Re: anyone know anything about lashback?

On 8/9/2011 3:39 AM, Michael Scheidell wrote: does anyone know about this rbl? We have a persistent sender who is sending phishing emails through a large corporate server (not ours .. ;-) the only two reputation filters that list them are the commercial DCC

Re: sa-update failing

On 7/17/2011 7:55 AM, Axb wrote: On 2011-07-17 18:32, Warren Togami Jr. wrote: On 7/16/2011 4:54 AM, dar...@chaosreigns.com wrote: On 07/15, ssapp80 wrote: Running spamassassin-3.3.2 on CentOS 5.5 perl-Net-DNS ver 0.59 installed When I run sa-update i receive the following failures on the

Re: sa-update failing

On 7/16/2011 4:54 AM, dar...@chaosreigns.com wrote: On 07/15, ssapp80 wrote: Running spamassassin-3.3.2 on CentOS 5.5 perl-Net-DNS ver 0.59 installed When I run sa-update i receive the following failures on the Net::DNS module "name2labels" is not exported by the Net::DNS module My guess is

Re: sa-update failing

rent from this? I have never seen an error like that before. Why are you running sa-update manually? The upstream RPM and SpamTips.org RPM (both designed by me) automatically run sa-update once per day if spamd is running. Warren Togami war...@togami.com

Re: spamassassin 3.3.2 rpms for el4 / centos4 etc ???

Either way you probably want to talk to Warren Togami, the resident RedHat guy. I'd like to see it included, but nobody was willing to maintain it. You should be able to easily copy the relevant files from the 3.3.1 tarball, if they worked for you. Darxus, thanks for the info. i checked t

Re: SpamTips.org: Why run your own DNS server?

On 7/4/2011 1:52 AM, Axb wrote: A small site will never use 400MB of DNS cacheing... don't scare ppl unnecessarily :) Larger sites already do local recursion and have the iron to to it. (other recursors will also use a lot of memory under high-ish load) It is also possible that pdns-recursor ju

Re: SpamTips.org: Why run your own DNS server?

On 7/4/2011 1:52 AM, Axb wrote: On 2011-07-04 12:46, Warren Togami Jr. wrote: Hey folks, http://www.spamtips.org/2011/07/spamassassin-why-run-your-own-dns.html I wrote this article about why it can be important to run your own DNS server if you have a busy Spamassassin deployment. Anyone have

Re: SpamTips.org: Why run your own DNS server?

On 7/4/2011 12:58 AM, Toni Mueller wrote: Hi Warren, On Mon, 04.07.2011 at 00:46:15 -1000, Warren Togami Jr. wrote: http://www.spamtips.org/2011/07/spamassassin-why-run-your-own-dns.html Anyone have any better tips of an alternate DNS resolver, or configuration options to improve this

SpamTips.org: Why run your own DNS server?

://admin.fedoraproject.org/mailman/listinfo/spamassassin-news Subscribe here for my Spamassassin for Sysadmins Newsletter Thanks, Warren Togami war...@togami.com

Re: Rule updates

On 6/27/2011 7:03 AM, dar...@chaosreigns.com wrote: On 06/27, Lars Jørgensen wrote: I noticed the rules for 3.3.1 were updated during the weekend (don't worry about my workaholism, I noticed this monday morning ^-^). I was preparing to upgrade to 3.3.2, but seeing the updated rules m

Spamassassin 3.3.2 RPM Packages for Fedora and RHEL

http://www.spamtips.org/p/rpm-packages.html These packages for EL5 and EL6 are identical to the Fedora versions, and I personally use them in production. Warren Togami war...@togami.com

ANNOUNCE: Apache SpamAssassin 3.3.2 available

Release Notes -- Apache SpamAssassin -- Version 3.3.2 Introduction This is a minor release, primarily to support perl-5.12 and later. Additionally several other minor bugs are fixed. Downloading and availability Downloads are available from: http://s

Re: Sought rules

On 6/12/2011 12:32 AM, Warren Togami Jr. wrote: On 6/11/2011 10:03 AM, Justin Mason wrote: guys -- I'm going to make the whole question moot (in trunk at least) -- the only reason SOUGHT and SOUGHT_FRAUD were being checked in there was to make their accuracy visible in ruleqa. It's b

Re: Sought rules

On 6/11/2011 10:03 AM, Justin Mason wrote: guys -- I'm going to make the whole question moot (in trunk at least) -- the only reason SOUGHT and SOUGHT_FRAUD were being checked in there was to make their accuracy visible in ruleqa. It's been months since I've looked at that, so it's needless. I'l

READ THIS Re: Sought rules

On 6/10/2011 11:13 PM, Warren Togami Jr. wrote: Wait a sec, I'm confused about this. "JM_SOUGHT_2 hitting on every legit Facebook message" on dev@ list February 17th 2011. If the SOUGHT channel was being overridden by the sa-update rules, how would this problem appear from the

Re: Sought rules

Wait a sec, I'm confused about this. "JM_SOUGHT_2 hitting on every legit Facebook message" on dev@ list February 17th 2011. If the SOUGHT channel was being overridden by the sa-update rules, how would this problem appear from the SOUGHT channel? Doesn't this suggest that spamassassin was suc

Re: Sought rules

On 6/10/2011 3:34 PM, John Hardin wrote: On Fri, 10 Jun 2011, Lawrence @ Rogers wrote: On 10/06/2011 10:24 PM, Warren Togami Jr. wrote: On 6/10/2011 2:01 PM, Karsten Bräckelmann wrote: > > IFF you use the sought channel with SA 3.3.x, you will need the reorder > hack to bend the alph

Re: Sought rules

On 6/10/2011 2:01 PM, Karsten Bräckelmann wrote: IFF you use the sought channel with SA 3.3.x, you will need the reorder hack to bend the alphabet. It is not entirely clear to me, what exactly are you supposed to rename for the reorder hack? You have to do it every time you sa-update? War

Re: Sought rules

On 6/10/2011 7:14 AM, Karsten Bräckelmann wrote: You are generally correct about the numerical (actually lexical) order, though it doesn't apply to the files you are talking about. The mentioned 72_active and 20_sought are in different sa-update channels. Now, the bad thing about this is that u

3.3.2 Ready for Testing

/ Warren Togami war...@togami.com

3.3.2-rc2 Call for Testing

-3.3.2-rc2.r1104058.tar.gz http://people.apache.org/~wtogami/rpm/3.3.2-rc2/ RPM packages for EL5 and EL6 Warren Togami war...@togami.com

Re: Trouble starting Spamassassin

On 5/18/2011 1:20 AM, john ffitch wrote: Thank you. Removing the "defined" clear one error but I still get May 18 12:17:36.306 [5489] warn: Use of uninitialized value $opt{"syslog-socket"} in lc at /usr/bin/spamd line 444. child process [5491] exited or timed out without signaling production o

EL5 and EL6 Packages of spamassassin-3.3.2-rc1

http://people.apache.org/~wtogami/rpm/3.3.2-rc1/ I made test packages for EL5 and EL6. I began using both in production just now with no apparent ill effects. We need more people to test this and provide feedback. Warren On 05/14/2011 10:34 PM, Warren Togami Jr. wrote: Hey folks, This is

Re: Testing Needed: spamassassin-3.3.2-rc1

Please file bugs. Nothing can be committed to spamassassin-3.3.x without bugs and votes. Warren

DNSBL Safety Report 5/14/2011

http://www.spamtips.org/2011/05/dnsbl-safety-report-5142011.html Several of the well known add-on DNSBL's have changed in safety or overlap since the previous January 2011 report, so sysadmins of Spamassassin servers may want to look carefully at this new report. https://admin.fedoraproject.or

Testing Needed: spamassassin-3.3.2-rc1

assin-3.3.2-rc1.zip 9e20dd49fbbb1bf1ff4d171ac3531b53ba7c9dfd Mail-SpamAssassin-rules-3.3.2-rc1.r1083704.tgz GPG signatures available at the above URL. WARNING: I did not test this in production. Warren Togami war...@togami.com

Re: Dumb questions

On 5/6/2011 9:19 AM, Greg Lentz wrote: Well, since it looks like SA 3.2 hasn't been getting rules for a couple of years, that probably isn't as critical at the moment. -- Greg Lentz Of course it is critical. How effective would your virus scanner be after several years without updates? Warren

Re: Any active rules repositories left?

On 4/22/2011 6:32 AM, Morten wrote: Hi folks, I'm looking at upgrading a SA 3.2.5 installation. I see that there's a 3.3.1 release, but that's more than a year old. Is there some shared rules repository out there that's more recent? Thanks, Morten http://www.spamtips.org/p/ultimate-setup

Mailspike Performance

these measurements, it probably isn't helpful to use HOSTKARMA_BL. Warren Togami war...@togami.com

Re: Suddenly tons of spam

On 3/29/2011 8:30 AM, RW wrote: On Tue, 29 Mar 2011 12:55:51 -0500 Max wrote: Heres the output of spamassassin -D --lint: [29434] dbg: logger: adding facilities: all [29434] dbg: logger: logging level is DBG [29434] dbg: generic: SpamAssassin version Update to the current version. It's not

Re: Spam Eating Monkey causing 100% false positives for large institutions

On 3/23/2011 10:58 AM, Karsten Bräckelmann wrote: On Wed, 2011-03-23 at 10:18 -1000, Warren Togami Jr. wrote: On 3/23/2011 7:38 AM, Blaine Fleming wrote: In the recent sa-updates, the Spam Eating Monkey rules were inappropriately enabled. [...] As soon as the bug was reported on the dev

Re: Spam Eating Monkey causing 100% false positives for large institutions

On 3/23/2011 7:38 AM, Blaine Fleming wrote: On 3/23/2011 9:56 AM, dar...@chaosreigns.com wrote: In the recent sa-updates, the Spam Eating Monkey rules were inappropriately enabled. If you hit them too much, they start returning 100% false positives. Their listed limits are "more than 100,000 q

Re: Performance on Spear Phishing?

On 3/16/2011 5:45 PM, Karsten Bräckelmann wrote: On Wed, 2011-03-16 at 20:30 -0700, John Hardin wrote: On Thu, 17 Mar 2011, Hamad Ali wrote: Probably I need to participate on nightly checks to improve phish and lower false positives. More masscheck participants are always welcome! No. Th

Re: Performance on Spear Phishing?

On 3/16/2011 4:08 PM, Hamad Ali wrote: Hi folks -- wondering if anyone has monitored SA's performance against phishing mails. SA is able to detect 86% of phishing emails my clients get, with 0.5% false positives on all the ham. It seems non-phish-SPAM is easier to be detected than phish (~99% for

Re: how to disable network tests?

icle here about the free usage limits of the various spamassassin network tests. http://www.spamtips.org/p/ultimate-setup-guide.html Please read this page for all known safe and effective configuration tweaks to spamassassin. Warren Togami war...@togami.com

Re: sa-updates

each nightly masscheck at the above link. https://fedorahosted.org/auto-mass-check/ We are seriously in need of additional volunteers in the nightly masscheck. Please read this page to learn how to join. Warren Togami war...@togami.com

Re: The one year anniversary of the Spamhaus DBL brings a new zone

On 3/8/2011 9:58 AM, Bill Landry wrote: FYI: "Spamhaus created a new "URL shortener/redirector" zone in the DBL." See: http://www.spamhaus.org/news.lasso?article=667 Will Spamassassin be adding support for this new DBL shortener/redirector response code?: 127.0.1.3 spammed redirector domain F

Re: Open letter to Yahoo and Hotmail concerning junkmail

On 3/7/2011 2:10 AM, Mynabbler wrote: Warren Togami Jr. wrote: I'd agree, but users wont rebel against Yahoo unless they begin to see actual bounces to their sent mail. I don't know about your end users, but ours typically get flummoxed if mail from this "well known and tru

Re: Open letter to Yahoo and Hotmail concerning junkmail

On 3/6/2011 3:15 AM, Ned Slider wrote: On 06/03/11 11:46, Warren Togami Jr. wrote: I have no comment on your proposed solution. I can however point out the statistics that I see on my own spam traps. It seems that 90%+ of the spam coming from DNSWL listed hosts is Yahoo and Hotmail which are

Re: Open letter to Yahoo and Hotmail concerning junkmail

I have no comment on your proposed solution. I can however point out the statistics that I see on my own spam traps. It seems that 90%+ of the spam coming from DNSWL listed hosts is Yahoo and Hotmail which are listed as DNSWL_NONE. Meanwhile very few spam comes from gmail.com. Apparently DN

Re: low score for ($1.5Million)

On 3/3/2011 3:06 PM, Karsten Bräckelmann wrote: On Fri, 2011-03-04 at 01:53 +0100, Mikael Syska wrote: I get the following hits: Content analysis details: (19.1 points, 5.0 required) Note though, that your score is on SA 3.3.x, while the OP uses SA 3.2.x. Yes, I can tell this from the scores

Re: DNSWL rules downscoring spam

On 2/20/2011 9:11 AM, Michelle Konzack wrote: Hello Pasi Hirvonen, Am 2011-02-20 17:22:23, hacktest Du folgendes herunter: Hello, I just recently moved our mail setup to new hardware and I've been paying close attention to what gets marked as spam and what doesn't. Looking at my spam folder,

Re: DNSWL rules downscoring spam

On 2/20/2011 6:31 AM, dar...@chaosreigns.com wrote: I know of no reason it would be a temporary hiccup, but it is certainly unusual. According to spamassassin's mass checks, 0.89% of spam hits RCVD_IN_DNSWL_MED: http://www.chaosreigns.com/dnswl/ The masscheck results are a bit misleading, ov

Re: DNSWL rules downscoring spam

On 2/20/2011 6:21 AM, Matthias Leisi wrote: On Sun, Feb 20, 2011 at 4:22 PM, Pasi Hirvonen wrote: Hello, I just recently moved our mail setup to new hardware and I've been paying close attention to what gets marked as spam and what doesn't. Looking at my spam folder, I have received roughly 5

Re: Sa-update and proxy servers

On 2/17/2011 11:44 PM, Daniel Lemke wrote: Michael Scheidell wrote: [...] I now need to set a proxy server to do sa-updates through, but could not find any information on settings for a proxy server. [...] Added cmd options: -x --proxy -U --proxy-user -P --proxy-password -t --connect

Re: using spamhaus droplist with sa ?

On 2/17/2011 5:40 AM, RW wrote: The suggestion is that it be scored higher for that reason. Or just outright block all MTA connections from anything listed in zen.spamhaus.org, which seems to be safe. Large sites I know have been doing that for years without any complaints. Warren

Re: mx1.res.cisco.com a dynamic ip?

On 2/10/2011 2:30 PM, Michael Scheidell wrote: host mx1.res.cisco.com mx1.res.cisco.com has address 208.90.57.13 $ host 208.90.57.13 13.57.90.208.in-addr.arpa domain name pointer mx1.res.cisco.com. looks fine to me, why does this look to SA like a dynamic ip? (TRIGGERED RDNS_DYNAMIC.) what, b

Re: alert: New event: ET EXPLOIT Possible SpamAssassin Milter Plugin Remote Arbitrary Command Injection Attempt

On 2/10/2011 1:29 PM, John Hardin wrote: On Thu, 10 Feb 2011, David B Funk wrote: On Fri, 11 Feb 2011, Jason Haar wrote: On 02/11/2011 09:37 AM, Mark Martinec wrote: Yes, the security hole is entirely within the milter, independent of the MTA. That exploit is dated Mar 2010? Has this reall

Re: Need Volunteers for Ham Trap

On 02/07/2011 05:37 PM, Mahmoud Khonji wrote: On 01/21/2011 01:06 AM, Warren Togami Jr. wrote: On 1/20/2011 7:23 AM, R - elists wrote: initially this came across as a really suspect idea... i.e., one man's junk is another man's treasure Ham is a lot easier to define than Spa

Re: RFC-Ignorant (was Re: Irony)

On 2/2/2011 7:45 AM, John Levine wrote: RFC Ignorant is deep into kook territory, as should be apparent if you look at which RFCs they expect people to follow, and what their definition of "follow" is. abuse.net has been listed for years, since there is an autoresponder on ab...@abuse.net, and I

Spamassassin News Issue #2

Hey folks, http://lists.fedoraproject.org/pipermail/spamassassin-news/2011-January/01.html Here is Issue #2 of my Spamassassin for Sysadmins Newsletter. https://admin.fedoraproject.org/mailman/listinfo/spamassassin-news Subscribe here. It is intended to be like a "Foo Weekly News" publicati

Re: What is Ham? (was Re: Need Volunteers for Ham Trap)

On 01/20/2011 11:31 AM, Bowie Bailey wrote: Public discussion lists are bit different. In that case, it is the individual post that is being considered spam rather than considering the list spammy. Since there is no overall control over the content of the posts, public lists are vulnerable to

Re: Need Volunteers for Ham Trap

On 1/20/2011 7:23 AM, R - elists wrote: initially this came across as a really suspect idea... i.e., one man's junk is another man's treasure Ham is a lot easier to define than Spam. Ham is simply anything that you subscribed for. for a moment, it appeared we were gonna need to review t

Re: DCC plugin for SA

On 1/20/2011 1:06 AM, J4 wrote: I had not realised it was in the repos - I just checked and it is. Damn. I'm surprised it would be in the repos. DCC is not Free Software. Warren

Re: DCC plugin for SA

On 1/20/2011 12:49 AM, J4 wrote: Good morning to all of you, This popped up in the spamd.log after a reboot (done to test everything worked after a reboot). warn: dcc: dccifd -> check skipped: dcc: failed to connect to a socket /var/dcc/dccifd: Connection refused The socket is there: srw

Re: Need Volunteers for Ham Trap

On 01/18/2011 11:49 PM, Jeff Chan wrote: On Tuesday, January 18, 2011, 4:59:05 AM, Warren Jr. wrote: * Yes, we cannot be 100% sure our opt-in was only for that particular site and not their "partners". But in any case automatic ham trapped mail will be only the mail branded by the subscribed p

Re: Need Volunteers for Ham Trap

On 01/18/2011 03:25 PM, Dave Pooser wrote: On 1/18/11 12:52 AM, "Warren Togami Jr." wrote: I am seeking volunteers to help me build and administrate a "ham trap". The idea is to subscribe a list of unique e-mail addresses to various retailers, airlines, government and o

Re: Greylisting delay (was Re: Q about short-circuit over ruling blacklisting rule)

On 01/18/2011 12:31 PM, David F. Skoll wrote: On Tue, 18 Jan 2011 22:18:20 + Gary Forrest wrote: Interesting 2 of our 3 scanning heads use a grey list system that uses /32 addresses as part of the process, these two servers have 100's of emails delayed for well over a day. Our 3rd scanning

Re: Need Volunteers for Ham Trap

On 1/18/2011 1:15 AM, Martin Gregorie wrote: On Tue, 2011-01-18 at 01:46 -0800, Jeff Chan wrote: While I certainly would encourage improving ham and spam corpora, this proposal may open up a lot of grey areas that may be non-trivial to resolve. Agreed, and some companies will get to you sign

Re: Need Volunteers for Ham Trap

On 1/17/2011 11:46 PM, Jeff Chan wrote: So a couple points: 1. Subscribing to lists opens up lots of grey areas including the above. 2. Some of the areas are very difficult to resolve into spam or ham. Some more aggressive anti-spammers may say all of the above is spam, but others may disag

Re: SARE and RulesDuJour still relevant

On 01/15/2011 01:36 AM, Ned Slider wrote: In a year of running them locally I've never seen them hit on a ham message. They appear to hit quite well for me because I pre-filter 95%+ of my spam at the smtp level (greylisting, HELO checks, spamhaus etc) so SA only gets to see the difficult to catc

Re: SARE and RulesDuJour still relevant

On 01/14/2011 01:09 PM, Ned Slider wrote: On 14/01/11 21:04, Warren Togami Jr. wrote: Anyone else have effective local rules? Please let me know and I'll put them into the nightly masscheck for testing. Warren header NSL_RCVD_HELO_USER Received =~ /helo[= ]user\)/i des

Re: SARE and RulesDuJour still relevant

On 1/14/2011 2:28 AM, James Lay wrote: Hey All! Been a while since I did a full blown install of SpamAssassin, and as I'm looking at my old setup, I see a fair amount of changes. I have the SARE rules as well as RulesDuJour running, but noticed that on a fresh install of SA, after doing an sa-up

What's up with AHBL?

certainly *this* is an obvious candidate for removal? Where should we draw the line? Warren Togami war...@togami.com

Re: New plugin: DecodeShortURLs

On Thu, Jan 6, 2011 at 7:23 AM, Henrik K wrote: > > There are lots of plugins out there that aren't part of the core for one > reason or another. If you ask me, this is one of them. It just asks trouble > widely used. It's not the only way to solve the problem anyway. And the > problem itself is

Re: New plugin: DecodeShortURLs

On Wed, Jan 5, 2011 at 2:41 AM, Warren Togami Jr. wrote: > The only trouble here is HTTP's TCP handshake and teardown is significantly > slower than DNSBL and URIBL lookups already used in spamassassin. My > average scan time is less than one second. A plugin that catches t

What NOT to use?

Can anyone think of custom rules or old sites that continue to be online, misleading people into believing that they should be using some custom rule or plugin that is no longer effective or safe? The former SARE repo was the only one that I know about, but there are apparently others. http://ww

Re: New plugin: DecodeShortURLs

On Sat, Jan 1, 2011 at 7:19 AM, Steve Freegard wrote: > On 01/01/11 11:51, Warren Togami Jr. wrote: > > I'll help you start the process with a Bugzilla ticket. I also hope you > could get it into some sort of public source control mechanism soon so we > can see the cha

Re: IPv6 DNSBL/WL design, was Fwd: [Asrg] draft-levine-iprangepub-01

On Mon, Jan 3, 2011 at 9:27 PM, Jason Haar wrote: > On 01/04/2011 04:50 PM, Dave Pooser wrote: > > Frankly, I'd think that besides costing the spammers money (a good thing > in > > and of itself) > ...spammers steal other people's resources - so they'll pay nothing... > The best case scenario we

DNSBL Safety Report 1/2/2011

http://www.spamtips.org/2011/01/dnsbl-safety-report-122011.html Further on the topic of RBL's, I wrote this article yesterday for add-on DNSBL's for spamassassin. (BTW, I do agree that zen.spamhaus.org is an excellent choice for outright blocking of spam.) Warren

Re: New plugin: DecodeShortURLs

http://ruleqa.spamassassin.org/20110102-r1054364-n/T_URL_SHORTENER/detail I inserted a giant uri regex into the nightly masscheck in order to get a rough measure the true extent of the URL shortener problem. It appears that under 1% of spam is abusing shortening redirectors. ~40% of the shortenin

Re: lots of freemail spam

If I understand that thread correctly, that is for e-mail addresses in body text? I'm suggesting looking only at authenticated UID's in headers from specific providers like Yahoo who are notorious for spam, but their MTA's also send a significant amount of ham so we cannot DNSBL block them. Given

Re: lots of freemail spam

I've been thinking, perhaps we should consider making a "Freemail Realtime BL" that lists not IP addresses, but rather ID's at the Freemail provider. 1) I am assuming that ID's you see in headers of mail from Yahoo is always from an authenticated user? 2) Traps and user reports can quickly list a

Re: New plugin: DecodeShortURLs

On Sat, Jan 1, 2011 at 7:19 AM, Steve Freegard wrote: > 7) How fast are typical URL shortening responses? What is the timeout? We > want to avoid degrading the scan time and delivery performance of > spamassassin, but in a way that cannot be abused by the spammer to evade > detection. > > > This

Re: New plugin: DecodeShortURLs

http://www.surbl.org/faqs#redirect BTW, this page mentions SpamCopURI and urirhdbl as existing tools that handle redirection to some degree. Have you confirmed that you are not needlessly reinventing the wheel? It is entirely possible that your design with suggestions here could be better than th

Re: New plugin: DecodeShortURLs

her less reputable shortening services might be hijacked, domain ownership changed, or simply neglected and become slow. Such services may need to be blacklisted entirely. For the non-default shortening services, it may be safe only if it can be updated via sa-update. 8) What UserAgent is used in the HTTP request? If they can easily detect that the request is not a real browser, then they can avoid detection by using a safe looking fake response, while browser-based redirects go to the intended spam target. Warren Togami war...@togami.com

Re: New plugin: DecodeShortURLs

number of short URL's? Warren Togami war...@togami.com

Re: IPv6 DNSBL/WL design, was Fwd: [Asrg] draft-levine-iprangepub-01

On Thu, Dec 30, 2010 at 5:21 PM, Ted Mittelstaedt wrote: > On 12/30/2010 5:43 PM, John Levine wrote: > >> Ah, I see the problem. You're assuming that spammers will follow the >> rules. That's a poor assumption. >> >> > No, I am assuming the spammers will do as they have always done in the > pas

Re: NJABL is dead?

On Tue, Dec 28, 2010 at 8:11 PM, Ted Mittelstaedt wrote: > All very good points. I guess I'm a bit frustrated because njabl is > clearly not performing anymore, I noticed that a few years back, and > yet it's still in SA but better BL's are not. As you (and I) both > illustrated, certain things

Re: NJABL is dead?

Whoa. Ted please calm down. I think you read too much into this and are seriously overreacting. I didn't propose immediately replacing NJABL with like mailspike. I was only pointing out that NJABL was performing very poorly, to such an extent that you're better off removing it because it is ne

Re: NJABL is dead?

Folks here are missing the point, that NJABL is catching not much of anything, like less than 1% of spam, and with a relatively high FP ratio. I don't understand this desire to keep such a poor performing rule, especially when it costs a network query. Warren

Re: NJABL is dead?

I found that if I don't set the non-scoring subrule to zero, it does the DNS lookup anyway. I will try that meta. Thx. Warren

Re: NJABL is dead?

__DNS_FROM_RFC_WHOIS 0 If you add these at local.cf, it makes almost zero difference to spamassassin's scoring, but you do two fewer network queries per mail scan. Warren Togami war...@togami.com

NJABL is dead?

tagging but not scoring. For now I'm proposing only disabling NJABL in sa-update, since it is currently useless and not worth the extra network query. Any thoughts? Warren Togami war...@togami.com

Re: mass-check submissions Re: My attempt at re-calculating test scores

In general, please stop worrying about your corpus being ideal. Our sample size right now is so small that even non-ideal corpora would be helpful. Get started with cron nightly masschecks then work on improving your corpus later. I personally include: * The last 4 weeks of spam. I use logrotate

Re: mass-check submissions Re: My attempt at re-calculating test scores

I thought a bit more about the --reuse problem. While there are pros and cons to reuse, I guess there is more benefit to --reuse than without. So I now recommend it in all cases of masscheck. On Fri, Dec 24, 2010 at 1:58 PM, Warren Togami Jr. wrote: > This does remind me however that there

Re: mass-check submissions Re: My attempt at re-calculating test scores

I think what he is failing to understand is the scores are irrelevant, as the masscheck is only determining yes or no for each rule across a corpus. Also "current" is referring to the nightly masscheck snapshot of svn trunk including the latest rules. This does remind me however that there is a se

Re: mass-check submissions Re: My attempt at re-calculating test scores

http://www.mail-archive.com/users@spamassassin.apache.org/msg69546.html Whitelists have almost zero impact on spamassassin's determination of ham vs spam. Believe me. This is not harmful. If you have any ham corpus it would be extremely useful to spamassassin. We have a severe lack of variety o

Re: My attempt at re-calculating test scores

You have the option of uploading your corpus to the central server to process every night. But most people have privacy concerns about that if it is their own personal ham. For this reason you have the option of running the masscheck script yourself every night on your own server and to rsync upl

Re: My attempt at re-calculating test scores

BTW, if you have your own corpora, why not participate in the nightly masscheck? We are in serious need of additional participants in order to enable promotion of new rules to the sa-update channel, and to make it possible to release new versions of spamassassin. Warren

spamassassin-3.3.1 RPM packages for Fedora and RHEL5

Enterprise Linux. Warren Togami wtog...@fedoraproject.org

Re: Sought rules not doing so good

On 02/03/2010 09:18 AM, Justin Mason wrote: The corpus-quality for that masscheck doesn't look too bad though: http://ruleqa.spamassassin.org/20100201-r905213-n/T_JM_SOUGHT_1/detail?s_corpus=1#corpus That day was fine. The weekly masscheck however had only 50k spam. Warren

Re: Sought rules not doing so good

On 02/02/2010 12:07 PM, Adam Katz wrote: That is quite different from our masscheck stats. Today's results at http://ruleqa.spamassassin.org/20100201/%2FJM_SOUGHT look like this: SPAM% HAM% S/ORANK SCORE NAME 9.8564 0.0042 1.0000.940.01 T_JM_SOUGHT_3 8.1587

Re: blog article on 3.3.0

On 01/28/2010 11:33 AM, J.D. Falk wrote: http://www.returnpath.net/blog/2010/01/spamassasin-rarely-misses.php Yeah, it's partly self-serving, but that's what corporate blogs are for. The people who read this blog are mostly marketers with very little exposure to the open source community, so

Re: insecure dependency in sa-learn --import

On 01/26/2010 06:16 PM, David Morton wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Trying to import a bayes db, I get: #sa-learn --import bayes: perform_upgrade: Insecure dependency in open while running with - -T switch at /usr/share/perl/5.8/File/Copy.pm line 133. perl 5.8.8 What di

Re: spamassassin-3.3.0 for Fedora/RHEL

On 01/26/2010 03:31 PM, Kai Schaetzl wrote: Charles Gregory wrote on Tue, 26 Jan 2010 14:10:51 -0500 (EST): Anyone know where to find a RHEL(CentOS) 4 rpm? Or will it appear in the CentOS 4 official update channels in due time? Just do yourself. Follow the instructions on the download page, i

spamassassin-3.3.0 for Fedora/RHEL

http://wtogami.livejournal.com/33674.html If you use spamassassin on Fedora or RHEL5, please see my blog post for RPM packages and distro-specific notes. Warren Togami wtog...@redhat.com

ANNOUNCE: Apache SpamAssassin 3.3.0 available

Release Notes -- Apache SpamAssassin -- Version 3.3.0 Introduction This is a major release, incorporating enhancements and bug fixes that have accumulated in a year and a half of development since the 3.2.5 release. Apart from some new or changed dependencies on perl modules, this v

Re: painting everybody in Taiwan with the same brush

On 01/26/2010 05:31 AM, Kai Schaetzl wrote: This is an SARE rule, I suggest you ask there. Kai Huh? Aren't we supposed to be telling people to stop using SARE? Warren

Re: That Future Bug

On 01/19/2010 10:47 AM, Robert Ober wrote: Warren Togami wrote: Did you enable sa-update? That will get rid of the broken rule as well. Warren I did not think it was enabled on that machine but it was. I ran sa-update and problem solved. Sorry to 'bother y'all, I should have chec

  1   2   3   >