tion project. The ASF will very occasionally send out
messages relating to the Foundation to contributors and members, such as
this one.]
Brian Proffitt
VP, Marketing & Publicity
VP, Conferences
nd skip only that content in which we expect to find trouble.
I believe I can do variants A) and B), so worst case would be choosing
B, but I'm willing to put in some additional work to implement variant
C) if that is possible.
If you've made it this far, I congratulate you on
efore making any changes to
our configs.
Thank you,
Brian Conry
other rules that
are hitting. I cannot figure out why BAYES_00 would hit on these.
Thanks in advance.
Oh, this is a sendmail -> mimedefang -> spamassassin/clamav/razor
installation. Any recommendations on additional plugins to consider
and/or SARE-like channels to subscribe to would be greatly appreciated.
Brian
We're having a problem with the FH_RANDOM_SURE rule causing false positives.
It has a subrule __ALL_RANDOM, which is:
header __ALL_RANDOM ALL =~
/(?:[%\#\[\$]R?A?NDO?M?|\%(?:CUSTOM|FROM|PROXY|X?MESSA|MAKE_TXT|FROM_USER))/i
We have a user "ndrier", so legitimate email sometimes has a
I am considering taking a look at building my own DNSBL, when I
have more time later I will check out the tools you made, I took a quick look
at the Perl scripts and they look like it makes it allot easier to do myself.
Thanks for making that available to everyone.
Brian
On 6/10/2013 2:45 PM, Duncan, Brian M. wrote:
> I rarely have seen any SpamAssasin hits on the bodies of these messages.
>
> (cached, score=-0.125,required 6.5, autolearn=not spam,
> RP_MATCHES_RCVD -0.12)
Do you train the Bayes database manually? Or via autolearn only?
hrase, and it has an
awfully high score (2.199). I can well imagine people getting mail from their
stock broker or the like with this phrase in it somewhere. Any chance the score
can at least be reduced?
--
Brian Bebeau
Security Researcher - Spiderlabs Research
Trustwave
bbeb...@tru
for it to a large number of scanners. If
this
went through, we'd need a good amount of notice to put that in place.
--
Brian Bebeau
Security Researcher
Spiderlabs Research
Trustwave
bbeb...@trustwave.com
This transmission may contain information that is privileged, confidential,
and/or
On 11-10-16 03:37 PM, RW wrote:
>
> Could you not just run a script from cron that does chown ${USER}:spamd
> and chmod g+rw on all the files in the virtual home directories.
You seem to have gotten lost in minor details and lost sight on the
original problem which is that of being able to run sp
On 11-10-16 03:12 PM, RW wrote:
>
> Not if you set --virtual-config-dir.
Right. But such a change (i.e. a different $HOME on the server than on
any other machine) is still on the "transparent to users" change that I
am looking for -- the change that requires no user re-training and no
increase i
m, and add a symlink to the user's NFS mount point on the server.
Yeah. I have been considering an approach like this where $HOME on the
server is a local dir with the .spamassassin dir in it and a symlink to
their automounted $HOME like:
$ ls -la $HOME
drwx-- 4 brian brian4
On 11-10-16 01:31 PM, Martin Gregorie wrote:
>
> Have you thought of running spamc remotely? This way you could avoid the
> need to login the the server just to process mail.
Hrm. I'm not sure I follow. The server receives the mail and the
server delivers it to the user's mailbox but on the way
On 11-10-16 12:16 PM, Christian Grunfeld wrote:
>
> You should have spamd running as root,
But I do that already. That is what is causing the problem with the new
switch (--virtual-config-dir=...):
spamd: cannot use --virtual-config-dir without -u
> then it can setuid to the
> calling spamc ui
o the server and create a symlink in each
users' ~ to link back to the server-hosted .spamassassin dir as such:
$ ls -l ~/.spamassassin
lrwxrwxrwx 1 brian brian 35 2011-10-16 09:17 /home/brian/.spamassassin
-> /net/mail/home/spamassassin/brian/
But to achieve this and make spamd use this /home
> after an apt-get upgrade FuzzyOCR has stopped working. I get the
> following error in the log:
>
> FuzzyOCR: 2011-06-22 17:00:38 [3057] /usr/bin/jpegtopnm: Returned
> [2048], skipping...
I had this problem too, after upgrading SA to 3.3.x and FuzzyOCR to 3.6.0.
Upgrading netpbm fixed it for me.
Look in the source directory for spamc. Use the libspamc API. That’s what I do.
It’s pretty simple.
From: Christopher Dobbs [mailto:crdo...@lybredyne.net]
Sent: Sunday, July 25, 2010 12:39 PM
To: users@spamassassin.apache.org
Subject: Writing an MTA
I am writing an MTA that uses mysql as a backe
On 7/22/2010 2:23 PM, Ted Mittelstaedt wrote:
On 7/22/2010 11:29 AM, Benny Pedersen wrote:
On tor 22 jul 2010 20:03:18 CEST, Charles Gregory wrote
A forged sender looks no different than a legitimate sender. Postfix
would have no way to be 'smart' about this (except for some instances
of SPF
On 7/20/2010 1:01 PM, Ted Mittelstaedt wrote:
You are mistaken. I'm a proponent of port 25 blocks. What I
am saying is that port 25 blocks work far better than attempting to
spamfilter outbound mail. It is the other guy who is arguing that
spamfiltering outbound mail is better than port 25 b
On 7/19/2010 4:01 PM, RW wrote:
On Mon, 19 Jul 2010 13:25:26 -0700
Ted Mittelstaedt wrote:
It's been our experience that spam-scanning outbound mail causes a lot
more problems than setting up mailserver monitoring and being
responsive to it. Sooner or later one of your customers is going to
On 7/19/2010 2:25 PM, Ted Mittelstaedt wrote:
On 7/19/2010 12:56 PM, Brian Godette wrote:
On 7/19/2010 1:29 PM, Ted Mittelstaedt wrote:
On 7/19/2010 8:43 AM, Brian Godette wrote:
On 7/15/2010 6:55 PM, Alexandre Chapellon wrote:
Hi all,
Few months ago I asked this list if using SA on
On 7/19/2010 1:29 PM, Ted Mittelstaedt wrote:
On 7/19/2010 8:43 AM, Brian Godette wrote:
On 7/15/2010 6:55 PM, Alexandre Chapellon wrote:
Hi all,
Few months ago I asked this list if using SA on outgoing smtp was a
good idea (Thread: SA on outgoing SMTP).
This thread quickly moved to "
Like some people I run a small internal spamtrap of never used by real
users addresses for use in feeding Bayes as well as reporting to Razor
and internal IXHASH. In addition I also have a database that returns
"550 User unknown" for all email addresses that are "dead", with the
date they were
On 7/15/2010 6:55 PM, Alexandre Chapellon wrote:
Hi all,
Few months ago I asked this list if using SA on outgoing smtp was a
good idea (Thread: SA on outgoing SMTP).
This thread quickly moved to "Block direct port 25 for non-mta users!
I was really afraid of doing so and didn't really wante
On Fri, 2010-03-12 at 07:48 -0800, Ray Dzek wrote:
> I just received the dreaded URIBL “You send us to many DNS queries”
> notice. This is fine. We have been growing and I am sure our queries
> have gone up. But when looking at their data feed service options the
> first thing I noticed was that
On Thu, 2010-03-11 at 07:55 -0600, Dennis B. Hopp wrote:
> > 1) Spammers rotate sender addresses and hijacked account info more
> > often than most of us change our underwear. An account *may* get
> > reused; chances are it'll be months before it does, and the spammers
> > will have rotated t
On Thu, 2010-03-11 at 12:26 +, Ned Slider wrote:
> David B Funk wrote:
> > On Wed, 10 Mar 2010, Dennis B. Hopp wrote:
> >>
> >> I have put a sample at:
> >>
> >> http://pastebin.com/9BDXrxmm
> >>
> >> Note I did change the real e-mail address in this message but the
> >> hotmail address used is
On Tue, 2010-03-09 at 15:22 -0800, Bob O'Brien wrote:
> Noel Butler wrote:
> > He has a point though, and why is it when people don't agree with
> > someone the troll label comes out, FFS get over your selves. People
> > always only half read, and then go half cocked, its called life, get
> > u
On Tue, 2010-03-09 at 12:16 +, Ned Slider wrote:
> Brian wrote:
> > On Tue, 2010-03-09 at 12:35 +0100, Kai Schaetzl wrote:
> >> Brian wrote on Tue, 09 Mar 2010 06:51:45 +:
> >>
> >>> Yes, but that does not answer my question {and is once more Postfix
On Tue, 2010-03-09 at 12:35 +0100, Kai Schaetzl wrote:
> Brian wrote on Tue, 09 Mar 2010 06:51:45 +:
>
> > Yes, but that does not answer my question {and is once more Postfix
> > biased} AFAIK Postfix is totally unable to reject mail at SMTP time that
> > Spamassassin
On Tue, 2010-03-09 at 14:45 +0100, Ralf Hildebrandt wrote:
> * Brian :
>
> > So Ralf - author of 'The Postfix Book', can you please now tell me how
> > to get Postfix to reject mail before it accepts it and gives a 250 -
> > When Spamassassin tags it as spam?
&g
On Tue, 2010-03-09 at 13:38 +, Ned Slider wrote:
> Brian wrote:
> > On Tue, 2010-03-09 at 14:04 +0100, Yet Another Ninja wrote:
> >> to stay on the Postfix 'merry-go-round' for an answer, or we
> >>> can just agree Postfix can't easily do this
On Tue, 2010-03-09 at 13:24 +, Robert Brooks wrote:
> Brian wrote:
> > On Tue, 2010-03-09 at 13:00 +, Robert Brooks wrote:
> >> Brian wrote:
> >>> On Tue, 2010-03-09 at 13:17 +0100, Ralf Hildebrandt wrote:
> >>>> * Brian :
> >>>&g
On Tue, 2010-03-09 at 13:17 +0100, Ralf Hildebrandt wrote:
> * Brian :
>
> > In the year 2010 it is not unreasonable to expect the MTA that takes
> > responsibility for accepting a message to make reasonable checks about
> > the validity or content of that message.
On Tue, 2010-03-09 at 14:04 +0100, Yet Another Ninja wrote:
> to stay on the Postfix 'merry-go-round' for an answer, or we
> > can just agree Postfix can't easily do this and move on and stop
> > flogging this dead horse :-)
>
> good idea -
>
> Here, its totally off topic.
>
> Move it to Postfix
On Tue, 2010-03-09 at 13:00 +, Robert Brooks wrote:
> Brian wrote:
> > On Tue, 2010-03-09 at 13:17 +0100, Ralf Hildebrandt wrote:
> >> * Brian :
> >>
> >>> In the year 2010 it is not unreasonable to expect the MTA that takes
> >>> respon
On Tue, 2010-03-09 at 02:36 -0700, LuKreme wrote:
> On 08-Mar-10 23:51, Brian wrote:
> > Yes, but that does not answer my question {and is once more Postfix
> > biased} AFAIK Postfix is totally unable to reject mail at SMTP time that
> > Spamassassin decides IS SPAM without t
On Mon, 2010-03-08 at 20:44 +, Ned Slider wrote:
> Brian wrote:
> >> That's Postfix 2.3.3 on RHEL5 BTW :-)
> >>
> >> $ rpm -q postfix
> >> postfix-2.3.3-2.1.el5_2.x86_64
> >>
> > Tell me Ned, how do you get Postfix (2.3.3 on RHEL
> That's Postfix 2.3.3 on RHEL5 BTW :-)
>
> $ rpm -q postfix
> postfix-2.3.3-2.1.el5_2.x86_64
>
Tell me Ned, how do you get Postfix (2.3.3 on RHEL5) to reject at SMTP
time without using a the milter or something hideous like
Amavis-crashalot? Perhaps if they added some features to that old
dinosa
On Mon, 2010-03-08 at 20:16 +, Ned Slider wrote:
> Brian wrote:
> > On Mon, 2010-03-08 at 14:08 -0500, Michael Scheidell wrote:
> >> just a heads up: I don't know if there is a problem with SA milter, but
> >> there is a snort signature for it now.
> >
On Mon, 2010-03-08 at 14:08 -0500, Michael Scheidell wrote:
> just a heads up: I don't know if there is a problem with SA milter, but
> there is a snort signature for it now.
>
>
> Original Message
> Subject: [Emerging-Sigs] SIG: SpamAssassin Milter Plugin Remote
> Arbit
On Mon, 2010-03-08 at 12:41 +, Mike Cardwell wrote:
> On 08/03/2010 12:34, Brian wrote:
>
> > Is zen.spamhous.org new? Personally I'd check your spelling ;-)
>
> m...@haven:~$ host 1.0.0.127.zen.spamhous.org
> 1.0.0.127.zen.spamhous.org A 208.73.210.27
&g
Is zen.spamhous.org new? Personally I'd check your spelling ;-)
On Mon, 2010-03-08 at 10:51 +0100, Mikael Syska wrote:
> Hi,
>
> Then something is broken at your end ...
>
> I see 4 icons ... timeout, listed, non-listed and offline.
>
> Or am I missing your point here ?
*HINT* Are you colour blind or normal sighted?
> I have qmail running with the
>
> :allow,QMAILQUEUE="/usr/bin/qmail-spamc"
>
> in /etc/tcp.smtp
>
> I have some hams/spams that I want to run sa-learn against, but I
> can't figure out which database it is qmail filters through. Is it the
> db of the user "spamd", "root" or some qmail
Johnson, S wrote:
> I’ve done really good with blocking spam up until this one…
>
> It looks like a “legitimate” e-mailer from both the system perspective
> and the system perspective.
>
> When I look at my logs, the servers are reporting their domains
> correctly so their mailserver looks ok whe
On Wed, 2009-03-25 at 15:01 -0400, Michael Scheidell wrote:
>
> Match your MTA processes to the spamd children. Your MTA will send 4xx
> 'busy now, come back to play later' message. Let the sending MTA queue it
> back up (or zombies will just go away)
I don't really see that as a socially resp
On Tue, 2009-03-24 at 08:10 -0500, Bowie Bailey wrote:
>
> Your assessment sounds right to me. I would make two suggestions.
>
> 1) Memory is cheap these days. Add some more RAM.
That's a mitigation strategy, yes, but it doesn't really answer OP's
question about how to make spamd stop trying t
GID pattern as an exclusion for
__FORGED_OUTLOOK_DOLLARS.
> Hmm, that fix also landed in the 3.2 branch, and even has been pushed
> out to the updates. So it isn't that one?
No. That fix still does not use the __HOTMAIL_BAYDAV_MSGID pattern to
validate the __FORGED_OUTLOOK_DOLLAR
Hi
I have a message in hand that is triggering false positives based on the
ratware rules in 3.2.4.
The specific headers are:
Message-ID:
X-Mailer: Microsoft Outlook, Build 10.0.6838
Specifically, it seems that the X-Mailer header matches
__OUTLOOK_DOLLARS_MUA, and the Message-ID matches __H
On Thu, 22 Jan 2009 12:37:09 +, Justin Mason wrote:
> you should definitely investigate ways to avoid doing NFS reads/writes
> of the bayes files -- that is extremely I/O intensive, and NFS deals
> with it very badly.
OK. Noted. Maybe I will push the bayes database into MySQL as
previously
On Thu, 22 Jan 2009 13:27:57 +0100, Jonas Eckerman wrote:
>
> If you're not allready using a SQL database for bayes and AWL I'd
> suggest you do that.
Those two I might be willing to consider, however...
> I'd also suggest using SQL for user preferences.
The user interface (i.e. editing a file
I'm trying to figure out why in some cases, spamd is taking in excess of
1200s to process messages. Is there any way to profile (i.e. time, or
timestamp) each of the tests that spamd is doing so I can see where the
longest ones are?
Even enabling the kind of debug that "spamassassin -D" produc
I seem to be getting a lot of these in the last 36h:
12:02:26 spamd Can't locate object method "new" via package "Net::DNS::RR::TXT"
at /usr/lib/perl5/Net/DNS/RR.pm line 305.
12:02:26 spamd caught at /usr/share/perl5/Mail/SpamAssassin/DnsResolver.pm line
419
Any ideas why?
b.
On Mon, 19 Jan 2009 16:47:24 +0100, Matus UHLAR - fantomas wrote:
>
> When did you sa-update for last time?
Ubuntu appears to install a cron.daily cron job which does this amongst
other things.
> How many processes are you running
> in parallel?
I have a pretty low volume system but I did jus
_ONLY,RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK,RDNS_NONE,TVD_APPROVED,URIBL_BLACK
scantime=604.3,size=3325,user=brian,uid=1001,required_score=5.5,rhost=localhost,raddr=127.0.0.1,rport=49135,mid=<20090118234025.2fa951cc7...@66v.uwp30.udelmarva.com>,bayes=1.00,autolear
On Thu, 2008-12-04 at 22:38 -0500, Matt Kettler wrote:
>
To follow-up on this suggestion...
> That said, why add code to sa-learn when spamassassin can already do
> something even more complete. Try feeding the message "spamassassin -r
> --add-to-blacklist".
It seems (looking at -D output) that
On Thu, 2008-12-04 at 22:38 -0500, Matt Kettler wrote:
>
> That said, why add code to sa-learn when spamassassin can already do
> something even more complete. Try feeding the message "spamassassin -r
> --add-to-blacklist".
Ahhh. I was mistakenly thinking that sa-learn == [ update-bayes
datab
On Thu, 2008-12-04 at 18:35 -0500, Matt Kettler wrote:
>
> ie: you
> can't tell sa-learn a message is spam and have it apply that information
> in any way to the AWL. I guess that's really what my point was, and I
> expressed it poorly.
I guess as the OP of this thread, my point was that why sho
If I get a spam and I need to have SA learn that it's spam with
sa-learn, wouldn't it be useful to also skew the AWL for that sender so
that future uses of the AWL for that spammer will push the overall spam
score up?
Thots?
b.
On Tue, 2008-12-02 at 17:17 -0500, Rosenbaum, Larry M. wrote:
>
> The checks it's doing below are all RHBL checks, so it's probably testing the
> Return-Path:.
Indeed, this was the case. What's even better is that is only for the
case where I test out of my mailbox as that Return-Path: is only
Hi All,
I was doing a bit of "spamassassin -D" testing with SA 3.2.4 and noticed
that it's running my own mail server name through various DNSBL tests.
Here are the headers of the particular message I am testing:
>From [EMAIL PROTECTED] Tue Dec 2 05:24:59 2008
Return-Path: <[EMAIL PROTECTED]>
Folks,
Thanks for your responses thus-far. It seems that my head is floating in
the clouds today and I appear to be dreaming half of this situation. A
couple of months ago, as I said, our network admin pointed out this
problem to me. I can no longer find the email he sent me where he stated
Howdy folks,
I'm experiencing a problem with some people (myself included) who are not
properly receiving their Consumer's Energy bills. Rather, the bills are
being marked as spam and sent into their SPAM folders. One of the two
things being marked by the Spam-Report are RCVD_ILLEGAL_IP
I
gic
sa-learn --no-sync --ham --progress --mbox /export/home/brian/Ham
sa-learn --sync
sa-learn --no-sync --spam --progress --mbox /export/home/brian/Spam
sa-learn --sync
sa-learn --dump magic
spamassassin -D --lint
/etc/init.d/mailserver start
1) Shutdown Sendmail/ClamAV/MIMEDef
omputer, not letting me
even move the mouse. Needless to say, that won't fly for
production use. So I could really use some way to tell it
to give up. If the only way is to not scan messages over a
certain size, I guess I'll have to live with that, but I
need to be able to tell TPTB that tha
On Wed, 12 Sep 2007, Brian Wilson wrote:
I've somehow made it onto spam list that isn't being picked up by RBLs or by
bayes. All messages have a url that looks like this (where X's are all
digits):
http://aero-dog.com/1-23-28276-45381XXX.html
All messages are originati
itting
them to spamcop. A sample message is here:
http://bubba.org/spam/newspam1.txt
Any suggestions for detecting this? My bayes has been pretty much spot on
for months, so this has me puzzled.
Thanks,
Brian
[EMAIL PROTECTED] wrote:
I have a FreeBSD machine running qmail, SpamAssassin and ClamAV.
I want to temporarily disable SpamAssassin to free up enough
resources to let the mail queue clear. How do I do that?
Further to the other comments, this page might be helpful:
qmail + spamassassin + c
maillist wrote:
brian ally wrote:
postfix-2.3.3-1
cyrus-imapd-2.2.10-3
spamassassin-3.1.5-1
spamass-milter-0.3.0-1.1.fc2.rf
perl-Mail-SpamAssassin-3.1.5-1
I'm seeing spamd processes dying consistently:
How are you starting spamd? I think you are starting spamd as a user
without permis
postfix-2.3.3-1
cyrus-imapd-2.2.10-3
spamassassin-3.1.5-1
spamass-milter-0.3.0-1.1.fc2.rf
perl-Mail-SpamAssassin-3.1.5-1
I'm seeing spamd processes dying consistently:
Aug 13 09:06:07 subtropolix spamd[23480]: bayes: cannot open bayes
databases /var/spool/spamassassin/bayes_* R/O: tie failed: Pe
Johnson, S wrote:
> The only reason I ask about if I should "learn" the messages is that
> my users have a hard time putting good email into the good email
> folder. Everyone is quick to put in spam messages though. My filter
> is getting about 50 to 1 spam to ham right now. Everything I've
> re
Marc Perkel wrote:
> As opposed to preprocessing before using SA to reduce the load. (ie.
> using blacklist and whitelist before SA)
>
We don't.
We use a locally modified MaRBL that uses weighted scoring, RHSBLs
against helo/sender domain/reverse, and the BOTNET plugin (each
meta-rule gets its
sers don't connect from
trusted networks, which is why they have to SMTP AUTH to relay
mail through my system.
Am I missing something? Will that high negative score
only be applied to SMTP AUTH from trusted nets?
Brian
On Mon, 7 May 2007, Abba Communications - www.abbacomm.net wrote:
Thanks for the advise. Is there a way to view the contents of the AWL? How
do I remove the table?
Go into your source directory Mail-SpamAssassin-3.2.0/tools and look for
check_whitelist. This will dump the contents of
I can't resolve them here (tried on two different co-located servers as
well)
On Tue, 2007-05-01 at 21:05 +0200, Oenus Tech Services wrote:
> Hello. I know this is a little off-topic, but I'm having this problem
> and I guess this is a good place to ask for this kind of help. Today,
> 1st of May,
Oenus Tech Services wrote:
> After much testing, we have decided to put the RBLs on Postfix for
> performance reasons. Before checking with those RBLs, our system does
> EHLO checks against a known-spammer blacklist database as well to filter
> the most obvious cases. Then we use zen.spamhaus.org,
our
modified version.
Bill
I can also confirm Bill's unmodified version works like a charm. 8
hits on my single mailbox since yesterday.
Brian
On Mar 31, 2007, at 11:06 AM, ram wrote:
Can I configure SA to autolearn only on non image mails. Prbably
use in
conjunction with the LARGO rulesets
If a mail contains an image , this could probably be an image spam
and I
dont want to learn words from here and poison my database
There w
On Mon, 26 Mar 2007, maillist wrote:
The only tests that they score for me are BAYES_99, which should be enough to
get them sent to my spam-drop, but they get to the users instead. When I
--lint -D I don't see anything that tells me that I have a config problem.
I start spamd this way, as
On Mar 24, 2007, at 3:35 PM, Gene Heskett wrote:
On Saturday 24 March 2007, jdow wrote:
I was recently on the receiving end of an ssh attack (which had less
chance of success than a nitrocellulose cat in a traditional hell of
succeeding) from CIHost. And now I received a spate of low scoring
On Mar 19, 2007, at 5:22 AM, Paul Hurley wrote:
Hello all, Happy Pi day for last week...
I'm running Spam Assassin V3.1.7.0 via SAProxy for Win32 (http://
sourceforge.net/projects/sawin32/). I've recently implemented SPF
for my domain, which is working well. However I ahve a problem
wit
On Fri, 16 Mar 2007, John D. Hardin wrote:
On Fri, 16 Mar 2007, Marc Perkel wrote:
Getting this error:
Can't Locate Tie/Handle.pm
Where do I find this and how do you figure out where to find it?
...doesn't the SA documentation or wiki have a list of required
CPAN dependencies somewhere in
On Mar 14, 2007, at 7:08 PM, Daryl C. W. O'Shea wrote:
Brian Wilson wrote:
On Wed, 14 Mar 2007, John D. Hardin wrote:
On Wed, 14 Mar 2007, Daryl C. W. O'Shea wrote:
Anyway... this is the redirect code they're using:
yvxj = "ef=";kacm = "ttp://&quo
On Wed, 14 Mar 2007, John D. Hardin wrote:
On Wed, 14 Mar 2007, Daryl C. W. O'Shea wrote:
Anyway... this is the redirect code they're using:
yvxj = "ef=";kacm = "ttp://";apgy = "fe";ioo = "'h";usf =
"ershikin";uos = ".";iaswx = "inj";bdj = "com'";rpul = "l";fgbww =
"nhu";wnx = "ocati
On Wed, 14 Mar 2007, Daryl C. W. O'Shea wrote:
Brian Wilson wrote:
Ok, I've got one; apparently from a gmail user to my gmail account, then
forwarded to an external account. The html links go to a blogspot.com
site, then redirect to some Pharmacy Express site.
Raw Mes
Ok, I've got one; apparently from a gmail user to my gmail account, then
forwarded from my gmail account to an external account. The html links
go to a blogspot.com site, then redirect to some Pharmacy Express site.
Raw Message: http://bubba.org/spam/spam_lowscore.txt
Message renders like t
Ok, I've got one; apparently from a gmail user to my gmail account,
then forwarded to an external account. The html links go to a
blogspot.com site, then redirect to some Pharmacy Express site.
Raw Message: http://bubba.org/spam/spam_lowscore.txt
Message renders like this: http://bubba.or
On Mar 3, 2007, at 4:41 PM, Mário Gamito wrote:
Don Ireland wrote:
Every email list I've ever subscribed to has had something in the
subject line (usually in square brackets) to identify 1) that it
is a mailing list and 2) what list it is.
Maybe, just maybe, you can filter through e-mail ad
On Feb 27, 2007, at 5:59 AM, Matthew Bickerton wrote:
Hi all,
As described in the SA wiki, I have set up fetchmail to read a mail
folder
in to sa-learn. However I get the following error:
/usr/local/bin/fetchmail -a -s -n --uidl --keep --folder
LearnAsSpam -m
'/usr/local/bin/sa-learn --
On Feb 25, 2007, at 3:24 PM, John Fleming wrote:
- Original Message - From: "David Goldsmith"
<[EMAIL PROTECTED]>
To: "Bram Mertens" <[EMAIL PROTECTED]>
Cc:
Sent: Sunday, February 25, 2007 2:10 PM
Subject: Re: how to start using sa-update
-BEGIN PGP SIGNED MESSAGE-
Hash:
On Feb 25, 2007, at 2:29 PM, David Goldsmith wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Ok, I had a permissions issue on some of the FuzzyOCR files so it
couldn't properly parse it. Now that the permissions are fixed, my
system is catching that image.
SA results are:
X-Spam-Report
On Feb 20, 2007, at 6:36 PM, Robert S wrote:
I have just installed FOCR 3.5.1 with the hashdb option. I have been
receiving image spams about China Fruits Corporation which are
cleverly designed not to contain words in the words list. How do I
insert the hash into the database and label this
On Fri, 23 Feb 2007, Randal, Phil wrote:
Charming!
Being part of a large community on this mailing list, my answer was
addressing all readers and not just you.
So I included the extra info for those readers who scanned your email
and found low SA scores regardless.
What FuzzyOCR scanset did y
On Fri, 23 Feb 2007, Randal, Phil wrote:
I caught these by adding
corpo
to my FuzzyOCR.words file.
But you should also br running a bunch of SARE rules, and sa-updated
rulesets.
Wow, thanks for not reading my email or reading the scores in the message
I posted. As I originally noted, the
On Fri, 23 Feb 2007, Jorge Valdes wrote:
Brian Wilson wrote:
On Feb 20, 2007, at 6:36 PM, Robert S wrote:
I have just installed FOCR 3.5.1 with the hashdb option. I have been
receiving image spams about China Fruits Corporation which are
cleverly designed not to contain words in the words
On Feb 20, 2007, at 6:36 PM, Robert S wrote:
I have just installed FOCR 3.5.1 with the hashdb option. I have been
receiving image spams about China Fruits Corporation which are
cleverly designed not to contain words in the words list. How do I
insert the hash into the database and label this i
Passing this along in case someone has a scanset that is able to pick
this one up. Yes, it was tagged as spam from other rules, but I got
nothing from FuzzyOcr on it.
http://bubba.org/spam/imagespam12.gif
http://bubba.org/spam/imagespam12.txt
-B
On Feb 22, 2007, at 6:06 AM, Loren Wilton wrote:
Your best bets at the moment are FuzzyOCR and the SARE_STOCKS
ruleset. FuzzyOCR would have a real good chance of catching that
image. You didn't include the headers, so it is hard to say what
is in there. If you aren't running the net rul
On Feb 14, 2007, at 8:48 PM, Giampaolo Tomassoni wrote:
From: Quinn Comendant [mailto:[EMAIL PROTECTED]
On Thu, 15 Feb 2007 01:18:46 +0100, Giampaolo Tomassoni wrote:
I think SARE and some network tests are even better (scores 11.5
with
my surprising Bayes :)
I agree, mine scored it in a
1 - 100 of 225 matches
Mail list logo