Upcoming KAM.cf Ruleset 20th Anniversary

Hi, very soon we will celebrate KAM.cf Ruleset 20th Anniversary, are there any stories about how you use the ruleset, any products that include the rules you are aware of, or other info about how it has helped with spam and email security ? Glad to receive any info or story about KAM.cf

Re: OFF-TOPIC ANNOUNCE: KAM Ruleset Turning PCCC Wild RBL Back On

With all respects, i agree with Bill... but suppose just Bill is wrong...  Kam rules are free and show really huge quality, what is wrong about gently ask for cooperation if used in a commercial way? KAM++ Pedro. On Tuesday, March 21, 2023 at 06:18:38 PM GMT+1, Bill Cole wrote: On 20

Re: OFF-TOPIC ANNOUNCE: KAM Ruleset Turning PCCC Wild RBL Back On

On 2023-03-21 at 12:52:16 UTC-0400 (Tue, 21 Mar 2023 17:52:16 +0100) Benny Pedersen is rumored to have said: Kevin A. McGrail skrev den 2023-03-21 17:27: https://mcgrail.com/template/donate you know the rules to post commericial postings to public free maillists ?, What rules exactly are

Re: OFF-TOPIC ANNOUNCE: KAM Ruleset Turning PCCC Wild RBL Back On

Kevin A. McGrail skrev den 2023-03-21 17:27: https://mcgrail.com/template/donate you know the rules to post commericial postings to public free maillists ?, rspamd did this abuse aswell, now thay have only non free irc support, and telegram more talk about linode ? :) mx ~ # dig -4 +short

OFF-TOPIC ANNOUNCE: KAM Ruleset Turning PCCC Wild RBL Back On

Hello All, I am pleased to announce that users of the KAM ruleset will once again have the free use of the PCCC Wild RBL. The RBL was previously removed from use due to its popularity. Thanks go to Linode.com for donating the servers and as always thanks to PCCC for the datafeed. The KAM

Re: How to verify specific commits are in current ruleset?

On 30 May 2019, at 10:57, Mike Ray wrote: Hello all- Been using spamassassin for awhile now, basically letting it run on auto-pilot and it's been great so far. However, after the recent __STYLE_GIBBERISH bug (https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7707), I need to have a little

How to verify specific commits are in current ruleset?

Hello all- Been using spamassassin for awhile now, basically letting it run on auto-pilot and it's been great so far. However, after the recent __STYLE_GIBBERISH bug (https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7707), I need to have a little more understanding of SA. My biggest issue at

Re: Barracuda Reputation Block List (BRBL) removal from the SA ruleset

On 11 Feb 2018, at 9:54 (-0500), Benny Pedersen wrote: first query would be valid for 300 secs, but that is imho still not free, problem is that keeping low ttls does not change how dns works, any auth dns servers will upate on soa serial anyway, the crime comes in when sa using remote dns ser

Re: Barracuda Reputation Block List (BRBL) removal from the SA ruleset

Dave Warren skrev den 2018-02-06 20:39: How low are the TTLs? I'm seeing 300 seconds on 127.0.0.2 which is more than sufficient time for a single message to finish processing, such that multiple queries from one message would absolutely be cached (or more likely, the first would still be pending

Re: Barracuda Reputation Block List (BRBL) removal from the SA ruleset

On Tue, 6 Feb 2018 11:38:42 -0500 Alex wrote: > On Tue, Feb 6, 2018 at 8:44 AM, David Jones wrote: ustomer's compromised accounts. > > > > Leave out the RCVD_IN_BRBL rule above and change the > > RCVD_IN_BRBL_LASTEXT score to 1.4 to keep things the same. > > If you think the RCVD_IN_BRBL rul

Re: Barracuda Reputation Block List (BRBL) removal from the SA ruleset

Hi, >>> whitelist_auth *@bounce.mail.salesforce.com >>> whitelist_auth *@sendgrid.net >>> whitelist_auth *@*.mcdlv.net >> >> >> I've seen enough spam sent through all three - both by way of whole >> apparently spammer-owned accounts and cracked-but-otherwise-legitimate >> accounts - that I would n

Re: Barracuda Reputation Block List (BRBL) removal from the SA ruleset

On Tue, 6 Feb 2018, Kris Deugau wrote: Alex wrote: These phishes we've received were all from otherwise trusted sources like salesforce, amazonses and sendgrid. These are examples that I believe were previously whitelisted because of having received a phish through these systems but have no bee

Re: Barracuda Reputation Block List (BRBL) removal from the SA ruleset

On 02/06/2018 01:28 PM, Alex wrote: Hi, ifplugin Mail::SpamAssassin::Plugin::DNSEval header __RCVD_IN_BRBL eval:check_rbl('brbl', 'bb.barracudacentral.org') tflags __RCVD_IN_BRBL net header __RCVD_IN_BRBL_2eval:check_rbl_sub('brbl', '127.0.0.2') meta

Re: Barracuda Reputation Block List (BRBL) removal from the SA ruleset

Alex wrote: These phishes we've received were all from otherwise trusted sources like salesforce, amazonses and sendgrid. These are examples that I believe were previously whitelisted because of having received a phish through these systems but have no been disabled. whitelist_auth *@bounce.mail

Re: Barracuda Reputation Block List (BRBL) removal from the SA ruleset

On 2018-02-05 09:12, Benny Pedersen wrote: Kevin A. McGrail skrev den 2018-02-05 16:53: I don't think that will apply will it because it will be looking up something like 1.2.3.4.bb.barracuda.blah which isn't cached. the first qurry can make a qurry with very low ttl, so it would not be cach

Re: Barracuda Reputation Block List (BRBL) removal from the SA ruleset

Hi, > ifplugin Mail::SpamAssassin::Plugin::DNSEval > > header __RCVD_IN_BRBL eval:check_rbl('brbl', > 'bb.barracudacentral.org') > tflags __RCVD_IN_BRBL net > > header __RCVD_IN_BRBL_2eval:check_rbl_sub('brbl', > '127.0.0.2') >>>

Re: Barracuda Reputation Block List (BRBL) removal from the SA ruleset

On 02/06/2018 10:38 AM, Alex wrote: Hi, On Tue, Feb 6, 2018 at 8:44 AM, David Jones wrote: On 02/05/2018 09:07 PM, Alex wrote: Hi, ifplugin Mail::SpamAssassin::Plugin::DNSEval header __RCVD_IN_BRBL eval:check_rbl('brbl', 'bb.barracudacentral.org') tflags __RCVD_IN_BRBL

Re: Barracuda Reputation Block List (BRBL) removal from the SA ruleset

Hi, On Tue, Feb 6, 2018 at 8:44 AM, David Jones wrote: > On 02/05/2018 09:07 PM, Alex wrote: >> >> Hi, >> >>> ifplugin Mail::SpamAssassin::Plugin::DNSEval >>> >>> header __RCVD_IN_BRBL eval:check_rbl('brbl', >>> 'bb.barracudacentral.org') >>> tflags __RCVD_IN_BRBL net >>> >>>

Re: Barracuda Reputation Block List (BRBL) removal from the SA ruleset

On 02/05/2018 09:07 PM, Alex wrote: Hi, ifplugin Mail::SpamAssassin::Plugin::DNSEval header __RCVD_IN_BRBL eval:check_rbl('brbl', 'bb.barracudacentral.org') tflags __RCVD_IN_BRBL net header __RCVD_IN_BRBL_2eval:check_rbl_sub('brbl', '127.0.0.2') meta

Re: Barracuda Reputation Block List (BRBL) removal from the SA ruleset

David Jones skrev den 2018-02-05 15:09: ifplugin Mail::SpamAssassin::Plugin::DNSEval header __RCVD_IN_BRBL eval:check_rbl('brbl', 'bb.barracudacentral.org') tflags __RCVD_IN_BRBL net header __RCVD_IN_BRBL_2eval:check_rbl_sub('brbl', '127.0.0.2') meta

Re: Barracuda Reputation Block List (BRBL) removal from the SA ruleset

Hi, > ifplugin Mail::SpamAssassin::Plugin::DNSEval > > header __RCVD_IN_BRBL eval:check_rbl('brbl', > 'bb.barracudacentral.org') > tflags __RCVD_IN_BRBL net > > header __RCVD_IN_BRBL_2eval:check_rbl_sub('brbl', > '127.0.0.2') > metaRCVD_IN_BRBL_

Re: Barracuda Reputation Block List (BRBL) removal from the SA ruleset

On Mon, 05 Feb 2018 17:12:08 +0100 Benny Pedersen wrote: > Kevin A. McGrail skrev den 2018-02-05 16:53: > > > I don't think that will apply will it because it will be looking up > > something like 1.2.3.4.bb.barracuda.blah which isn't cached. > > the first qurry can make a qurry with very low

Re: Barracuda Reputation Block List (BRBL) removal from the SA ruleset

On 2/5/2018 11:32 AM, RW wrote: Just to clarify, there is no legal or moral obligation to do this, the 'bb' subdomain was created specifically so SA users wouldn't need to register. Anything you may read on the Barracuda site applies to the 'b' version. Barracuda has given no indication that anyt

Re: Barracuda Reputation Block List (BRBL) removal from the SA ruleset

On Mon, 5 Feb 2018 08:09:55 -0600 David Jones wrote: > Heads up! This RBL has been removed from the core SA ruleset. In 36 > to 48 hours sa-update will remove the RCVD_IN_BRBL_LASTEXT rule after > it has gone through the masscheck and rule promotion process. > > Details ca

Re: Barracuda Reputation Block List (BRBL) removal from the SA ruleset

Kevin A. McGrail skrev den 2018-02-05 16:53: I don't think that will apply will it because it will be looking up something like 1.2.3.4.bb.barracuda.blah which isn't cached. the first qurry can make a qurry with very low ttl, so it would not be cached, that means number 2 query still mkae dns

Re: Barracuda Reputation Block List (BRBL) removal from the SA ruleset

On 02/05/2018 09:44 AM, Reindl Harald wrote: Am 05.02.2018 um 16:36 schrieb David Jones: On 02/05/2018 09:26 AM, Benny Pedersen wrote: David Jones skrev den 2018-02-05 15:09: ifplugin Mail::SpamAssassin::Plugin::DNSEval header  __RCVD_IN_BRBL  eval:check_rbl('brbl', 'bb.barracudacen

Re: Barracuda Reputation Block List (BRBL) removal from the SA ruleset

On 2/5/2018 10:36 AM, David Jones wrote: If you are running a local DNS cache like this list and the SA documention recommends, does this really matter?  My MTA should have already queried this before SA does it so it should be in the local DNS cache and not require a full recursive lookup from

Re: Barracuda Reputation Block List (BRBL) removal from the SA ruleset

David Jones skrev den 2018-02-05 16:36: If you are running a local DNS cache like this list and the SA documention recommends, does this really matter? My MTA should have already queried this before SA does it so it should be in the local DNS cache and not require a full recursive lookup from t

Re: Barracuda Reputation Block List (BRBL) removal from the SA ruleset

On 02/05/2018 09:26 AM, Benny Pedersen wrote: David Jones skrev den 2018-02-05 15:09: ifplugin Mail::SpamAssassin::Plugin::DNSEval header  __RCVD_IN_BRBL  eval:check_rbl('brbl', 'bb.barracudacentral.org') tflags  __RCVD_IN_BRBL  net header  __RCVD_IN_BRBL_2    eval

Re: Barracuda Reputation Block List (BRBL) removal from the SA ruleset

David Jones skrev den 2018-02-05 15:09: ifplugin Mail::SpamAssassin::Plugin::DNSEval header __RCVD_IN_BRBL eval:check_rbl('brbl', 'bb.barracudacentral.org') tflags __RCVD_IN_BRBL net header __RCVD_IN_BRBL_2eval:check_rbl_sub('brbl', '127.0.0.2') meta

Barracuda Reputation Block List (BRBL) removal from the SA ruleset

Heads up! This RBL has been removed from the core SA ruleset. In 36 to 48 hours sa-update will remove the RCVD_IN_BRBL_LASTEXT rule after it has gone through the masscheck and rule promotion process. Details can be found here: https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7417 To add

Re: sa-update ruleset updates enabled again

On 11/19/2017 08:45 AM, David Mehler wrote: Hi, How does one get the new SA update rules? Thanks. Dave. Basically run the sa-update command. This should be cron'd or otherwise run automatically by whatever "glue" is calling Spamassassin. The "glue" could be an MTA like Postfix/Sendmail/

Re: sa-update ruleset updates enabled again

On 11/18/2017 09:37 PM, John Hardin wrote: On Sun, 19 Nov 2017, Benny Pedersen wrote: David Jones skrev den 2017-11-18 16:26:  Heads up.  DNS updates for sa-update have been enabled again. The next  rules promotion will happen in about 11 hours around 2:30 AM UTC. heads up :=) : delivery vi

Re: sa-update ruleset updates enabled again

On 11/18/2017 09:46 AM, Benny Pedersen wrote: David Jones skrev den 2017-11-18 16:26: Heads up.  DNS updates for sa-update have been enabled again. The next rules promotion will happen in about 11 hours around 2:30 AM UTC. may i ask why you tld block me ? sorry for asking here, private mails

Re: sa-update ruleset updates enabled again

On Sun, 19 Nov 2017, Benny Pedersen wrote: David Jones skrev den 2017-11-18 16:26: Heads up.  DNS updates for sa-update have been enabled again. The next rules promotion will happen in about 11 hours around 2:30 AM UTC. heads up :=) : delivery via smtp.ena.net[96.5.1.4]:25: host smtp.e

Re: sa-update ruleset updates enabled again

David Jones skrev den 2017-11-18 16:26: Heads up.  DNS updates for sa-update have been enabled again. The next rules promotion will happen in about 11 hours around 2:30 AM UTC. heads up :=) : delivery via smtp.ena.net[96.5.1.4]:25: host smtp.ena.net[96.5.1.4] said: 554 5.7.1 : Sender a

Re: sa-update ruleset updates enabled again

David Jones skrev den 2017-11-18 16:26: Heads up.  DNS updates for sa-update have been enabled again. The next rules promotion will happen in about 11 hours around 2:30 AM UTC. may i ask why you tld block me ? sorry for asking here, private mails does not work

sa-update ruleset updates enabled again

Heads up.  DNS updates for sa-update have been enabled again. The next rules promotion will happen in about 11 hours around 2:30 AM UTC. -- David Jones

Re: Ruleset updates via nightly masscheck status

or because I had patched my DKIM.pm plugin for testing the new DKIM_VALID_EF rule (intended to be used in meta rules).  I confirmed what you found on my default Fedora 26 installation. I have fixed the rulesets, specifically 25_dkim.cf and 50_scores.cf, to check for the SA version to remove this err

Re: Ruleset updates via nightly masscheck status

o be used in meta rules).  I confirmed > what you found on my default Fedora 26 installation. > > I have fixed the rulesets, specifically 25_dkim.cf and 50_scores.cf, to > check for the SA version to remove this error and tested it.  Monday's > ruleset should have this fix

Re: Ruleset updates via nightly masscheck status

ended to be used in meta rules). I confirmed what you found on my default Fedora 26 installation. I have fixed the rulesets, specifically 25_dkim.cf and 50_scores.cf, to check for the SA version to remove this error and tested it. Monday's ruleset should have this fix after tomorrow&#x

Re: Ruleset updates via nightly masscheck status

>> >> Please provide feedback in the next 48 hours -- positive or negative so >> I know we are good to enable DNS updates again on Sunday. >> > > After installing these rules, I'm seeing one warning in my log during > spamassassin reload: > > Oct 27 09:48:24 myhostname spamd[16256]: rules: failed

Re: Ruleset updates via nightly masscheck status

t http://sa-update.ena.com/1813149.tar.gz.asc >>> sa-update -v --install 1813149.tar.gz > > Last night's run also successfully put the last known good 72_scores.cf > from March into the ruleset. > > Steps to manually installing last night's ruleset: > > c

Re: Ruleset updates via nightly masscheck status

s run also successfully put the last known good 72_scores.cf from March into the ruleset. Steps to manually installing last night's ruleset: cd /tmp wget http://sa-update.ena.com/1813258.tar.gz wget http://sa-update.ena.com/1813258.tar.gz.sha1 wget http://sa-update.ena.com/1813258.tar.gz.asc

Re: Just interested: MIME validation ruleset and ASCII-0

30.05.2013 14:38, Simon Loewenthal kirjoitti: > > Hi there, > > The SA custom rulesets page refers to /MIME validation/ ruleset. This > is a small .cf file. I am interested in this rule: > > # ASCII-0 can crash mail clients. This is an absolute NO! > rawbody MIM

Just interested: MIME validation ruleset and ASCII-0

Hi there, The SA custom rulesets page refers to _MIME validation_ ruleset. This is a small .cf file. I am interested in this rule: # ASCII-0 can crash mail clients. This is an absolute NO! rawbody MIME_ASCII0 // describe MIME_ASCII0 Message body contains ASCII-0 character score MIME_ASCII0

Re: Using ZMI_GERMAN ruleset

Sorry for the delay. I don't read the list normally, so please always CC me if you want to reach me. On Mittwoch, 16. November 2011 Stefan Jakobs wrote: > the published ruleset in the update channel is much older than the > ruleset on the named website. > > #

Re: Using ZMI_GERMAN ruleset

* Stefan Jakobs [2011-11-16 11:28]: > Hi list, > > the published ruleset in the update channel is much older than the ruleset on > the named website. > > # dig +short -t txt 2.3.3.70_zmi_german.cf.zmi.sa-update.dostech.net txt > "20100831" > &g

Re: Using ZMI_GERMAN ruleset

of course. And it should still be fast in terms of CPU as if there's (rule __ZMIde_SALE5) no "In den l" in the message, the regex shouldn't have to search too much, right? At least I'd guess it's an optimized search which compares in 64bit steps, which is 8 chars

Re: Using ZMI_GERMAN ruleset

internationalen Ebene hinaufsteigen/ is not efficient Its "efficient" in terms of "filtering only spam with zero false positives", which is top priority for this ruleset. And you picked a very old and very long rule. Most rules nowadays are just one or even only part o

Re: Using ZMI_GERMAN ruleset

internationalen Ebene hinaufsteigen/ > > is not efficient Its "efficient" in terms of "filtering only spam with zero false positives", which is top priority for this ruleset. And you picked a very old and very long rule. Most rules nowadays are just one or even only part of a

Re: Using ZMI_GERMAN ruleset

Hi list, the published ruleset in the update channel is much older than the ruleset on the named website. # dig +short -t txt 2.3.3.70_zmi_german.cf.zmi.sa-update.dostech.net txt "20100831" Is the update with sa-update still supported? Thanks and kind regards Stefan &g

Re: Using ZMI_GERMAN ruleset

On 2011-10-31 14:43, Michael Monnerie wrote: Dear list, I'd like to receive some feedback on the usage of zmi_german. If you use it, please report to spam-ger...@zmi.at and tell me what you think about it. The ruleset is designed to filter only german spam, and is very safe. Not a s

Using ZMI_GERMAN ruleset

Dear list, I'd like to receive some feedback on the usage of zmi_german. If you use it, please report to spam-ger...@zmi.at and tell me what you think about it. The ruleset is designed to filter only german spam, and is very safe. Not a single report this year about FPs. If you didn

Re: How to remove a domain from a stock or third-party 2tld ruleset?

Kris Deugau wrote: Karsten Bräckelmann wrote: Another approach, since I understand you want to query against a local URI DNSBL, is simply to use wildcard DNS entries. Thus, regardless of a 2tld listing and the resulting DNS lookup, it would return the same listing for the pure TLD and a second l

Re: How to remove a domain from a stock or third-party 2tld ruleset?

On 2010-05-28 23:57, Kris Deugau wrote: Karsten Bräckelmann wrote: On Wed, 2010-05-26 at 11:35 -0400, Kris Deugau wrote: Is there any way to take a domain listed with util_rb_2tld, and "un-2tld" it (similar to how you can unwhitelist stock whitelist entries if they don't work well with your ma

Re: How to remove a domain from a stock or third-party 2tld ruleset?

Karsten Bräckelmann wrote: On Wed, 2010-05-26 at 11:35 -0400, Kris Deugau wrote: Is there any way to take a domain listed with util_rb_2tld, and "un-2tld" it (similar to how you can unwhitelist stock whitelist entries if they don't work well with your mail)? IIRC this is not possible. Well, p

Re: How to remove a domain from a stock or third-party 2tld ruleset?

On Wed, 2010-05-26 at 11:35 -0400, Kris Deugau wrote: > Is there any way to take a domain listed with util_rb_2tld, and > "un-2tld" it (similar to how you can unwhitelist stock whitelist entries > if they don't work well with your mail)? IIRC this is not possible. Well, possible, but there's jus

How to remove a domain from a stock or third-party 2tld ruleset?

Is there any way to take a domain listed with util_rb_2tld, and "un-2tld" it (similar to how you can unwhitelist stock whitelist entries if they don't work well with your mail)? I recently came across a "free-subsite" domain that seems to be part of a cluster of **very** similar sites which I'

RE: GERMAN ruleset extended

> Dear users, > > I felt I didn't advertise our GERMAN ruleset since a long time: > > http://wiki.apache.org/spamassassin/CustomRulesets Good hint. Thank you. Giampaolo

GERMAN ruleset extended

Dear users, I felt I didn't advertise our GERMAN ruleset since a long time: http://wiki.apache.org/spamassassin/CustomRulesets Please feel free to implement it to catch out german spam. Should you use it and still receive german spam, please report that mail *including all headers* to

Re: SOUGHT ruleset FP

es one wonder how that string ends up quite massively in spam traps. I did consider that. Without seeing the spam, of course, I can't say whether they are spamming or whether their name is being abused. All I have is a legitimate mail from them and a report that it is blocked. > > I know

Re: SOUGHT ruleset FP

me of their company. > > Makes one wonder how that string ends up quite massively in spam traps. > >> I know SOUGHT is an auto-generated ruleset; just wondering if >> there is there any way to remove false positives before the set is > > Yes. The Seek bits are cross-checke

Re: SOUGHT ruleset FP

o get them to send me the message, and it hits rule > __SEEK_5ID3LI "Conti nuum Intern ational Publishing" (spaces > added!) which is the name of their company. Makes one wonder how that string ends up quite massively in spam traps. > I know SOUGHT is an auto-generated ruleset; j

SOUGHT ruleset FP

Intern ational Publishing" (spaces added!) which is the name of their company. I know SOUGHT is an auto-generated ruleset; just wondering if there is there any way to remove false positives before the set is generated? Otherwise I'll add local rules to compensate against this one. Thank

Re: Hijacked thread :) (was: ruleset for German...)

On Mon, 15 Mar 2010, Karsten Bräckelmann wrote: The TextCat plugin. Even part of stock SA, though not enabled by default. Supports per-user settings. (nod) For reasons specific to my MTA, I can't run SA 'per user', but I can choose the most common languages (en fr) in our system's mail and fla

Re: [sa] Re: ruleset for German Bettchen and Schlafzimmer spam

On Mon, Mar 15, 2010 at 11:17:09PM +0100, Karsten Bräckelmann wrote: > On Mon, 2010-03-15 at 11:15 -0400, Charles Gregory wrote: > > H. I guess this goes back to my inquiry about the Brazilian spam > > > > I'm still looking for a way (hopefully) to simply identify the *language* > > of th

Re: [sa] Re: ruleset for German Bettchen and Schlafzimmer spam

On Mon, 2010-03-15 at 11:15 -0400, Charles Gregory wrote: > H. I guess this goes back to my inquiry about the Brazilian spam > > I'm still looking for a way (hopefully) to simply identify the *language* > of the mail (when not determined from CHARSET_FARAWAY rules), so that our > users m

Re: [sa] Re: ruleset for German Bettchen and Schlafzimmer spam

On Sun, 14 Mar 2010, Jörg Frings-Fürst wrote: take a look at http://wiki.apache.org/spamassassin/CustomRulesets and search to "German Language Ruleset". H. I guess this goes back to my inquiry about the Brazilian spam I'm still looking for a way (hopefully) to simp

Re: ruleset for German Bettchen and Schlafzimmer spam

Am 15.03.2010 03:14, schrieb Marcus: > Am Sonntag, den 14.03.2010, 23:31 +0100 schrieb Kai Schaetzl: >> Marcus wrote on Sun, 14 Mar 2010 21:16:31 +0100: >> >>> The messages differ in subject and body. >> >> Do they? Hm, I must have overlooked this in your first message. Oh, wait, >> after reading

Re: ruleset for German Bettchen and Schlafzimmer spam

Am Sonntag, den 14.03.2010, 23:31 +0100 schrieb Kai Schaetzl: > Marcus wrote on Sun, 14 Mar 2010 21:16:31 +0100: > > > The messages differ in subject and body. > > Do they? Hm, I must have overlooked this in your first message. Oh, wait, > after reading it a second time I still can't see it. I t

Re: ruleset for German Bettchen and Schlafzimmer spam

Marcus wrote on Sun, 14 Mar 2010 21:16:31 +0100: > The messages differ in subject and body. Do they? Hm, I must have overlooked this in your first message. Oh, wait, after reading it a second time I still can't see it. I think you must have forgotten to mention it. If you want help from the mai

Re: ruleset for German Bettchen and Schlafzimmer spam

my spamassassin for > > about a week. It decects some of them, but most are going through. All > > other kind of spam is detected very well. Did some know oder wrote a > > ruleset? > > what is so difficult to match against Bettchen or Schlafzimmer? The messages differ in su

Re: ruleset for German Bettchen and Schlafzimmer spam

t most are going through. All > other kind of spam is detected very well. Did some know oder wrote a > ruleset? > > Ciao, > Marcus > Hi Marcus, take a look at http://wiki.apache.org/spamassassin/CustomRulesets and search to "German Language Ruleset". CU Joerg Frings-Fuerst

Re: ruleset for German Bettchen and Schlafzimmer spam

ng through. All > other kind of spam is detected very well. Did some know oder wrote a > ruleset? what is so difficult to match against Bettchen or Schlafzimmer? I'd say even a complete newbie will have this rule up and running after ten minutes and reading the rules how-to on the

ruleset for German Bettchen and Schlafzimmer spam

Hi, I'm getting a lot of these German 'Mehr aus dauer in Ihrem Bettchen' and 'Mehr ausdauer in Ihrem Schlafzimmer'. I've learnd my spamassassin for about a week. It decects some of them, but most are going through. All other kind of spam is detected very well. Did

Re: SpamAssassin Ruleset Generation

On Tue, 2009-10-06 at 13:50 -0700, an anonymous Nabble user wrote: > Other than the sought rules, all the rules are manually generated? Actually, as has been said, I believe all stock rules are manually written. There are some third-party rule-sets out there that are auto generated -- not limited

Re: SpamAssassin Ruleset Generation

sage should be considered DEAD. The antidrug set is no longer maintained separately from the mailline ruleset, and hasn't been for years. If you want to break the rules down a bit, here's some tips: The rules are in general designed to detect common methods to obscure text by inserti

Re: SpamAssassin Ruleset Generation

ruleset. The CREDITS file in the sources should list all of the contributors. Some contributors may not have added their names to that file, though. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org

Re: SpamAssassin Ruleset Generation

Hi, > Other than the sought rules, all the rules are manually generated? Is there > any statistics on how frequently are new rules/regex adopted by > spamassasssin? Who are the people who write them? Any details related to Information on Justin Mason's SOUGHT rules is here: http://taint.org/2007

Re: SpamAssassin Ruleset Generation

y are new rules/regex adopted by spamassasssin? Who are the people who write them? Any details related to it? thnx -- View this message in context: http://www.nabble.com/SpamAssassin-Ruleset-Generation-tp25773508p25776307.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.

Re: SpamAssassin Ruleset Generation

Bowie Bailey wrote: > > > > http://www.google.com/search?q=spamassassin+sought > :-D - Thnx -- View this message in context: http://www.nabble.com/SpamAssassin-Ruleset-Generation-tp25773508p25776303.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.

Re: SpamAssassin Ruleset Generation

poifgh wrote: > > RW-15 wrote: > >> On Tue, 6 Oct 2009 11:08:28 -0700 (PDT) >> poifgh wrote: >> >> >>> I have a question about - understanding how are rulesets generated for >>> ... >>> a. Is it done manually with people writing regex to see how >>> efficiently they capture spams? >>> b. I

Re: SpamAssassin Ruleset Generation

ional sought rules? -- View this message in context: http://www.nabble.com/SpamAssassin-Ruleset-Generation-tp25773508p25776105.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.

Re: SpamAssassin Ruleset Generation

On Tue, 6 Oct 2009 11:08:28 -0700 (PDT) poifgh wrote: > > I have a question about - understanding how are rulesets generated for > ... > a. Is it done manually with people writing regex to see how > efficiently they capture spams? > b. Is there an algorithm that identifies large corpus of spam a

SpamAssassin Ruleset Generation

in context: http://www.nabble.com/SpamAssassin-Ruleset-Generation-tp25773508p25773508.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.

Re: Optional Tests in Main Ruleset?

On Thu, 2009-06-11 at 09:18 -0400, Charles Gregory wrote: > Hallo! > > I've noticed a few rules now that seem to score *very* low. > For example: DYN_RDNS_AND_INLINE_IMAGE=0.001 There are a lot of possible reasons for that, including informative only rules (which are likely to have a description

Optional Tests in Main Ruleset?

Hallo! I've noticed a few rules now that seem to score *very* low. For example: DYN_RDNS_AND_INLINE_IMAGE=0.001 Are these rules 'in development' and therefore not being assigned a significant score as of yet? Or, more interestingly, do they represent an 'optional' set of rules that can be 'act

Re: ruleset

JC Putter wrote: > where can i find more rulesets? using openprotect sare rules and > sought rulesets > That's about all there are... A few folks have odds and ends rules posted on their webpages/blogs/etc, but they're of mixed quality. Is there a particular reason your looking for more rulesets?

Re: ruleset

On 24.03.09 15:59, JC Putter wrote: > where can i find more rulesets? using openprotect sare rules and sought > rulesets build your own rulesets? SARE rulesets aren't updated anymore afaik (and thus number of false-positives is increasing). Do you have any problem that can't be solved by fine-tu

ruleset

where can i find more rulesets? using openprotect sare rules and sought rulesets __ Information from ESET NOD32 Antivirus, version of virus signature database 3957 (20090324) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com -- This message has been sca

Re: how to make a custom ruleset

Just fyi, this particular topic keeps getting raised here. It'd be great if people would search the list archives. :) One of the last times around: http://www.nabble.com/forum/ViewPost.jtp?post=21296293&framed=y In short, if you want to do this, write a plugin. REs are great until you get comp

Re: how to make a custom ruleset

Adi, > First, it read the sender, and put it into a variable > Then, it check, if the recipient is the same as that variable > if true, then give score 3.0 The trick is to let a regexp see an entire mail header section. Unfortunately it means we can't reuse already parsed addresses in From and To

Re: how to make a custom ruleset

On Fri, 6 Mar 2009, Adi Nugroho wrote: It is working well, but not global (just check for my.address, and not for everyone). Actually, it _is_ global, as it can only match on the domain name. Any mail from any user in your domain to any other user in your domain will hit this rule. Please

RE: how to make a custom ruleset

Adi Nugroho wrote: > On Thursday 05 March 2009 23:44:39 Benny Pedersen wrote: > > header SELF_FROM From =~ /\...@my.address/i > > header SELF_TO To =~ /\...@my.address/i > > meta SELF (SELF_FROM && SELF_TO) > > describe SELF Trap mail with forged sender the same as recipient > > score SELF 3.0 > >

Re: how to make a custom ruleset

On Thursday 05 March 2009 23:44:39 Benny Pedersen wrote: > header SELF_FROM From =~ /\...@my.address/i > header SELF_TO To =~ /\...@my.address/i > meta SELF (SELF_FROM && SELF_TO) > describe SELF Trap mail with forged sender the same as recipient > score SELF 3.0 Finally I understand above rule.

Re: how to make a custom ruleset

Adi Nugroho wrote on Fri, 6 Mar 2009 10:40:26 +0800: > Is there a howto about this ruleset? http://wiki.apache.org/spamassassin/WritingRules Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com

Re: how to make a custom ruleset

.0 I have tried above syntax but failed. No mail identified as SELF. Is there a howto about this ruleset?

Re: how to make a custom ruleset

On Mar 5, 2009, at 7:28, Martin Gregorie wrote: On Thu, 2009-03-05 at 21:31 +0800, Adi Nugroho wrote: I found that a lot of spam is using recipient email address as the sender. (from a...@internux.co.id to a...@internux.co.id, or from i...@apache.org to i...@apache.org). The only disadvan

Re: how to make a custom ruleset

On Thu, March 5, 2009 17:31, John Hardin wrote: >> header SELF_FROM From =~ /\...@my.address/i >> header SELF_TO To =~ /\...@my.address/i > > Are you sure you want to give 1 point to each of those cases in > addition to whatever points the meta adds? it was not me that maked the rules, just edit

  1   2   3   >