score in the same place. Also I attach the original e-mail and
> I use spamassassin 3.04 on redhat 9 with spamd/spamc..
rewrite_header subject *SPAM* (score=_SCORE_/_REQD_)
Works for me with 3.0.1.
--
/---------\
| Michael Barnes <[EMAIL PR
ll. A custom rule
that I wrote does well for me as well:
headerWIERD_MSGIDMessage-ID =~ /<[A-Z]{15,40}@/
describe WIERD_MSGIDSpamlooking Message-ID <[EMAIL PROTECTED]>
score WIERD_MSGID0.5
Mike
--
/---------\
| Michael
; 1 SARE_FROM_SPAM_DOMN0
ALL-> 1 NOT_ADVISOR
ALL-> 00001 SARE_RAND_OTHER_U
ALL-> 1 SARE_USERAG_3
ALL-> 1 URI_4YOU
ALL-> 1 HTTP_ESCAPED_HOST
ALL-> 1 DATE_IN_FUTURE_48_96
ALL-> 1 HTML_SHORT_CENTER
ALL-> 1 SARE_MULT_VIA_CITIZNET
ALL-> 1 BODY_ENHANCEMENT2
ALL-> 1 SARE_FROM_SPAM_MONEY2
ALL-> 1 SARE_RECV_SUSP_2
ALL-> 1 CONFIRMED_FORGED
ALL-> 1 GUARANTEED_100_PERCENT
ALL-> 1 SARE_FROM_CHAR_W1251
ALL-> 1 CONSOLIDATE_DEBT
ALL-> 1 HELO_DYNAMIC_ROGERS
ALL-> 1 DATE_IN_PAST_12_24
ALL-> 1 SARE_RAND_OTHER_AA
ALL-> 1 MILLION_USD
ALL-> 1 SOME_BREAKTHROUGH
ALL-> 1 SARE_FROM_NONAME
ALL-> 1 COMPETE
ALL-> 1 FORWARD_LOOKING
ALL-> 1 CLICK_TO_REMOVE_1
ALL-> 1 URI_OFFERS
ALL-> 1 WIERD_PUNC_SUBJ5
ALL-> 1 SARE_FROM_DLL
ALL-> 1 UNCLAIMED_MONEY
ALL-> 1 SARE_FROM_SPAM_NAME0
ALL-> 1 FORGED_JUNO_RCVD
ALL-> 1 SUBJ_BUY
ALL-> 1 AS_SEEN_ON
ALL-> 1 SUBJECT_DRUG_GAP_S
ALL-> 1 UPPERCASE_75_100
ALL-> 0 NO_CC_REQD
ALL-> 0 SARE_HEAD_SUBJ_RAND
ALL-> 0 WORK_AT_HOME
ALL-> 0 REPLY_TO_EMPTY
ALL-> 0 HTML_FONT_FACE_BAD
ALL-> 0 DEAR_SOMETHING
ALL-> 0 SARE_FROM_FREE
ALL-> 0 EXCUSE_1
ALL-> 0 CREDIT_CARD
ALL-> 0 SARE_FREE_WEBM_RuMail
ALL-> 0 REMOVE_PAGE
ALL-> 0 SARE_RECV_SKANOVA
ALL-> 0 UPPERCASE_50_75
ALL-> 0 SARE_RECV_SPAM_DOMN3
ALL-> 0 HTML_LINK_PUSH_HERE
ALL-> 0 GET_PAID
ALL-> -0001 MULTI_REMOVAL_1WORD
ALL-> -0001 AOL_USERS_LINK
ALL-> -0001 SARE_MSGID_EMPTY
ALL-> -0001 SARE_CHARSET_W1251
ALL-> -0001 SARE_RECV_SPAM_WORD3
ALL-> -0001 WEIRD_QUOTING
ALL-> -0001 SARE_FREE_WEBM_Softhom
ALL-> -0001 MORTGAGE_BEST
ALL-> -0001 SARE_XMAIL_SUSP2
ALL-> -0001 SARE_XMAIL_BULK3a
ALL-> -0001 SARE_FROM_SPAM_CHAR0
ALL-> -0001 MORTGAGE_RATES
ALL-> -0001 SARE_RAND_4
ALL-> -0001 SARE_HEAD_HDR_XSPAM
ALL-> -0001 HTML_EVENT_UNSAFE
ALL-> -0001 SARE_RAND_1
ALL-> -0001 SORTED_RECIPS
ALL-> -0001 SARE_HEAD_HDR_XMSGID
ALL-> -0001 BELIZE
ALL-> -0001 EXTRA_MPART_TYPE
ALL-> -0002 LOTS_OF_STUFF
ALL-> -0002 RISK_FREE
ALL-> -0002 EARN_PER_WEEK
ALL-> -0002 INITIAL_INVEST
ALL-> -0002 SUBJ_HAS_SPACES
ALL-> -0002 RCVD_IN_BSP_OTHER
ALL-> -0002 NO_FORMS
ALL-> -0002 HTML_NONELEMENT_20_30
ALL-> -0002 BEEN_TURNED_DOWN
ALL-> -0002 X_MSMAIL_PRIORITY_HIGH
ALL-> -0002 X_PRIORITY_HIGH
ALL-> -0002 SARE_FROM_PHRASE
ALL-> -0003 SARE_HEAD_HDR_XUNSUB
ALL-> -0004 SARE_FREE_WEBM_EsYahoo
ALL-> -0005 HTML_60_70
ALL-> -0005 SARE_MSGID_IP
ALL-> -0005 SUSPICIOUS_RECIPS
ALL-> -0006 PLING_PLING
ALL-> -0006 SARE_HEAD_HDR_XCANITP
ALL-> -0008 CLICK_BELOW_CAPS
ALL-> -0009 EXCUSE_7
ALL-> -0009 HTML_NONELEMENT_00_10
ALL-> -0013 REAL_NAME_NOLC
ALL-> -0014 UPPERCASE_25_50
ALL-> -0014 SARE_HEAD_XID
ALL-> -0014 EXTRA_SUBJ_SPACES
ALL-> -0017 BAYES_40
ALL-> -0022 RCVD_IN_BSP_TRUSTED
ALL-> -0025 HTML_WEB_BUGS
ALL-> -0026 NO_DNS_FOR_FROM
ALL-> -0026 BAYES_20
ALL-> -0027 MSGID_FROM_MTA_HEADER
ALL-> -0034 BAYES_05
ALL-> -0041 OPTING_OUT
ALL-> -0041 FORGED_RCVD_HELO
ALL-> -0065 UNIQUE_WORDS
ALL-> -0074 SUBJ_NONWORD
ALL-> -0081 DATE_IN_FUTURE_06_12
ALL-> -0082 NO_SPACE_IN_FRM
ALL-> -0083 URI_REDIRECTOR
ALL-> -0094 RE_NO_RE_HEADERS
ALL-> -0118 DNS_FROM_RFC_POST
ALL-> -0130 PGP_SIG
ALL-> -0146 FVGT_m_MULTI_ODD
ALL-> -0151 FRM_NOT_TWO_WORDS
ALL-> -0160 WIERD_PUNC_SUBJ3
ALL-> -0239 REAL_NAME_NOUC
ALL-> -0286 HAS_QUOTED_SIG
ALL-> -0294 TO_MALFORMED
ALL-> -0351 WIERD_PUNC_SUBJ
ALL-> -0422 SARE_HEAD_XBEEN
ALL-> -0481 MIME_HEADER_CTYPE_ONLY
ALL-> -0833 NO_REAL_NAME
ALL-> -0847 USER_IN_WHITELIST
ALL-> -1110 HAS_SIGNATURE
ALL-> -1277 FRM_NOUC
ALL-> -1367 LOCAL_ANGLE
ALL-> -1429 USER_IN_DEF_WHITELIST
ALL-> -1643 HAS_REFERENCES
ALL-> -1703 HAS_IN_REPLY_TO
ALL-> -2515 LIST_LOCAL2
ALL-> -2515 LIST_LOCAL
ALL-> -2598 LOCAL_BULK
ALL-> -2944 ALL_TRUSTED
ALL-> -5402 BAYES_00
spams = 3281 hams = 6532
--
/-\
| Michael Barnes <[EMAIL PROTECTED]> |
| UNIX Systems Administrator |
| College of William and Mary |
| Phone: (757) 879-3930 |
\-/
lick below to unsubscribe from future mailings.
http://equifaxmktg.com/equifax/redirect.asp?lid=1051268&o=1&[EMAIL
PROTECTED]&DATI=evLVYy4d%2Bx27Uxndjx8MHAxPIV5xvK%2x0
- End forwarded message -
--
/-\
| Michael Barnes <[EMAIL PROTECTED]> |
| UNIX Systems Administrator |
| College of William and Mary |
| Phone: (757) 879-3930 |
\-/
ssion that razor and pyzor were "fingerprinting"
techniques. Am I off base here?
Mike
--
/---------\
| Michael Barnes <[EMAIL PROTECTED]> |
| UNIX Systems Administrator |
| College of William and Mary |
| Phone: (757) 879-3930 |
\-/
e somehow objectively done with a corpus of ham
and spam and some algorithm to score accordingly, but to me some of them
just seem wrong. Maybe scores and rules could be autolearned like
bayes. Not sure.
Thats my input for your managers.
Mike
--
/
spam without any false positives. This is with or
without bayes. But I do run many more tests than you do. YMMV
Mike
--
/---------\
| Michael Barnes <[EMAIL PROTECTED]> |
| UNIX Systems Administrator |
| College of William and Mary |
| Phone: (757) 879-3930 |
\-/
mail programs, this could be easier
to implement. Otherwise, I would not even attempt it.
Mike
--
/---------\
| Michael Barnes <[EMAIL PROTECTED]> |
| UNIX Systems Administrator |
| College of William and Mary |
| Phone: (757) 879-3930 |
\-/
r
tiscali.co.uk
topica.com
ual.com
uclick.com
unitedoffers.com
ups.com
verizon.net
w3.org
washingtonpost.com
weatherbug.com
xmr3.com
yahoo.co.uk
yahoo.com
yahoogroups.com
yimg.com
yourfreedvds.com
Mike
--
/---------\
| Michael Barnes <[EMAIL PROTECTED]> |
| UNI
> Can I eg. kill such a looping thread and get a coredump I can gdb or
> something?
You could, but at best it would give you debug information about the
perl binary itself, and not the script that it is running.
I would check the force-expire option first.
Mike
--
/---
experience, I've noticed that there is a high correlation
between DCC positive hits & Pyzor positive hits & real spam, so I scored
it that way.
Mike
--
/---------\
| Michael Barnes <[EMAIL PROTECTED]> |
| UNIX Systems Administrator |
ed email
clients and they are a privacy and security issue for the user.
BTW, I get bayes poisoned, image only mails and they score above 10 on
my system all the time.
Mike
--
/---------\
| Michael Barnes <[EMAIL PROTECTED]> |
| UNIX Systems Administrator
y UPS has battery
power (occasional), or for a hardware upgrade (occasional).
Aside from conditions like this, there is no need to reboot any modern
OS (one that has come out in the past 10 years or so).
Mike
--
/-\
| Michael Barnes <[EMAIL PROTECTED]> |
| UN
NIX socket. I'm not familiar with any advantages
of using a UNIX socket over a TCP one.
Mike
--
/-\
| Michael Barnes <[EMAIL PROTECTED]> |
| UNIX Systems Administrator |
| College of William and Mary |
| Phone: (757) 879-3930 |
\-/
to be more effective with an individual database
per user.)
--
/-\
| Michael Barnes <[EMAIL PROTECTED]> |
| UNIX Systems Administrator |
| College of William and Mary |
| Phone: (757) 879-3930 |
\-/
th users that have their bayes db initialized
and for those that do not, but it works a little better for those with
bayes.
I don't think that evilnumbers.cf or chickenbox.cf will give you
anything in 3.x.
Mike
--
/-\
| Michael Barnes <[EMAIL PRO
de. But if I were stuck with the same crappy
server hardware. I would spend my own money to upgrade the box so that
it was usable, and start looking for a better job.
Mike
--
/---------\
| Michael Barnes <[EMAIL PROTECTED]> |
| UNIX Systems Administrator
ed, and that might be better to use vs one that is specific
to the exact version you are running.
Mike
--
/-\
| Michael Barnes <[EMAIL PROTECTED]> |
| UNIX Systems Administrator |
| College of William and Mary |
| Phone: (757) 879-3930 |
\-/
riables is that it is
impossible to inject an environment variable into an already running
process. But it makes sense once you think about it.
Mike
--
/-\
| Michael Barnes <[EMAIL PROTECTED]> |
| UNIX Systems Administrator |
| College of William and Mary |
| Phone: (757) 879-3930 |
\-/
dmail was logging the correct timestamp but MailScanner
> was logging about 2 hours behind. The way I resolved it was to add the '-r'
> switch to my syslog initscript.
>
> Mike
--
/-\
| Michael Barnes <[EMAIL PROTECTED]> |
| UNIX Systems Administrator |
| College of William and Mary |
| Phone: (757) 879-3930 |
\-/
r not
experienced managing databases, this might be more trouble than its
workth.
Hope this helps,
Mike
--
/-\
| Michael Barnes <[EMAIL PROTECTED]> |
| UNIX Systems Administrator |
| College of William and Mary |
| Phone: (757) 879-3930 |
\-/
he perl level.
Mike
--
/---------\
| Michael Barnes <[EMAIL PROTECTED]> |
| UNIX Systems Administrator |
| College of William and Mary |
| Phone: (757) 879-3930 |
\-/
default CFLAGS by putting the CCFLAGS and the
CFLAGS values in my environment before running "perl Makefile.PL".
I would guess that this could be considered a bug, because its not too
uncommon for default CFLAGS to be changed during a compilation.
Mike
--
/-
ery that enforces the
order of the configuration directives.
It may not be ideal, but it is a workaround.
Mike
--
/-----\
| Michael Barnes <[EMAIL PROTECTED]> |
| UNIX Systems Administrator |
| College of William and Mary |
| Phone: (757) 879-3930 |
\-/
ysql or postgres database for the database?
--
/---------\
| Michael Barnes <[EMAIL PROTECTED]> |
| UNIX Systems Administrator |
| College of William and Mary |
| Phone: (757) 879-3930 |
\-/
uot;SPAM" or "HAM". It could categorize mails
as say "nigerian spam", "porn spam", "mortage spam", etc.
Mike
--
/-\
| Michael Barnes <[EMAIL PROTECTED]> |
| UNIX Systems Administrator |
| College of William and Mary |
| Phone: (757) 879-3930 |
\-/
the number of open files.
That should do it.
Mike
--
/---------\
| Michael Barnes <[EMAIL PROTECTED]> |
| UNIX Systems Administrator |
| College of William and Mary |
| Phone: (757) 879-3930 |
\-/
standard tools to run something on anohter box.
Like a web form or something. The cronjob is probably the safest and
easiest to implement.
Mike
--
/---------\
| Michael Barnes <[EMAIL PROTECTED]> |
| UNIX Systems Administrator |
| College of
37,
> line 310
Seems like you have too many open files. It would help if you said what
OS you are running including version.
If your system has 'lsof' installed. Run it. It will tell you all of
the open files each app has open.
Mike
--
/-------
ssin or spamd with the -D parameter and like you
normally run it. By "normally run it", I mean with the same user AND
HOME environment variable and with the proper '-u' flag if used.
Mike
--
/---------\
| Michael Barnes <[EMAIL PROTECTED]> |
|
ire the bayes tokens twice a month, and the problem went away.
The cron job command was simply:
sa-learn --force-expire
Mike
--
/---------\
| Michael Barnes <[EMAIL PROTECTED]> |
| UNIX Systems Administrator |
| College of William and Mary |
| Phone: (757) 879-3930 |
\-/
On Fri, Oct 15, 2004 at 03:25:10PM -0400, Matt Kettler wrote:
> At 01:05 PM 10/15/2004, Michael Barnes wrote:
> >I've found that the ALL_TRUSTED hit too many spams as hams. I havn't
> >looked at the rule to see what it is doing, but I put in my
> >
at is going on or how to debug this?
Mike
--
/---------\
| Michael Barnes <[EMAIL PROTECTED]> |
| UNIX Systems Administrator |
| College of William and Mary |
| Phone: (757) 879-3930 |
\-/
. Maybe someone who is more familiar with the rule
can add something more informative, but I didn't find the rule
worthwhile in my testing.
Mike
--
/---------\
| Michael Barnes <[EMAIL PROTECTED]> |
| UNIX Systems Administrator
I've read all morning. Thanks. hehe
Me too, now why isn't my procmail filter working?? (this is only a
test).
Mike
--
/-----\
| Michael Barnes <[EMAIL PROTECTED]> |
| UNIX Systems Administrator |
| College of William and Mary |
| Phone: (757) 879-3930 |
\-/
annot do
that in the future :)
Kudos to the SA team. The best feature that I like about SA 3.0 is the
plugin support. That should be very interesting in the near future when
good 3rd party plugins become available.
Mike
--
/---------\
| Michael Barnes <[E
36 matches
Mail list logo
