Re: bayes scroing too low
On Sun, 31 Aug 2014 12:20:41 +0200, Axb axb.li...@gmail.com wrote: Axb get the source from http://razor.sourceforge.net/ I don't recommend Axb installing via some rpm. The last version mentioned on that site is 2.84, from May 2007. strangely, the version on current Debian packages is 2.85. Anyone know what's going on here? -- Please *no* private copies of mailing list or newsgroup messages. Local Variables: mode:claws-external End:
punctuation in subjects
Messages with question marks and spaces have been showing up in my inbox on another account. To blacklist these [? ] would take care of those characters in a Subject: line. Would such a regular expression effectively blacklist any message having just those two kinds of characters in its Subject: line in any combination? The ultimate blacklist entry for such messages would include all punctuation and the space character. These messages are written in fonts not translated by us-ascii or unicode, so I'd be open to blacklisting based on national origin of messages as well but think both kinds of blacklist entries will need to be used in order to shut this traffic off permanently. The other internet service provider runs his system wide open and users have to use spamassassin to deal with the consequences.
Re: bayes scroing too low
On 09/01/2014 07:39 AM, Ian Zimmerman wrote: On Sun, 31 Aug 2014 12:20:41 +0200, Axb axb.li...@gmail.com wrote: Axb get the source from http://razor.sourceforge.net/ I don't recommend Axb installing via some rpm. The last version mentioned on that site is 2.84, from May 2007. strangely, the version on current Debian packages is 2.85. Anyone know what's going on here? According to http://sourceforge.net/projects/razor/files/razor-agents/ there is indeed a 2.85 version. changes file file states: Relicense under Artistic License 2.0. See LICENSE for details. What does diff say?
Re: SA works great!
Unfortunately if Bayes is not turned on, it does not catch more than around 60-70% of spam. As a Spamassassin user server admin, I would really like to see that improve. As a matter of interest, how can one turn Bayes on/off? I take it that the appearance of BAYES_99, etc, in headers shows that Bayes is turned on? As far as I can see, the only mention of Bayes in my SA configs is the line bayes_path /home/tim/.spamassassin/bayes that I added to ~/.spamassassin/user_prefs . -- Timothy Murphy e-mail: gayleard /at/ eircom.net School of Mathematics, Trinity College, Dublin 2, Ireland
Re: punctuation in subjects
On Mon, 2014-09-01 at 03:17 -0400, Jude DaShiell wrote: Messages with question marks and spaces have been showing up in my inbox on another account. To blacklist these [? ] would take care of those characters in a Subject: line. Would such a regular expression effectively blacklist any message having just those two kinds of characters in its Subject: line in any combination? No: a regex along these lines /[? ]/ will hit all subject lines containing either a space or a question mark, i.e. just about every subject line you'll ever see. This one /[? ].*[? ]/ will only hit subjects with both characters in any order, but is probably also far too general to use by itself. Make it a subrule (name starts double underscore) and use a metarule to combine it with another subrule that fires on something that usually only appears in spam and you may have the basis of something more useful. Metarules are useful. For instance one that must find a product name and a sales phrase in the message to fire will distinguish sales spam from a message from a friend raving about a new widget he's just bought. Learn to use them rather than relying on a single regex to recognise spam. Martin The ultimate blacklist entry for such messages would include all punctuation and the space character. These messages are written in fonts not translated by us-ascii or unicode, so I'd be open to blacklisting based on national origin of messages as well but think both kinds of blacklist entries will need to be used in order to shut this traffic off permanently. The other internet service provider runs his system wide open and users have to use spamassassin to deal with the consequences.
Re: SA works great!
Am 01.09.2014 um 13:19 schrieb Timothy Murphy: Unfortunately if Bayes is not turned on, it does not catch more than around 60-70% of spam. As a Spamassassin user server admin, I would really like to see that improve. As a matter of interest, how can one turn Bayes on/off? I take it that the appearance of BAYES_99, etc, in headers shows that Bayes is turned on? As far as I can see, the only mention of Bayes in my SA configs is the line bayes_path /home/tim/.spamassassin/bayes that I added to ~/.spamassassin/user_prefs use_learner 0 use_bayes 0 use_bayes_rules 0 bayes_use_hapaxes 0 bayes_auto_expire 0 bayes_auto_learn 0 bayes_learn_during_report 0 signature.asc Description: OpenPGP digital signature
Re: SA works great!
On Monday, September 01, 2014 01:28:24 PM Reindl Harald wrote: As a matter of interest, how can one turn Bayes on/off? use_learner 0 use_bayes 0 use_bayes_rules 0 ... Thanks very much. I learn something new almost every time you respond! But someone complained that SA did not work well if Bayes were turned off, so I thought this must be something one might do by mistake. Now it seems a bit like saying that the internet does not work well if the router is turned off ... -- Timothy Murphy e-mail: gayleard /at/ eircom.net School of Mathematics, Trinity College, Dublin 2, Ireland signature.asc Description: This is a digitally signed message part.
Re: SA works great!
On 09/01/2014 02:18 PM, Timothy Murphy wrote: use_bayes 0 this the master switch the rest are not necessary if use_bayes ise set to 0
Re: SA works great!
On 1. sep. 2014 14.19.23 Timothy Murphy gayle...@alice.it wrote: On Monday, September 01, 2014 01:28:24 PM Reindl Harald wrote: As a matter of interest, how can one turn Bayes on/off? use_learner 0 use_bayes 0 use_bayes_rules 0 Check all pre files, might be there in a loadplugin, coment it, check its still lint, restart spamd, done Thanks very much. I learn something new almost every time you respond! But someone complained that SA did not work well if Bayes were turned off, so I thought this must be something one might do by mistake. Now it seems a bit like saying that the internet does not work well if the router is turned off ... Depends on rules used
Re: sa-learn and find
On 31 Aug 2014, at 18:16 , Ian Zimmerman i...@buug.org wrote: find /home/${i}/Maildir/.notspam -type f -mtime -7 | xargs -r sa-learn --ham -u ${i} Right. Doh. I got so held up in running find under sa-learn... Well, that does make thins a lot easier, doesn't it. Thanks for your patience. -- There will always be women in rubber flirting with me.
Re: punctuation in subjects
On Mon, 1 Sep 2014, Martin Gregorie wrote: On Mon, 2014-09-01 at 03:17 -0400, Jude DaShiell wrote: Messages with question marks and spaces have been showing up in my inbox on another account. To blacklist these [? ] would take care of those characters in a Subject: line. Would such a regular expression effectively blacklist any message having just those two kinds of characters in its Subject: line in any combination? No: a regex along these lines /[? ]/ will hit all subject lines containing either a space or a question mark, i.e. just about every subject line you'll ever see. This one /[? ].*[? ]/ will only hit subjects with both characters in any order, but is probably also far too general to use by itself. Make it a subrule (name starts double underscore) and use a metarule to combine it with another subrule that fires on something that usually only appears in spam and you may have the basis of something more useful. Maritin's proposed rule would hit a string that contained at least two '?' or space characters as well as other characters. (EG: '?junk?' or 'this one hit'). If you want to be sure to hit subjects that contain ONLY question marks and spaces (and at least one of each) it will take two sub-rules combined into a metarule. EG: header__SUBJECT_SPACE_QM Subject =~ /(?:\? | \?)/ header __SUBJECT_MORE_THAN_SP_QM Subject =~ /[^? ]/ meta SUBJECT_SPACE_QM __SUBJECT_SPACE_QM ! __SUBJECT_MORE_THAN_SP_QM (untested) FWIW, I would expect such a rule to have a limited useful life-span. Now that it's been discussed here spammers will adapt their garbage to avoid it (IE add one other kind of character to the subject, etc). Spammers do monitor this list and just the act of disussing spam characteristics can cause them to adapt their tactics. -- Dave Funk University of Iowa dbfunk (at) engineering.uiowa.eduCollege of Engineering 319/335-5751 FAX: 319/384-0549 1256 Seamans Center Sys_admin/Postmaster/cell_adminIowa City, IA 52242-1527 #include std_disclaimer.h Better is not better, 'standard' is better. B{
Re: punctuation in subjects
On Mon, 1 Sep 2014, Jude DaShiell wrote: Messages with question marks and spaces have been showing up in my inbox on another account. There are base-SA rules for subjects like that. Would you post a sample to pastebin so we can see if there's a new variant and those rules need modification? Thanks. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- You do not examine legislation in the light of the benefits it will convey if properly administered, but in the light of the wrongs it would do and the harms it would cause if improperly administered. -- Lyndon B. Johnson --- 823 days since the first successful private support mission to ISS (SpaceX)
Pyzor errors after upgrade
System is Ubuntu 14.04 LTS I use fetchmail linked with procmail. Once mail is tossed to my other folders what's left is run through SA and tossed either into my Inbox or my Spam folder. Yesterday morning I upgraded to the newest version of Pyzor using this command: pip install --upgrade pyzor Since then I've been seeing this in my syslog: Aug 31 10:02:43 localhost spamd[2645]: pyzor: check failed: internal error, python traceback seen in response Aug 31 10:07:02 localhost spamd[2645]: pyzor: check failed: internal error, python traceback seen in response Aug 31 10:35:38 localhost spamd[2645]: pyzor: check failed: internal error, python traceback seen in response The version of Pyzor shown is: /usr/local/bin/pyzor 0.8.0 Permissions on the ~/.pyzor/servers files and directory is: drwxr-x--- 2 chris chris 4096 Jul 17 09:28 .pyzor -rw-r- 1 chris chris 23 Jul 17 09:28 servers Any assistance would be appreciated even a 2x4 upside the head. I'm not sure how to get to the python traceback that's mentioned. Chris -- Chris 31.11°N 97.89°W (Elev. 1092 ft) 22:14:39 up 2 days, 18 min, 2 users, load average: 0.05, 0.10, 0.22 Ubuntu 14.04 LTS, kernel 3.13.0-35-generic
Re: Pyzor errors after upgrade
On Mon, 1 Sep 2014, Chris wrote: System is Ubuntu 14.04 LTS I use fetchmail linked with procmail. Permissions on the ~/.pyzor/servers files and directory is: drwxr-x--- 2 chris chris 4096 Jul 17 09:28 .pyzor -rw-r- 1 chris chris 23 Jul 17 09:28 servers Are you using this with spamc/spamd, or spamassassin-per-message? If the former, what user is spamd running as? -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- ...much of our country's counterterrorism security spending is not designed to protect us from the terrorists, but instead to protect our public officials from criticism when another attack occurs. -- Bruce Schneier --- 823 days since the first successful private support mission to ISS (SpaceX)