On 13.06.08 10:56, Chris St. Pierre wrote:
In v310.pre, we had this:
loadplugin Mail::SpamAssassin::Plugin::Pyzor
...amongst many other loadplugin lines. Through trial-and-error, I've
determined that commenting out the Pyzor line (along with the pyzor
config lines in local.cf) solves the
mouss [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED]
Mike Cisar wrote:
Hi All,
Have been trying to write a regex for a custom rule to catch a particular
spam that's been annoying the heck out of me.
I've got about 6 body rules and have narrowed the problem down to the regex
Matt Hampton writes:
Benny Pedersen wrote:
sanesucureity should make sa-channels :-)
Had a quick look at this and the signatures should be fairly
straighforward to convert to SA rules - has anyone got a script that
takes a string and then turns it in to a regular expression - I'm
John Hardin writes:
Folks:
I tried posting this to [EMAIL PROTECTED] but it bounced...
I'm seeing recent 419 spams (e.g. the ATM Card variant) making it
through SA lately. It hits BAYES_99, but no SARE rules.
Are these rules defunct?
Suggestion: grabbing Justin Mason's SOUGHT
No one has an idea ?
Christian.
- Original Message
From: Christian Gregoire [EMAIL PROTECTED]
To: users@spamassassin.apache.org
Sent: Tuesday, June 10, 2008 5:53:09 PM
Subject: MID DEGREES rule
Hello,
Would someone please explain me why this rule exists ?
##{ MID_DEGREES
header
Hi
a list user offered an fix to help sort out bounce messages.
in my mail logs i see
Jun 16 10:23:54 proteus2 spamd[14855]: config: not parsing,
'allow_user_rules' is 0: meta BOUNCED_SPAM (ANY_BOUNCE_MESSAGE BAYES_99)
meta BOUNCED_SPAM (ANY_BOUNCE_MESSAGE BAYES_99) is in user_prefs for
On 14.06.08 14:53, Greg Troxel wrote:
I've found that SA works well by default, except that I'm really
intolerant of any spam in my inbox, so I use thresholds that others
consider unreasonably low. I retrain on all spam and all ham daily
(moving uncaught spam to a spam.manual group, letting
It was observed in spam, with no hits observed in ham. Please open
a bug on the bugzilla, and attach complete ham samples, to get this
fixed...
--j.
Christian Gregoire writes:
No one has an idea ?
Christian.
- Original Message
From: Christian Gregoire [EMAIL PROTECTED]
To:
On Mon, June 16, 2008 09:43, Matus UHLAR - fantomas wrote:
On 13.06.08 10:56, Chris St. Pierre wrote:
I don't think that problem with not tagging your messages is anyhow related
to pyzor. I guess it's caused by postfix configuration, but I don't use
postfix so I can not comment that out.
i
On Mon, June 16, 2008 11:51, Obantec Support wrote:
full rule
meta BOUNCED_SPAM (ANY_BOUNCE_MESSAGE BAYES_99)
meta BOUNCED_SPAM (ANY_BOUNCE_MESSAGE (BAYES_60 || BAYES_80 || BAYES_95 ||
BAYES_99))
score BOUNCED_SPAM 4.0
meta BOUNCED_SPAM_MID (ANY_BOUNCE_MESSAGE (BAYES_40 || BAYES_50))
On Sun, June 15, 2008 19:19, Chris wrote:
Are you running the ClamAv plug-in? It catches all of those here on my box.
On 15.06.08 20:31, Benny Pedersen wrote:
should not hit there, since 2 things:
1: its not a virus
clamav tries to hit phishes too. and it's quite good at it...
2:
On Mon, June 16, 2008 02:55, John Hardin wrote:
They *did not* hit for me. I've published one of the messages here:
http://www.impsec.org/~jhardin/atm_spam_01.txt
pts rule name description
-- -
1.7
furban wrote:
Hi,
I would like to reduce the size of my bayes db.
The filesize of the bayes_seen.MYI is now near 1GByte.
# sa-learn -u filter --dump magic
0.000 0 3 0 non-token data: bayes db version
0.000 0 38413200 0 non-token data: nspam
Obantec Support wrote:
Hi
a list user offered an fix to help sort out bounce messages.
in my mail logs i see
Jun 16 10:23:54 proteus2 spamd[14855]: config: not parsing,
'allow_user_rules' is 0: meta BOUNCED_SPAM (ANY_BOUNCE_MESSAGE
BAYES_99)
meta BOUNCED_SPAM (ANY_BOUNCE_MESSAGE
OK,
seemed that i will do the same like I have done with the AWL DB
There I added a Date/Time Row and deleting out everything not used for
longer than 2 month
Chang the database
ALTER TABLE `awl` ADD `lastupdate` TIMESTAMP NOT NULL ;
run a cronjob
echo USE spamassassin; DELETE FROM awl WHERE
Chris wrote:
Hopefully I did this correctly, I came up with this:
[EMAIL PROTECTED] perl5]$ grep -r 'Log::Agent' *
[results snipped]
Seems probable that the only thing in that directory (and its
subdirectories) using Log::Agent is Storable. And that sue is
optional.
You could search for
I looks good
ALTER TABLE `bayes_seen` ADD `lastupdate` TIMESTAMP NOT NULL ;
DELETE FROM bayes_seen WHERE lastupdate = DATE_SUB(SYSDATE(), INTERVAL 2
DAY);
but there is still a large bayes_token DB with also more than 200MB. Is
there also a way to reduce that?
Does a cronjob with
sa-learn -u
I talked with Amy offline and she sent me the raw message. I figured
out what happened:
FRT_ROLEX fired (at 3.1 points), as it did when kintera evaluated:
[11035] dbg: rules: ran body rule FRT_ROLEX == got hit: Roll Ex
Searching in the message, I found a list with ... Honor Roll followed
Just noticed a new (to me) Geocities obfuscation technique that uses
embedded relative path(s):
http://geocities.com/./qryz/../cristinasantiago49/?q=u-og3sygmores7rhqzn5ba
That breaks my own subsite extraction code. :(
The pedantic part of my brain wants to rewrite my code to
auto-adjust
Hi,
running FreeBSD I have two directories with rules in it:
/usr/local/share/spamassassin
/var/db/spamassassin/3.002005/updates_spamassassin_org
Which is the correct directory, which rules are used?
Thanks, Helmut
--
No Swen today, my love has gone away
My mailbox stands for lorn, a symbol
At 08:06 16-06-2008, Chip M. wrote:
Just noticed a new (to me) Geocities obfuscation technique that uses
embedded relative path(s):
http://geocities.com/./qryz/../cristinasantiago49/?q=u-og3sygmores7rhqzn5ba
That breaks my own subsite extraction code. :(
[snip]
Other than borked mailing
On Mon, 16 Jun 2008, Matus UHLAR - fantomas wrote:
I don't think that problem with not tagging your messages is anyhow related
to pyzor. I guess it's caused by postfix configuration, but I don't use
postfix so I can not comment that out.
Baroo? Using pyzor - suckage; not using pyzor - no
I noticed that the sought rules compile faster in 3.2.5
Typically 5 to 7 minutes faster which translates to roughly 1/3
Does anyone else notice this?
Is there a specific reason why?
:-)
- rh
On Mon, June 16, 2008 15:04, furban wrote:
Chang the database
ALTER TABLE `awl` ADD `lastupdate` TIMESTAMP NOT NULL ;
So I thing I can do the same with bayes_seen.
yes same can be done with bayes_seen, no problem, just dont expire one day old
seens, i keep 6 month backlogs
Benny Pedersen
Yeah, it's easy enough doing that conversion -- let us know if he's
happy for that to happen. It'd be a good way to port those sigs
to SpamAssassin
--j.
JM,
Would that be announced on the list somehow?
Many of us use the CLAMAV SA plugin with those sigs already, and I think it
On Mon, June 16, 2008 15:04, furban wrote:
Chang the database
ALTER TABLE `awl` ADD `lastupdate` TIMESTAMP NOT NULL ;
So I thing I can do the same with bayes_seen.
yes same can be done with bayes_seen, no problem, just
dont expire one day old seens, i keep 6 month backlogs
What good
Does a larger Bayes DB add significant processing overhead to SA cpu needs?
Or are people mainly talking about it today only because of size reduction
needs?
- rh
On 16/06/2008 10:12 AM, Helmut Schneider wrote:
Hi,
running FreeBSD I have two directories with rules in it:
/usr/local/share/spamassassin
/var/db/spamassassin/3.002005/updates_spamassassin_org
Which is the correct directory, which rules are used?
Both and both.
Rules obtained via
On Mon, June 16, 2008 15:04, furban wrote:
Chang the database
ALTER TABLE `awl` ADD `lastupdate` TIMESTAMP NOT NULL ;
So I thing I can do the same with bayes_seen.
yes same can be done with bayes_seen, no problem, just
dont expire one day old seens, i keep 6 month backlogs
What good
John Hardin wrote:
On Wed, 11 Jun 2008, SM wrote:
At 17:46 11-06-2008, Linda Walsh wrote:
How does one decided on 'trust'? I.e. I think it would be
useful to assign a probability to Trust at the least. I mean do I put
my ISP in my trusted server list? -- suppose they start
While checking my maillog this morning I found a couple errors that I could
not locate were the problem is coming from
Jun 16 10:50:33 ws096 spamd[3387]: prefork: child states:
Jun 16 10:50:33 ws096 spamd[3387]: prefork: server reached --max-children
setting, consider raising it
Jun
On Mon, 16 Jun 2008, Linda Walsh wrote:
John Hardin wrote:
On Wed, 11 Jun 2008, SM wrote:
At 17:46 11-06-2008, Linda Walsh wrote:
How does one decided on 'trust'? I.e. I think it would be
useful to assign a probability to Trust at the least. I mean do I
put
my ISP in my
Hi,
I am losing confident in SA, the training process is pretty slow or it
doesn't seem to be learning.
I am training SA with around 30-50 manually identified spam (moving spam
mails to and spam folder created in squirrelmail and crond the sa-train
command on that folder every hour to train and
NGSS wrote:
Hi,
I am losing confident in SA, the training process is pretty slow or it
doesn’t seem to be learning.
I am training SA with around 30-50 manually identified spam (moving
spam mails to and spam folder created in squirrelmail and crond the
sa-train command on that folder every
Giampaolo Tomassoni wrote:
-Original Message-
From: Leonardo Rodrigues Magalhães [mailto:[EMAIL PROTECTED]
Sent: Monday, June 16, 2008 2:52 AM
To: ML spamassassin
Subject: Re: rule based on time
John Hardin escreveu:
Yes. Write a regex that checks the time from of the Received:
On Tue, 17 Jun 2008, NGSS wrote:
I am training SA with around 30-50 manually identified spam (moving spam
mails to and spam folder created in squirrelmail and crond the sa-train
command on that folder every hour to train and delete them).
I would suggest hourly is too often (but that may be
I could be wrong, but I believe for the learning process to be useful,
you also need to learn HAM.
(IIRC, an equal amount of each.)
Evan
NGSS wrote:
Hi,
I am losing confident in SA, the training process is pretty slow or it
doesn’t seem to be learning.
I am training SA with around 30-50
Chip M. wrote:
Just noticed a new (to me) Geocities obfuscation technique that uses
embedded relative path(s):
http://geocities.com/./qryz/../cristinasantiago49/?q=u-og3sygmores7rhqzn5ba
That breaks my own subsite extraction code. :(
The pedantic part of my brain wants to rewrite my
HI,
Thanks for the response.
May I know how I can capture the output of the sa trainer ? I using the
follow script to do training,
cd /home/vpopmail/domains/$DOMAIN/$SPAM/Maildir/cur
/usr/bin/sa-learn --spam ./*
cp -a /home/vpopmail/domains/$DOMAIN/$SPAM/Maildir/cur/* $DIRCOLLECTSPAM
rm -rf
On Mon, 16 Jun 2008, Evan Platt wrote:
I could be wrong, but I believe for the learning process to be useful, you
also need to learn HAM.
(IIRC, an equal amount of each.)
Minimum 100 of each spam and ham. The balance should ideally reflect your
actual ham/spam balance.
--
John Hardin
On Mon, 16 Jun 2008, mouss wrote:
Chip M. wrote:
Just noticed a new (to me) Geocities obfuscation technique that uses
embedded relative path(s):
http://geocities.com/./qryz/../cristinasantiago49/?q=u-og3sygmores7rhqzn5ba
That breaks my own subsite extraction code. :(
/. is a unix
On Tue, 17 Jun 2008, NGSS wrote:
HI,
Thanks for the response.
May I know how I can capture the output of the sa trainer ?
Well, if you're running the script from cron, stdout and stderr should
automatically be emailed to the owner of the cron job - unless you are
explicitly redirecting
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
NGSS schrieb:
| I am losing confident in SA, the training process is pretty slow or it
| doesn?t seem to be learning.
I don't think training is your first and foremost problem.
It seems that you are not running network tests [1] (esp. RBLs),
From: Helmut Schneider [EMAIL PROTECTED]
Date: Mon, 16 Jun 2008 16:12:48 +0200
To: users@spamassassin.apache.org
Subject: sa-update and location of rules
Hi,
running FreeBSD I have two directories with rules in it:
/usr/local/share/spamassassin
Rob van der Linde wrote:
I've noticed just today that PHP has not been sending any mail at all
anymore if spamassassin is enabled. (I'm running it on Ubuntu Hardy,
through citadel, but everything is working fine there). I had a look
at /var/log/mail.log and it appears to be blocking the emails,
John Hardin wrote:
[snip]
They *did not* hit for me. I've published one of the messages here:
http://www.impsec.org/~jhardin/atm_spam_01.txt
true, but other rules hit, so there is no point to have specific sare rules.
without Bayes, a test on the message yields:
Content analysis
Hi,
I am losing confident in SA, the training process is
pretty slow or it doesn't seem to be learning.
I am training SA with around 30-50 manually identified
spam (moving spam mails to and spam folder created in
squirrelmail and crond the sa-train command on that
folder every hour to
http://www.keac.com/id3303/spam-egs.txt
3.0 RCVD_IN_XBLRBL: Received via a relay in Spamhaus XBL
[68.243.81.116 listed in zen.spamhaus.org]
Indeed.
Suggestion: put zen.spamhaus.org in your MTA's DNSBL list. That's a
reliable BL and should be part of
portupgrade -R p5-Mail-SpamAssassin.
freebsd 6.3-R
I used this, but various bits kept breaking so I added -k -v -f,
and now kerberos is messed up, killing ssh and telnet into the machine:
for sshd:
/libexec/ld-elf.so.1: shared object libkrb5.so.8 not found required by sshd
lots of
omehegan [EMAIL PROTECTED] wrote:
It looks like Hotmail and Gmail's captcha has been broken. I'm getting spam
using their domains as return addresses, and the messages pass SPF. I assume
there are other people getting these. I've attached two - the second one
doesn't even seem to be
Hi Jari,
This is impressive! I am impressed by the high score it got from your
machine's analysis. I think this is what I am looking for.
The lowest score among the rule is 0.9, it is well way of my 0.1 total
score. I think I really missed out quite a few things. May I know where I
can alter the
Hi John
I quite sure that the script is running and the variable in $DOMAIN and
$SPAM are correct ( I defined it early in the script, which are not shown
here) because the I got a copy for each them in $DIRCOLLECTSPAM and nothing
in the learning folder,
Hi John
I afraid I had move the ling -r zen.spamhaus.org from the
/var/qmail/control/blacklists .
Because with this line is in, I can't perform send/receive from most of the
external network using my Outlook. Is that what you talking about?
-Original Message-
From: John Hardin
Hi Jari,
This is impressive! I am impressed by the high score it
got from your machine's analysis. I think this is what I
am looking for.
The lowest score among the rule is 0.9, it is well way of
my 0.1 total score. I think I really missed out quite a
few things. May I know where I can
54 matches
Mail list logo