DIFFERENT results? Sounds like the definition of com

Re: Update on Autolearn, SA/SA-milter ID problem, etc

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Don Levey wrote: | Craig McLean wrote: | | |>> * The spamd/spamass-milter processes should not run as root (user |>>'spamassassin'). |> |>I gather from your previous mail that you already run this as |>"spamas

Re: Update on Autolearn, SA/SA-milter ID problem, etc

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Don Levey wrote: [snip] [Spamassassin rejecting mail above a certain score] | Not only that, but it seems to be happening now! I vaguely remember seeing | which config file would control this, but re-Googling for it doesn't turn | anything up now. Dam

Re: Update on Autolearn, SA/SA-milter ID problem, etc

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Don Levey wrote: [snip] | The latest in my quest to get SA to work properly... | | I've made sure that the whitelist and Bayes DB can be written to and be read | by 'spamassassin'. I've set the '-u spamassassin' flag for both the | /etc/sysconfig/spama

Local 419 mail rule set.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dear list, I've got a few local rules which I use to supplement the basic SA installation (3.0.2), but I don't really have a sizeable ham/spam corpus to test them against. Also, I'm aware that there will likely be some cross-over with the SARE ruleset,

Local 419 mail rule set. Take 2.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Anyone spot the deliberate mistake? :-( Craig. - This time with the attachment. - Dear list, I've got a few local rules which I use to supplement the basic SA installation (3.0.2), but I don't really have a sizeable ham/spam corpus to test them aga

Re: Need for a new rule?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Andreas Davour wrote: [snip] | Are there any rule for this? Would one be hard do design? I haven't seen | anything about is in the documentation. OR, I haven't understood what | I've read... I just wrote a bunch of obfu-rules with negative lookaheads an

RE: RCVD_IN_SORBS_WEB

On Thu, April 14, 2005 12:04 pm, Gray, Richard said: [snip] > When we've had to deal with this, I tend to write to write a short email > demonstrating the effectiveness of the tool (produce some statistics on > spam stopped) and point out that there is no way to achieve a 100% > efficiency. Or ju

OT?: If you need proof that spammers use the same resources as us...

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Call me paranoid, but a few weeks back I posted a couple of rules on this list and to the exit0 wiki which were designed to catch a common phrase seen in many 419 spams. Notably one which catches a common "allow me to introduce myself" style opening. I

Re: Blacklist Not Working

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ron Shuck wrote: | Has anyone ever seen a situation where entries in the black_list are not | being used or matching? Yes. Kind Regards, Craig. P.S Perhaps you could be more specific? -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.6 (GNU/Linux) Comme

Re: Blacklist Not Working

the | header. I have modified the init.d script for SpamAssassin to include | -D, and there are no errors in the startup. | | | | Ron Shuck, CISSP, GCIA, CCSE - Managing Consultant | Buchanan Associates - People. Process. Technology. | | -Original Message- | From: Craig McLean [mailto:[EMAIL

Re: Blacklist Not Working

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ron Shuck wrote: | Here is the log. I don't have the message, but as you can see it did not | match the blacklist. | | ---log-- | Apr 24 04:39:43 mail postfix/smtpd[25746]: connect from | castile.calmra.com[72.11.146.117] | Apr 24 04:39:44 mail

Re: INVALID_MSGID hitting improperly?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ring, John C wrote: | I just learned of an issue we're having on a fail positive due to a hit on | INVALID_MSGID (and that I'd jacked the score on that up to 20, but that's | another story...). While I just learned of the issue today, it started a | bi

Re: INVALID_MSGID hitting improperly?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 In reply to my own earlier post: Thanks to Matt Kettler for a better understanding of the facts. I should have RTFRFC again before opening my mouth! | They both seem to hit INVALID_MSGID here. As they should, see below. | I'm having some problems unders

Re: Letting spam through

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mike Chambers wrote: | I finally got spamassassin working (I think), via installed | spamassassin-milter and it seems to stop the spam, as well as I see the | headers showing it's checking. | | spamass-milter-0.3.0-1.1.fc3.rf | spamassassin-3.0.3-3.fc4

Re: INVALID_MSGID hitting improperly?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Theo Van Dinter wrote: | On Fri, Apr 29, 2005 at 11:14:10PM +0100, Craig McLean wrote: | |>| BTW, why have *any* single rule scored at 20? Especially this one. |> |>This question, however, still stands. | | | If a rule doesn't FP for you

Re: Blank subject gets around filtering rules

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Michael Weber wrote: | This one came in on my 3.0.2 gateway, haven't yet had one try my other | gateway which is 3.0.3. | | -Michael Without adding anything useful, except perhaps corroborating evidence, this has also been an issue here on 3.0.2 and s

Re: AWL whaaat

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Matt Kettler wrote: | | HSA (Historical Score Averager) might be reasonably accurate, but unless | you think about the math, it's purpose isn't clear. (And in my | experience, most people don't enjoy thinking about math. ) | | Got any better suggestions

Re: Subscribing to spam lists

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Johnson, S wrote: | Anyone know the best way to subscribe to receive all the spam I can | possibly get? | | | Thanks A foolproof way used by the 419 eaters used to be: 1) search in google for "MUGU GUYMAN" 2) post a message in the resulting guestbook

Re: Weighing spam with sa-learn

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Johnson, S wrote: > > > I’m looking at creating an email address to capture spam and only be > used for spam. Since I can be guaranteed that all email I received to > this address is spam, is there a way to weigh this higher in the sa-learn? > Spam i

Re: Weighing spam with sa-learn

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 jdow wrote: | From: "Craig McLean" <[EMAIL PROTECTED]> | |>-BEGIN PGP SIGNED MESSAGE- |>Hash: SHA1 |> |>Johnson, S wrote: |> |>> |>>I'm looking at creating an email address to capture sp

Re: AWL -> SQL

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Alan Munday wrote: | | Is it possible to move the awl data when migrating to SQL? | Sounds like a job for convert_awl_dbm_to_sql which, here at least, is in: /var/cpan/build/Mail-SpamAssassin-3.0.3/tools/ Then again, I might be talking out of my behind.

Strange SA report maths.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi all, Using SA 3.0.3 on FreeBSD, I noticed the following interesting maths in the report from a message received a moment ago: - -quote- Content analysis details: (4.1 points, 4.0 required) ~ pts rule name description - ---

Re: Strange SA report maths.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Loren Wilton wrote: |>Now correct me if I'm wrong, but 3.5 + 0.2 + 0.1 + 0.1 is not 4.1 ? | | | Rounding. See the wiki. | Can you be more specific? A search of wiki.apache.org/spamassassin shows 2 pages containing "rounding": StatusRounding - orphaned.

Re: Strange SA report maths.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Theodore Heise wrote: | | On Sun, 15 May 2005, Craig McLean wrote: | | |>-BEGIN PGP SIGNED MESSAGE- |>Hash: SHA1 |> |>Loren Wilton wrote: |>|>Now correct me if I'm wrong, but 3.5 + 0.2 + 0.1 + 0.1 is not 4.1 ? |>| |

  1   2   >