Re: spam filter problem
Karl Runge writes: It is possible you have an oddly named file ^Subject: (ADV:) that contains those missing ~ 100 emails of yours. You're right! $ ls -l *Sub* -rw---1 jrv jrv 2555170 May 13 19:26 ^Subject: Thank you very much! - Jim Van Zandt * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: spam filter problem
Thanks for all the replies. need a * here, don't you? ^Subject: (ADV:) Right! Ben Boulanger and Karl Runge spotted this one. I rewrote it this way: :0 H # recognize junk mail by subject * ^Subject: (ADV:) Mail/junk-subject With this change, the rules seem to be working. :0 H # foreign language junk mail * charset=.ks_c_5601-1987. Not sure about this one... what's the actual header line look like for this? \. is needed if you want to match a ., but.. I'm not familiar with the header you're going for.. Maybe a quarter of my spam is in some foreign language, and includes a header line like this: Content-Type: text/html; charset=ks_c_5601-1987 I've also added this rule :0 B # some worm * TVqQAAME//8AALgAQAAA Mail/junk-worm ...which caught four messages out of the last batch. But that was over half a megabyte of data! I've since redirected it to /dev/null. Thanks again! - Jim Van Zandt * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: spam filter problem
Rich Payne [EMAIL PROTECTED] writes: you may want to have a look at razor (http://razor.sourceforge.net/). It's a distributed SPAM checking system. I noticed this a while back, and it looks very interesting. However just the other day I read a comment at Slashdot that someone has been poisoning the razor database, so that it labeled some legitimate mailing list postings as spam. There's also a razor-report program that allows you to feed new SPAM messages into the systems. I've been hoping someone would integrated this into RMAIL in Emacs, so with a single keystroke I could delete the mail and report it as spam at the same time. Of course, that also makes it easy to report by mistake. Maybe that's what's behind the Slashdot comment. I suppose one could require two spam reports or something. Mark Komarinski [EMAIL PROTECTED] writes: I heartily recommend spamassassin. It used a variety of weightings to see if the mail you have is spam. For example, if the mail is listed in Razor, it's worth 2 points... Sounds like the next step. Thanks for the pointers! - Jim Van Zandt * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: spam filter problem
(http://razor.sourceforge.net/). It's a distributed SPAM checking system. I noticed this a while back, and it looks very interesting. However just the other day I read a comment at Slashdot that someone has been poisoning the razor database, so that it labeled some legitimate mailing list postings as spam. Hmmm..while I don't know the whole razor system, so far I've not had any legit emails put into my SPAM folder. I don't delete the SPAM but rather redirect it and go through the folder every few days. I think it probably requires x reports from y different sites before a message gets added. As for slashdot, I beleive things posted on there about as much as I beleive the weekly world news (entertaining at times yes, but factual, I doubt it). --rdp -- Rich Payne http://talisman.mv.com * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
spam filter problem
I've been running a simple procmail filter to get rid of spam from some specific sites. The sample below only includes a few of the addresses, but even with the whole list it's no longer very effective. Last weekend I decided to tune it up to filter out more of the spam. I added the last three rules below. Out of the next batch of 116 emails, these rules eliminated 116. That's right - all the babies got thrown out with the bath water. Of course, I've commented out the new rules until I debug them. If someone has a non-risky way to test procmail rules, I'd appreciate hearing about it. Of course, if you see what I've done wrong I'd like to hear that too. - Jim Van Zandt :0 Whc: msgid.lock | formail -D 65536 .msgid.cache :0 * ^From:.*(assetmanagement.net|[EMAIL PROTECTED]|moreorders.com|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED])|^Subject:.*\$\$\$|^To: [EMAIL PROTECTED] |egrep '^(Subject|From|To):' Mail/junkheaders :0 B # recognize junk mail by content * (so dilghted when i|This game is my first work.) /dev/null :0 H # recognize junk mail by subject ^Subject: (ADV:) /dev/null :0 H # foreign language junk mail * charset=.ks_c_5601-1987. /dev/null * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: spam filter problem
I have no idea what's wrong with this...however you may want to have a look at razor (http://razor.sourceforge.net/). It's a distributed SPAM checking system. Basically you don't have to worry about keeping a list of the senders etcyou just use procmail to pass all your mail through razor-check, if it matches a known SPAM message you can have procmail do as you like with (direct to /dev/null etc...). There's also a razor-report program that allows you to feed new SPAM messages into the systems. While it doesn't work 100%, it does catch a lot of the usual stuff going around. --rdp On Thu, 16 May 2002, James R. Van Zandt wrote: I've been running a simple procmail filter to get rid of spam from some specific sites. The sample below only includes a few of the addresses, but even with the whole list it's no longer very effective. Last weekend I decided to tune it up to filter out more of the spam. I added the last three rules below. Out of the next batch of 116 emails, these rules eliminated 116. That's right - all the babies got thrown out with the bath water. Of course, I've commented out the new rules until I debug them. If someone has a non-risky way to test procmail rules, I'd appreciate hearing about it. Of course, if you see what I've done wrong I'd like to hear that too. - Jim Van Zandt :0 Whc: msgid.lock | formail -D 65536 .msgid.cache :0 * ^From:.*(assetmanagement.net|[EMAIL PROTECTED]|moreorders.com|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED])|^Subject:.*\$\$\$|^To: [EMAIL PROTECTED] |egrep '^(Subject|From|To):' Mail/junkheaders :0 B # recognize junk mail by content * (so dilghted when i|This game is my first work.) /dev/null :0 H # recognize junk mail by subject ^Subject: (ADV:) /dev/null :0 H # foreign language junk mail * charset=.ks_c_5601-1987. /dev/null * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. * -- Rich Payne http://talisman.mv.com * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: spam filter problem
On Thu, 16 May 2002, James R. Van Zandt wrote: If someone has a non-risky way to test procmail rules, I'd appreciate hearing about it. Don't send to /dev/null at first, send to something you can get to with your mail reader - ~/mail/filtered or something usually works for me. :0 H # recognize junk mail by subject need a * here, don't you? ^Subject: (ADV:) /dev/null :0 H # foreign language junk mail * charset=.ks_c_5601-1987. Not sure about this one... what's the actual header line look like for this? \. is needed if you want to match a ., but.. I'm not familiar with the header you're going for.. Ben -- Better a diamond with a flaw than a pebble without one. * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: spam filter problem
I heartily recommend spamassassin. It used a variety of weightings to see if the mail you have is spam. For example, if the mail is listed in Razor, it's worth 2 points, and if it came from a site listed in one of the RBLs, it's worth a few points, and so on. You can configure the weighting as you like (and the threshold where it's considered spam). Once all that's done, a simple .procmailrc setup and you're done. -Mark On Fri, 2002-05-17 at 12:06, Rich Payne wrote: I have no idea what's wrong with this...however you may want to have a look at razor (http://razor.sourceforge.net/). It's a distributed SPAM checking system. Basically you don't have to worry about keeping a list of the senders etcyou just use procmail to pass all your mail through razor-check, if it matches a known SPAM message you can have procmail do as you like with (direct to /dev/null etc...). There's also a razor-report program that allows you to feed new SPAM messages into the systems. While it doesn't work 100%, it does catch a lot of the usual stuff going around. --rdp On Thu, 16 May 2002, James R. Van Zandt wrote: I've been running a simple procmail filter to get rid of spam from some specific sites. The sample below only includes a few of the addresses, but even with the whole list it's no longer very effective. Last weekend I decided to tune it up to filter out more of the spam. I added the last three rules below. Out of the next batch of 116 emails, these rules eliminated 116. That's right - all the babies got thrown out with the bath water. Of course, I've commented out the new rules until I debug them. If someone has a non-risky way to test procmail rules, I'd appreciate hearing about it. Of course, if you see what I've done wrong I'd like to hear that too. - Jim Van Zandt :0 Whc: msgid.lock | formail -D 65536 .msgid.cache :0 * ^From:.*(assetmanagement.net|[EMAIL PROTECTED]|moreorders.com|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED])|^Subject:.*\$\$\$|^To: [EMAIL PROTECTED] |egrep '^(Subject|From|To):' Mail/junkheaders :0 B # recognize junk mail by content * (so dilghted when i|This game is my first work.) /dev/null :0 H # recognize junk mail by subject ^Subject: (ADV:) /dev/null :0 H # foreign language junk mail * charset=.ks_c_5601-1987. /dev/null * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. * -- Rich Payne http://talisman.mv.com * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. * * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: spam filter problem
On Fri, 2002-05-17 at 12:51, Mark Komarinski wrote: I heartily recommend spamassassin. It used a variety of weightings to see if the mail you have is spam. For example, if the mail is listed in Razor, it's worth 2 points, and if it came from a site listed in one of the RBLs, it's worth a few points, and so on. You can configure the weighting as you like (and the threshold where it's considered spam). I'll second this. I've been using spam assassin in conjunction with razor for about a month now. Only 1 or 2 false positives, and I'd say there's been about 97% rate of correct catches. -- Some Axiom: The intelligence of the world is a constant. The population is increasing. Cole Tuininga Lead Developer Code Energy, Inc [EMAIL PROTECTED] PGP Key ID: 0x43E5755D * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *