I've been getting a bunch of FNs lately that are managing to avoid my Bayes DB.
Invariably, they ALL seem to hit on BOGUS_MIME_VERSION (which I don't know
whether is standard, but I implemented it locally and would recommend it in the
distro if it's not there already), and it seems like most of
On Fri, 26 Apr 2019 14:05:35 -0600
Amir Caspi wrote:
> I've been getting a bunch of FNs lately that are managing to avoid my
> Bayes DB. Invariably, they ALL seem to hit on BOGUS_MIME_VERSION
> (which I don't know whether is standard, but I implemented it locally
> and would recommend it in the d
On Apr 26, 2019, at 4:51 PM, RW wrote:
>
> headerBOGUS_MIME_VERSION MIME-Version =~ /^(?!\s*1\.0).+/
>
> it may be better to change that to
>
> /^(?!.*\b1\.0\b).+/
>
> to avoid punishing the form
>
> Mime-Version: (Nosuch Mail 2.0) 1.0
>
> which is valid, though I don't think I've
On Thu, 16 May 2019, Amir Caspi wrote:
On Apr 26, 2019, at 4:51 PM, RW wrote:
headerBOGUS_MIME_VERSION MIME-Version =~ /^(?!\s*1\.0).+/
it may be better to change that to
/^(?!.*\b1\.0\b).+/
to avoid punishing the form
Mime-Version: (Nosuch Mail 2.0) 1.0
which is valid, though I
On Thu, 16 May 2019, John Hardin wrote:
On Thu, 16 May 2019, Amir Caspi wrote:
On Apr 26, 2019, at 4:51 PM, RW wrote:
headerBOGUS_MIME_VERSION MIME-Version =~ /^(?!\s*1\.0).+/
it may be better to change that to
/^(?!.*\b1\.0\b).+/
to avoid punishing the form
Mime-Version: (Nosu
At work, we looked at this and decided the rule had no merit based on
current mailstreams. Our guess was that the spam run it hit has ended. It
is a deadweight rule.
On Wed, May 29, 2019, 18:05 John Hardin wrote:
> On Thu, 16 May 2019, John Hardin wrote:
>
> > On Thu, 16 May 2019, Amir Caspi wr
I’m surprised, a huge percentage of the spam we get hits this rule. I am happy
to submit spamples, but it is a very big spam indicator for our little server.
--- Amir
thumbed via iPhone
> On May 29, 2019, at 6:10 PM, Kevin A. McGrail wrote:
>
> At work, we looked at this and decided the rule h
I'd be interested in seeing a spample or two. We have virtually no hits
but if it's in the wild, that changes my opinion. The key thing I would
want to know is does this rule push it over the edge or is it already
scoring a bazillion and this just adds to it?
--
Kevin A. McGrail
Member, Apache So
The reason I brought this issue up on list a couple weeks back is because
almost all of my uncaught (FN) spam hits that rule and almost nothing else.
Maybe my domain is in the beginning of the popular snowshoe lists. In principle
my Bayes should catch these guys but it doesn’t, and I don’t know
On Wed, 29 May 2019 19:10:38 -0400
Kevin A. McGrail wrote:
> At work, we looked at this and decided the rule had no merit based on
> current mailstreams. Our guess was that the spam run it hit has
> ended. It is a deadweight rule.
It's also extremely lightweight.
Fair enough. Happy to look at spamples but I've seen virtually nothing in
the wild for this.
--
Kevin A. McGrail
Member, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171
On Thu, May 30, 2019 at 10:58 AM RW wrote:
> On Wed
Hi Kevin,
Here are some spamples -- I've specifically chosen the ones that did NOT score
enough through other means to get tagged, i.e., these are false negatives.
Note that many of them have valid DKIM and hit no other markers. (The spample
will NOT pass DKIM because headers have been modifi
The rules looks to be performing better in masscheck after the updates to
the corpus checking:
https://ruleqa.spamassassin.org/20190604-r1860591-n/__BOGUS_MIME_VER_01/detail
https://ruleqa.spamassassin.org/20190604-r1860591-n/__BOGUS_MIME_VER_02/detail
Certainly worth letting QA do it's thing and
On Jun 4, 2019, at 1:24 PM, Paul Stead wrote:
>
> Certainly worth letting QA do it's thing and autoscore?
My worry about autoscore is that if it looks at network tests, particularly
RBLs, then it may reduce the value of the rule. The primary value of this rule
is for early botnet runs before
On Jun 4, 2019, at 2:11 PM, Amir Caspi wrote:
>
> Locally, I've got the score at 4.0, and will be increasing it to 4.5 shortly.
> At least with my spamset (per the spamples I posted), a score of 4.5 seems
> to be the "magic" value that should catch almost all the FNs (at least the
> ones that
On Wed, 12 Jun 2019, Amir Caspi wrote:
On Jun 4, 2019, at 2:11 PM, Amir Caspi wrote:
Locally, I've got the score at 4.0, and will be increasing it to 4.5 shortly. At least
with my spamset (per the spamples I posted), a score of 4.5 seems to be the
"magic" value that should catch almost all
We've been refusing mail based on this stupid error for a year and a half
(local rule) and no false positive has ever come to attention. The volume
averages about 50,000 a day here. Yesterday it was 72,000 from
69.16.199.0/24. It comes from 1 to 3 IP subnets each day, changing daily,
except that th
On Thursday 13 June 2019 at 17:45:02, Joseph Brennan wrote:
> We've been refusing mail based on this stupid error for a year and a half
> (local rule) and no false positive has ever come to attention. The volume
> averages about 50,000 a day here.
What's that as a percentage of total inbound mail
On Thu, Jun 13, 2019 at 3:01 PM Antony Stone <
antony.st...@spamassassin.open.source.it> wrote:
> On Thursday 13 June 2019 at 17:45:02, Joseph Brennan wrote:
>
> > We've been refusing mail based on this stupid error for a year and a half
> > (local rule) and no false positive has ever come to atte
Yes, replying to myself.
It just occurred to me that that we refuse mail from hosts in the Spamhaus
lists, so messages from those don't get analyzed by spamassassin. The
50,000 I mentioned is how many were NOT caught that way. I wonder how many
there really are!
--
Joseph Brennan
Lead, Email a
I am sorry to say that this spammer seems to have fixed the error. I have
seen none at all for a few weeks. What I *have* seen are heavy spam
barrages once a week that are from similar IP ranges that the spammer used
but without the error. 125,000 today.
On Thu, Jun 13, 2019 at 4:17 PM Joseph Bre
On Jul 8, 2019, at 2:15 PM, Joseph Brennan wrote:
>
> I am sorry to say that this spammer seems to have fixed the error. I have
> seen none at all for a few weeks. What I *have* seen are heavy spam barrages
> once a week that are from similar IP ranges that the spammer used but without
> the e
On Mon, 8 Jul 2019, Joseph Brennan wrote:
I am sorry to say that this spammer seems to have fixed the error. I have
seen none at all for a few weeks. What I *have* seen are heavy spam
barrages once a week that are from similar IP ranges that the spammer used
but without the error. 125,000 today.
23 matches
Mail list logo
