Re: Broken images in mails

--On Tuesday, August 08, 2006 11:51 AM +0200 decoder <[EMAIL PROTECTED]> wrote: as I recently mentioned in the FuzzyOcr Thread, I found quite a lot mails that contain broken or corrupted gifs. Until we have a better answer, I'd reject anything with an unrecognizable format. It might be an at

Re: Word Doc spam

--On Wednesday, August 09, 2006 1:01 AM +0200 Mark Martinec <[EMAIL PROTECTED]> wrote: In the FreeBSD ports collection it comes under: textproc/antiword or fetch it from its home site: http://www.winfield.demon.nl/ Cool. What's involved in integrating this into SA? Can the image plugin machi

Re: Broken images in mails

--On Wednesday, August 09, 2006 12:18 AM +0200 decoder <[EMAIL PROTECTED]> wrote: I am also thinking about scanning all attachments, no matter if the content type specifies image or not (in the current version 2.0, only attachments that have image in their content type are scanned with format a

RE: Image spam with inline jpeg image

--On Wednesday, August 09, 2006 3:54 PM -0500 Logan Shaw <[EMAIL PROTECTED]> wrote: This is purely a philosophical argument, but something seems wrong about the idea of using a package manager to manage volatile data files in /var. The problem is not the use of the package manager but the pla

Re: Image spam with inline jpeg image

--On Wednesday, August 09, 2006 7:33 PM -0700 jdow <[EMAIL PROTECTED]> wrote: For about a femto-second, perhaps. There is too much YMMV involved with the SARE rule sets to make it practical as an rpm solution. True, this is the real problem with packaging SARE: There's no clear separation of

Re: SA and MTA message filtering

--On Friday, August 18, 2006 11:17 AM -0400 Sanford Whiteman <[EMAIL PROTECTED]> wrote: Three out of your four objectives are markedly off-topic: there's no reason for SA to ever see mail for unknown local recipients. Those messages should be rejected by the MTA, using either your text fi

Re: animated GIF spam

--On Tuesday, August 22, 2006 1:07 AM -0500 "Chip M." <[EMAIL PROTECTED]> wrote: For interlaced ... I have no idea. Depends a lot on how the interlaced images are stored, I guess. Yes, exactly. Until there's samples, I'm not going to worry about it. There's also progressive JPEG.

Re: Where to install imageinfo.pm?

--On Thursday, August 24, 2006 2:12 PM +0530 BG Mahesh <[EMAIL PROTECTED]> wrote: I am using SA-3.1.4. I am in the process of installing http://www.rulesemporium.com/plugins.htm Where do I install ImageInfo.pm[which directory]? On Fedora I pu

Discourage broken content (was: Broken images in mails)

--On Friday, August 25, 2006 12:05 AM -0700 Plenz <[EMAIL PROTECTED]> wrote: I disagree. To check out what happens I converted a JPG picture into a GIF file and sent it to myself. One time I converted it with IrfanView and the second time with PaintShop Pro. Both GIF files had the result "gift

Re: Discourage broken content

--On Tuesday, August 29, 2006 9:41 AM +0100 Anthony Peacock <[EMAIL PROTECTED]> wrote: This issue is currently being discussed on the MailScanner users list, under the Subject "Max SpamAssassin Size problems". Which can be found here:

Re: Discourage broken content

--On Tuesday, August 29, 2006 9:58 AM +0100 Justin Mason <[EMAIL PROTECTED]> wrote: I'm sure they know this -- but there are dangers there too. It's pretty trivial in HTML to craft a MIME part that contains 100 KB of innocent-looking HTML, followed by 4 KB of spam payload, where the payload is

Re: Tesseract OCR open sourced

Theo just mentioned this on the -devel list:

Re: Hacked E-Trade Phishing Site

--On Friday, September 01, 2006 9:25 AM -0400 Gino Cerullo <[EMAIL PROTECTED]> wrote: And he's signed his work this time. Hail 'The Fat Bastard Controller' :P Whooop! I tried to post direct links to other hacked sites but didn't see it go to the list. So here's the google term I used to fin

Re: RPM -vs- CPAN install

--On Wednesday, September 06, 2006 9:53 PM -0400 Theo Van Dinter <[EMAIL PROTECTED]> wrote: If you modify the spec file it can, but generally speaking you can just grab the tools out of the tarball. IMO, the tools should end up in contrib since we don't actually support them. How about addin

Re: RPM -vs- CPAN install

--On Wednesday, September 06, 2006 1:46 PM -0400 Joey <[EMAIL PROTECTED]> wrote: is there any real advantage to using cpan or source code over rpms, if I don't really do any code modifications etc to spamassasin? RPM and CPAN are packaging systems, and each uses its own database to remember

Re: RPM -vs- CPAN install

--On Thursday, September 07, 2006 11:38 AM -0400 Theo Van Dinter <[EMAIL PROTECTED]> wrote: To be honest, I'd be more partial to removing tools and contrib (and masses and ...) from the tarball and make them available separately. It'd be pretty easy IMO. I believe that the vast majority of peo

Re: RPM -vs- CPAN install

Ah, I see you opened an issue against this:

Re: postcard exploit email

--On Monday, September 11, 2006 8:12 AM -0700 "John D. Hardin" <[EMAIL PROTECTED]> wrote: Maybe we need a base rule for URL links directly to executable content... MIMEDefang rejects content with executable extensions. The list of extensions is configurable. (.com is a pain because it also a

Re: SpamAssassin add

On Thursday, September 14, 2006 9:06 AM + Michele Petrazzo <[EMAIL PROTECTED]> wrote: always, when I install spamassassin to my custumers, I create them a imap account (called normally spam), that has two folders, spam and no-spam, where the users move the "not signed has spam, or signed h

Forum mail identified as spam

I just signed up for the UltraVNC support forum and its activation email got bounced by SA 3.1.4 with a pretty high spam score. I added a whitelist entry to my config and re-applied under a second email address and filed a report in the forum:

Re: Forum mail identified as spam

On Friday, September 15, 2006 1:39 PM -0700 Evan Platt <[EMAIL PROTECTED]> wrote: At 01:29 PM 9/15/2006, you wrote: I just signed up for the UltraVNC support forum and its activation email got bounced by SA 3.1.4 with a pretty high spam score. I added a whitelist entry to my config and re-appl

Re: Forum mail identified as spam

On Friday, September 15, 2006 4:38 PM -0400 Theo Van Dinter <[EMAIL PROTECTED]> wrote: Without seeing the rules that hit it's hard to tell you what's up. Sorry about that. I'd pasted them into the linked forum thread so the forum operator could see the hits. Content analysis details: (8.

RCVD_IN_WHOIS_INVALID

2.2 RCVD_IN_WHOIS_INVALID RBL: CompleteWhois: sender on invalid IP block [65.119.30.206 listed in combined-HIB.dnsiplists.completewhois.com] I just got an order confirmation from Newegg and it got a big score boost of 2.2 from this rule. What does this rule mean? I ran the address t

Re: Spamassassin from CPAN and sa-update location.

--On Friday, October 06, 2006 10:37 AM -0500 Bookworm <[EMAIL PROTECTED]> wrote: When I build SpamAssassin using the CPAN method, it installs the test files (20_anti_ratware.cf and similar) in /usr/share/spamassassin. However, sa-update shoves updates into /var/lib/spamassassin/3.001005/upda

"Re: Hi" spam

I noticed today an unusually high incidence of spam subject lines of "Re: Hi", and I don't see a rule for this in the distribution. Do others see this much in legitimate mail? Or could it make a good rule?

Re: Concerned with scores for from rfc-ignorant.org

--On Friday, October 13, 2006 9:23 AM +0100 Justin Mason <[EMAIL PROTECTED]> wrote: Please bear in mind, also, that there are 5 different rules that use RFCI data, and they have wildly varying accuracies and scores: SPAM%HAM%S/ORANKSCORE NAME 3.7247 0.0540 0.986 0.852

RE: Any suggestions for 'postmaster' spams?

--On Monday, October 16, 2006 7:53 AM -0700 R Lists06 <[EMAIL PROTECTED]> wrote: Make another and use it for all lists. When you get spammed on it, change it slightly, unsub the other and sub the new to all the lists you are on. Plussed addressing helps here. I hate web forms that refuse to l

Re: SpamAssassin 3.1.0-pre2 PRERELEASE available! (migrating Bayes from DB_File)

--On Wednesday, June 29, 2005 6:45 PM -0700 Justin Mason <[EMAIL PROTECTED]> wrote: - added PostgreSQL, MySQL 4.1+, and local SDBM file Bayes storage modules. SQL storage is now recommended for Bayes, instead of DB_File. NDBM_File support has been dropped due to a major bug in that module.

Re: [sa-list] Re: SpamAssassin 3.1.0-pre2 PRERELEASE available! (migrating Bayes

--On Thursday, June 30, 2005 12:48 AM -0400 "Dan Mahoney, System Admin" <[EMAIL PROTECTED]> wrote: Personally, in trying to migrate thousands of per-user bayes into SQL, I found that it a) took forever and b) consumed so much memory that I just found it an easier approach to say "screw it" and

Re: SpamAssassin 3.1.0-pre2 PRERELEASE available! (migrating Bayes from DB_File)

--On Thursday, June 30, 2005 12:31 AM -0500 Michael Parker <[EMAIL PROTECTED]> wrote: Sure, here is a basic procedure: http://wiki.apache.org/spamassassin/BayesMigration Great, that looks very helpful. The page starts with "There are now multiple backend storage modules" What is "now"?

Re: Fedora changed SpamAssassin default level to 7?

(Quoted in full for Warren, the Fedora contact.) --On Tuesday, July 12, 2005 12:06 AM -0700 jdow <[EMAIL PROTECTED]> wrote: Justin Mason wrote: > fyi, if you're using Fedora Core -- > http://blog.dave.org.uk/archives/000715.html > > totally unconfirmed, but worth noting in case that really is t

Re: Fedora changed SpamAssassin default level to 7?

Reply from Warren: Kenneth, Thanks for alerting to me to this. I tried to post to the list, but it appears to be extremely slow or down at the moment or something. jdow wrote: Justin Mason wrote: fyi, if you're using Fedora Core -- http://blog.dave.org.uk/archives/000715.html totally unco

Russian Spamassassin

We sometimes joke about the grisly nature of our favorite software's name, but apparently someone's finally made it real: Russian Media Hails Spammer’s Murder Anton Nossik MosNews.Com Russia’s most (in)famous spammer, Vardan Kushni

Re: Rule for subjects that start with a whitespace

--On Friday, August 05, 2005 6:03 PM -0700 Loren Wilton <[EMAIL PROTECTED]> wrote: I think a lot of mail/news programs assume that the subject body starts immediately after "Subject: ", unless the character immediately after the colon isn't a space, in which case the subject starts there. How

Re: Testing with four spaces before "Testing" was Re: Rule for subjects that start with a whitespace

--On Saturday, August 06, 2005 3:23 AM -0700 jdow <[EMAIL PROTECTED]> wrote: Tells me that dovecot normalizes headers to include exactly one space. (I did a little more testing with zero spaces squeezed through procmail to my mail folder. It came through that just fine. But it lost the customiz

Re: Testing with four spaces before "Testing" was Re: Rule for subjects that start with a whitespace

--On Saturday, August 06, 2005 4:18 PM -0700 jdow <[EMAIL PROTECTED]> wrote: By that I meant that "telnet localhost pop3" followed by an "retr 1" (once logged in) showed the spaces normalized to exactly one in all cases. That's interesting... I just went checking my uncaught spam folder for

Re: ANNOUNCE: SpamAssassin 3.1.0-rc1 release candidate available!

--On Saturday, August 13, 2005 6:58 PM -0400 Theo Van Dinter <[EMAIL PROTECTED]> wrote: On Sat, Aug 13, 2005 at 03:07:14PM +0530, Ramprasad A Padmanabhan wrote: When I build the rpm from the spec file ( on fedora core 3 ) the spamassassin-tools rpm is not created. Was it not a part of SA. Th

Re: Using SQL

--On Wednesday, August 17, 2005 6:28 PM +0700 Dhanny Kosasih <[EMAIL PROTECTED]> wrote: I use MySQL to store bayesian value, may i store all configuration in MySQL (system wide configuration and user spesific configuration) ? Two wiki pages I found:

Re: Using SQL

--On Wednesday, August 17, 2005 6:28 PM +0700 Dhanny Kosasih <[EMAIL PROTECTED]> wrote: I use MySQL to store bayesian value, may i store all configuration in MySQL (system wide configuration and user spesific configuration) ? Another online page:

Re: SpamAssassin 3.10rc1 works great

--On Wednesday, August 17, 2005 10:54 AM -0700 Dan Kohn <[EMAIL PROTECTED]> wrote: Since people are always using these lists to complain about bugs, I just wanted to briefly mention how well 3.01rc1 is working for me. Ditto. I'm particularly pleased with the fuzzy stuff for matching obfuscat

Re: Pharamcudical list of words in a table

--On Tuesday, September 06, 2005 12:38 AM -0700 List Mail User <[EMAIL PROTECTED]> wrote: You have the unfortunate luck of being on the cutting edge of the spam runs, most of these domains are now in 4 or 5 SURBL lists, which will give you scores of close to 12 alone. Greylisting woul

Re: Migrating Bayes from DBM to SQL

--On Tuesday, September 20, 2005 11:11 AM +1200 Tom Munro Glass <[EMAIL PROTECTED]> wrote: Thanks for the reply Rick but this hasn't helped. Firstly, most of my users are not allowed to login so I can't use "su". You can try "su -c". I don't think that needs a shell, as it's the syntax used

Re: Drug e-mail obfuscated with

--On Monday, September 19, 2005 10:35 PM -0700 Loren Wilton <[EMAIL PROTECTED]> wrote: Ie a test for lots of divs that have been floated left and contain lots of breaks? Really bad thing to test for. FPs all over the place. What kind of "legitimate" MUA spews crap like that?

RE: 3.04 to 3.1.0 impressions?

--On Friday, September 23, 2005 9:54 AM -0500 Herb Martin <[EMAIL PROTECTED]> wrote: I have been using dev builds and each RC for a month or more and love it. It runs smoother and with fewer oddities than 3.04 etc. I have been on 3.10 since a couple of days after the release (it only took tha

Explosion in uk.geocities.com spam

Lately I've been seeing quite a bit of uncaught spam with a link to uk.geocities.com. Using 3.1.0 release with net tests. Here's my "uncaught" (false negatives) folder for October (which I feed nightly into sa-learn):

Stupid spammer rule

Been getting a few of these: From: "{%NAME_FROM}" <[EMAIL PROTECTED]> To: "{%NAME_TO}" <[EMAIL PROTECTED]> Anyone have a rule to nuke them?

SA for Fedora Core 2 (was: new mail admin needing help)

--On Friday, October 28, 2005 2:07 PM -0400 Ryan O'Neil <[EMAIL PROTECTED]> wrote: We currently have a fedora core 2 server running Sendmail, SpamAssassin 2.63. I'd like to upgrade to the newest version of SA 3.1.0 I'm aware that some of the user prefs and local.cf will need changed afterwards

Re: Blocking on tld and/or HELO with own domain

--On Sunday, November 13, 2005 11:26 PM + Craig McLean <[EMAIL PROTECTED]> wrote: Ok, well if you read my last message, I've indicated a better way than appending the whole thing in. Just include it using a line like: include(`/usr/share/sendmail-cf/hack/block_bad_helo.m4')dnl to your sen

Re: Unicode right to left HTML override obsfucation

--On Friday, November 18, 2005 1:36 PM +0200 Sean Doherty <[EMAIL PROTECTED]> wrote: Is there any rules available for catching messages that use the unicode right to left override in HTML to reverse text (sample attached)? For instance 'H‬olle‮ W#8236;dlro‮' would render as 'Hello World' I've

Re: Clever Spammers, Anything to catch this?

--On Sunday, November 20, 2005 6:31 PM +0100 Kai Schaetzl <[EMAIL PROTECTED]> wrote: 1.7 SARE_SPEC_LEO_LINE04 RAW: common Leo body text That's the only non-RBL non-SURBL rule you're hitting on. It can be found here: Why isn't it hit

Anti-virus strategy

--On Wednesday, November 23, 2005 10:07 AM -0500 Bowie Bailey <[EMAIL PROTECTED]> wrote: It's always good to have multiple layers. We have ClamAV on the mail server and Symantec Corporate Edition on the desktops. I haven't had any problems with Clam. We had a few Sober.U get through before t

Greylisting enhancements (was: US winning war on spam ?!?!?!)

--On Wednesday, December 21, 2005 2:39 PM -0500 Matt Kettler <[EMAIL PROTECTED]> wrote: Perhaps a better term is "selective greylisting" I'm Using milter-greylists's acls. My default is to whitelist (ie: not greylist) but I have an extensive set of ACLs that use regexes to greylist most dialup

Re: Dealing with low scoring spam - tighter MTA integration [was: 2 + 2 != 4 - Spamassassin needs a new paradigm]

--On Wednesday, March 04, 2009 4:02 PM +0100 Andrzej Adam Filip wrote: May be spamassassin should create set of tests intended for use before replying "RCPT TO:" in SMTP session? Check out MIMEDefang includes SA integration.

Re: Dealing with low scoring spam - tighter MTA integration

--On Thursday, March 05, 2009 7:43 AM +0100 Andrzej Adam Filip wrote: What I would like to see is a option to make spam assassin to produce "weighted scores" based on subset of all tests capable to work on subset of the "final data" available *before* message headers&body are transfered in SMT

Re: Dealing with low scoring spam - tighter MTA integration

--On Thursday, March 05, 2009 10:31 PM +0100 Andrzej Adam Filip wrote: I try hard to preach that SA methodology of creating "spam score" based on weighted tests *CAN* be applied at this point too. I would like too apply such test in milter (MIMEDefang) that uses SA anyway in my installation.

Re: interesting flash attack in spam

--On Thursday, March 19, 2009 5:41 AM -0700 John Hardin wrote: Hence my subsequent suggestion for an HTML tag scoring plugin. That _would_ be context-sensitive and I'd feel safe giving an OBJECT tag 20 points that way. I'd love to see a plugin like this that could flag syntax issues like un

Re: New kind of spam

On Thursday, March 26, 2009 8:10 AM -0700 John Hardin wrote: That too is unusual enough to be a good spam sign. There are also existing rules for high image-to-text ratios. I wonder if tag-to-text ratio is a good spam sign? Another possible advantage of having a tag-parsing plugin.

Blacklisting Cyrillic

I'd like to score anything in Windows-1251 fairly high, as I don't expect to get anything legitimate in that charset. How can I read the charset declared in a Subject header, or in a MIME part, for matching in a rule? The only tools I see are ok_locales and CHARSET_FARAWAY, but those seem like

Re: Blacklisting Cyrillic

On Thursday, March 26, 2009 8:34 PM -0400 Jeff Mincy wrote: Try Subject:raw to inhibit decoding? Thanks! I figured there must be some fine print I was missing.

Re: Blacklisting Cyrillic

--On Friday, March 27, 2009 3:30 AM +0100 KarstenBräckelmann wrote: There aren't many. Can you read any but the western ones? Then add it. Oh, and yes, western includes all those language specific stuff like German, French, Finland, etc chars. What's needed for Asian charsets? I'm not yet re

Pastebin for spam examples

--On Saturday, March 28, 2009 3:32 PM -0700 RobertH wrote: pastebin said the headers tripped the spam filter so i have to post this way... I've seen this complaint before. Perhaps SA or one of the other anti-spam websites could host a pastebin for spam examples, that explicitly does NOT ru

RFC's suck

This video was recently posted to the MIMEDefang list, and illustrates how bad the RFC's for mail format are. No wonder SA has such trouble deciding what's spam and what's legitimate. NOTHING is legitimate, due to problems with the standards. (And this doesn't even discuss SMTP, just the format

Re: RFC's suck

--On Monday, March 30, 2009 7:52 PM +0100 Rik wrote: The MAIL RFC's were conceives a long time ago and have had some changes. Sure - the mail system is not ideal - however, with no RFC's we would end up with closed, stupid proprietary systems that don't talk. Microsoft Exchange is one reason

Re: RFC's suck

On Monday, March 30, 2009 2:13 PM -0600 LuKreme wrote: The changes (RFC2822) did not change enough. What is really needed is SoSMTP (Son of SMTP) defined for port 26. It would be 8bit compatible and would NOT be backward compatible with current SMTP. It would not have folding of headers line

Re: Pastebin for spam examples

On Monday, March 30, 2009 10:15 PM +0200 KarstenBräckelmann wrote: There's a reason, pastebins (just like URL shortener services) are implementing spam filtering and various other spam/bulk counter- measures. That's because they have been abused by spammers. Creating a dump to put your spam i

Re: RFC's suck

--On Tuesday, March 31, 2009 3:03 AM -0600 LuKreme wrote: Because the idea is to be able to simply retire the current SMTP and that will be a lot simpler if the new service is on a new port. It will also be much easier to justify. You're reminding me how long it's taking to get IPv6 adopted.

Re: RFC's suck

On Thursday, April 02, 2009 12:53 AM +0200 mouss wrote: Spam is a social problem, and social problems can't be solved by technical means only. technology des certainly help, to some extent. One of the ways technology can help is by increasing the cost of spam. SA has already done that by ma

Re: RFC's suck

On Thursday, April 02, 2009 12:13 PM -0600 LuKreme wrote: You should be sending mail out through your ISP which should be accepting your outbound mail as from you since they know who you are. Once your ISP (with their correctly configured SASL enabled mailserver) passes it along to the next s

Re: RFC's suck

--On Saturday, April 04, 2009 9:11 PM +0100 Nix wrote: I hasten to point out (a little late) that the talk itself was excellent and hiliarious, but that you need excellent eyes or telepathy to grasp it all without the slides. Agreed. The presenter is very entertaining and the poor quality of

Re: spam and carbon emissions

--On Wednesday, April 15, 2009 4:22 PM +0100 Martin Hepworth wrote: Interesting article http://www.newscientist.com/article/dn16951-spam-tramples-environment-wit h-huge-carbon-footprint.html?DCMP=OTC-rss&nsref=online-news I wonder how they figure out the transmission costs are are doing someth

Re: Titter invite spam

--On Monday, June 22, 2009 5:59 PM -0700 John Hardin wrote: On Mon, 22 Jun 2009, Cerebus wrote: The zip file contains a file with the name: document.pdf .exe (note the long run of spaces) My security sanitizer would quarantine that. http:/

Re: Any one interested in using a proper forum?

On Thursday, July 30, 2009 2:01 PM -0700 ktn wrote: Actually I think Nabble is great for those of us who can't handle the traffic of the whole mailing list. Or you could use a news reader pointed at Gmane's news server and subscribe to the SA newsgroups. A web interface is available here:

Re: large unicode email nails CPU

--On Tuesday, August 04, 2009 2:17 PM +1200 Jason Haar wrote: strace shows spamd running around looking for unicore/lib/gc_sc files - which is related to unicode "stuff". I don't know if that's the problem - but that's all I could find. This looks like a good candidate to open a Bugzilla for

Pet photo signatures

This just seems like another good way to sneak spam through: I love to share photos of my cat, but I don't want to choke up the email system with them, esp. if it enables spammers one more avenue to piggyback their crap on.

Geographical distance

A recent thread on spam detection suggested that geographical distance from sender to recipient correlates with spam, and that spammers tend to cluster geographically. Are there any plugins that can calculate these distances? I suppose the output would be two rules (or two sets of rules, with mu

Using ASN plugin on internal SA scanner

--On Thursday, August 06, 2009 2:53 PM -0400 Michael Scheidell wrote: enable the ASN plugin.. it will create bayes tokens. then train your system, any ASN that sends you mostly spam will hit bayes_>50%? Is there a way to get the ASN plugin to report on other than the first hop in the heade

Subject keyword plugin?

Is there a plugin that can read a text file of keywords, one per line, and build the equivalent Perl regex rule for keywords in the Subject line?

SpamAssassin is not a filter

From : SpamAssassin is a mature, widely-deployed open source project that serves as a mail filter to identify Spam. SpamAssassin uses a variety of mechanisms including header and text analysis, Bayesian filtering, DNS blocklists, and collaborative filtering

Google feedproxy redirector abuse

I've been seeing pill spam with lots of identical URIs pointing at feedproxy.google.com over the last week or two. All the URI's seem to be this (leading http slash slash removed): feedproxy.google.com/~r/CraigslistHoustonAllForSale/WantedSearchquothealthquot/~3/3yX2enlGlyE/ I've no idea where

Re: Google feedproxy redirector abuse

--On Monday, November 16, 2009 10:27 AM -0800 John Hardin wrote: meta MANY_GOOG_PROXY __FEEDPROXY > 5 Got one with exactly 5 today. Looks like they're learning.

Low-scoring discount ED spam

I've been getting regular spam that advertises a percentage discount for ED in the subject line, and names the ED in the From line. It consistently fails to breach the 5.0 score line and keeps showing up in my regular Inbox. I think I have the latest code and rules. Am I suffering from the cur

Re: Low-scoring discount ED spam

--On Tuesday, May 04, 2010 4:22 AM +0100 RW wrote: Are you training BAYES? A lot of these are hitting BAYES_50 or even BAYES_00. I've been copying them into my "Uncaught" folder which is run with "sa-learn --spam --mbox" each night. I just noticed that my Uncaught folder is huge and has l

Re: Low-scoring discount ED spam

--On Wednesday, May 05, 2010 11:29 AM +0200 Matus UHLAR - fantomas wrote: do you wipe bayes database often? If not, it's not needed to retrain on all messages, since they are not forgotten. I don't recall ever deleting the DB. It's my understanding that sa-learn remembers which messages it'

Re: percentage off spam

--On Tuesday, May 18, 2010 10:59 AM -0400 Charles Gregory wrote: I agree that full smaples are needed. The % Subject alone is not enough. But I would expect there is something 'common' to the body that would combine in a meta rule for decent score with minimal fp... So throw some examples up

Novel indentation

I'm getting some nonsense spams that contain a big block of text/plain and matching HTML part, and the text/plain part has an interesting indentation pattern: The first line is indented with a single space, and all subsequent lines start with 3 spaces: Debate Over Vaccines And Autism/ADD Exper

Re: blizzard (and others) faux messages

--On Tuesday, June 29, 2010 11:17 AM +0200 Mark Martinec wrote: What I want: 1) Message from blizzard that has no dkim gets scored +10 adsp_override blizzard.com custom_high I just checked some recent messages and found that auto-replies from the ha...@blizzard.com address (to which on

Re: blizzard (and others) faux messages

--On Tuesday, June 29, 2010 2:37 PM -0700 John Hardin wrote: So it sounds like they're not sending everything through the same system. Time to post a report about that in one of their game forums. (Which one? Suggestions? Bug Reports? Customer Support? I think the last one, as that's where the

Testing for existence of header

Shows how to test for text associated with a header. How do I test if the header is present at all? (Or not present?)

SA for World of Warcraft?

I recall at one time someone proposing a kind of SA for IRC spam. I play World of Warcraft and spam is a big problem in the game. People spam the in-game chat channels, which are like IRC, with ads selling game "gold" and leveling services. I'd love to see an "SA Lite" that could match the mo

Re: rpmbuild spamassassin

--On Wednesday, September 03, 2008 11:16 AM +0100 David Carvalho <[EMAIL PROTECTED]> wrote: Hi! since you guys told be that version 3.1.8 wasn't receiving updates because it's to old, I trying to upgrade spamassassin. Since I can't upgrade the server (I'm using Fedora 3), I've downloaded the la

Re: Erroneous doubled letters in subject

--On Monday, September 15, 2008 10:36 AM +0100 Justin Mason <[EMAIL PROTECTED]> wrote: good tip! I've just added PR_TD_NOWRAP and PR_TD_NOWRAP_BAT to test these out... Cool! I've added it as a test rule in my environment and will bump up the score once I see how it goes. For others lookin

RE: Erroneous doubled letters in subject

--On Monday, September 15, 2008 1:26 PM -0700 RobertH <[EMAIL PROTECTED]> wrote: Are these rules we can keep there indefinitely, or do they get migrated into future SA releases and should be removed? Also, I notice on SA 3.2.5 there were several linting issues. Ill look closer at the warnings

RE: Erroneous doubled letters in subject

--On Tuesday, September 16, 2008 10:16 AM +0100 "Randal, Phil" <[EMAIL PROTECTED]> wrote: I should make clear that PR_TD_NOWRAP does hit some ham here, so perhaps it would be better named __PR_TD_NOWRAP. What sources the ham that hits? What legitimately stuffs that string in email? Is it l

Re: Erroneous doubled letters in subject

On Wednesday, September 17, 2008 4:02 PM +0100 Justin Mason <[EMAIL PROTECTED]> wrote: This is just in the dev ruleset -- for 3.3.0 -- so you're best off adding it manually. right now it's like this: # thanks to Phil Randal on the users list for this tip rawbody __PR_TD_NOWRAP // m

developmentgrou spam

Here's a rule that's working pretty well for me: # /etc/mail/spamassassin/developmentgrou.cf body KP_DEVELOPMENTGROU /[EMAIL PROTECTED],20}\.ru/ describe KP_DEVELOPMENTGROU Requests email to Russian developmentgrou score KP_DEVELOPMENTGROU 1.0 I'll be bumping up the score today.

Re: Help Required

On Friday, October 03, 2008 9:31 PM +0200 Kai Schaetzl <[EMAIL PROTECTED]> wrote: I figure it's neither Enterprise resource planning, This would be my guess. It would make sense to email status in much the way a revision control server would email commit notices. Because such information m

Windows Live Spaces spam

I'm seeing a lot of spam today with a throwaway URI from Windows Live Spaces (spaces.live.com subdomain). I'm considering adding a rule to my personal server to just drop all mail with WLS links. Is this likely to be a temporary problem? Does anyone use WLS?

Validating XML email

I noticed some spam using XHTML, which I understand is HTML with stricter XML validation rules. Just out of curiosity, I ran it through the W3C Validator and it had quite a few errors. Now if someone goes to the trouble of claiming their mail is XHTML, then it seems

Re: Validating XML email

On Tuesday, October 21, 2008 4:22 PM +0100 Justin Mason <[EMAIL PROTECTED]> wrote: I heard a stat recently (possibly via Matt Cutts?) that only ~4% of web pages validate. I wouldn't be surprised if email HTML is even worse, given the state of HTML renderers in the various MUAs. so this may no

Re: Validating XML email

On Wednesday, October 22, 2008 11:31 AM +0200 Kai Schaetzl <[EMAIL PROTECTED]> wrote: This is far away from reality. What makes you think that XHTML mail would be any better formed than HTML? I bet some makers of those many crap HTML web mailers will just rename the Doctype if a client asks t

<    1   2   3   4   >