Reply versus new thread [Was: Dumping email with blank To: header ?]
Others have gracefully answered as to the substance of your message. I'll have to be a pest and ask that you please do not use "Reply" or "Followup" when you're starting a new topic. For list readers with user agents that thread the standard (RFC standard) way, that breaks threading. The way to start a new topic is to copy the list address, do a "New Message" or similar, and paste the address into the destination field. You can also save the address in your contact list / address book to avoid the copy and paste in the future. Thanks for your cooperation. -- Please *no* private copies of mailing list or newsgroup messages. Local Variables: mode:claws-external End:
Re: Dumping email with blank To: header ?
> On 04 Sep 2014, at 13:56 , Timothy Murphy wrote: > > On Thursday, September 04, 2014 11:26:01 AM LuKreme wrote: > >>> Is there a simple check to make sure salearn is working? >>> (I get the message that "192 messages have been examined", >>> and ~/.spamassassin/bayes_seen and bayes_tok are pretty large, >>> 300kB and 5MB.) > >> For the record, using sql for babes is considerably faster. > > Do you mean using SQL in some way would speed up salearn? More importantly, it speeds up the bayes checks on incoming spam. -- "you'd think you could trust a horde of hungarian barbarians"
Re: Dumping email with blank To: header ?
> On 04 Sep 2014, at 12:36 , Joe Quinn wrote: > > On 9/4/2014 1:51 PM, John Hardin wrote: >> On Thu, 4 Sep 2014, LuKreme wrote: >> >>> For the record, using sql for babes is considerably faster. >> >> Is that anything like "SQL for Dummies"? >> > I've heard good things about the Derek Zoolander Center for Kids who can't > SQL Good and who Wanna Learn to do Other Stuff Good too. I think I've gotten more comments on that not-typo, both onlist and off, than any email in recent memory. OS X autocorrect doesn't like the word "bayes" much. Heh. -- 'I don't see why everyone depends on me. I'm not dependable. Even I don't depend on me, and I'm me.'
Re: Dumping email with blank To: header ?
On Thu, 2014-09-04 at 10:59 -0700, jdow wrote: > On 2014-09-04 10:51, John Hardin wrote: > > On Thu, 4 Sep 2014, LuKreme wrote: > > > >> For the record, using sql for babes is considerably faster. > > > > Is that anything like "SQL for Dummies"? > > John, I was wondering if there was an SQL for boys, too. > > {O,o} Haven't seen you on a list in, well, years. You're still as witty as ever I see :) -- Chris 31.11°N 97.89°W (Elev. 1092 ft) 15:12:48 up 1 day, 6:43, 1 user, load average: 0.11, 0.18, 0.18 Ubuntu 14.04 LTS, kernel 3.13.0-35-generic
Re: Dumping email with blank To: header ?
On Thu, 4 Sep 2014, Timothy Murphy wrote: I'm not certain that SA is taking account of the result of sa-learn. I'm surprised that the spam score does not seem to change significantly after many instances of almost identical messages are put through sa-learn. (1) Do you see any BAYES_* rules hitting at all? (2) What does /usr/bin/sa-learn --dump magic report? (3) Did you review the spamd user vs. sa-learn user as I suggested? -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- The most glaring example of the cognitive dissonance on the left is the concept that human beings are inherently good, yet at the same time cannot be trusted with any kind of weapon, unless the magic fairy dust of government authority gets sprinkled upon them. -- Moshe Ben-David --- 13 days until the 227th anniversary of the signing of the U.S. Constitution
Re: Dumping email with blank To: header ?
On Thursday, September 04, 2014 11:26:01 AM LuKreme wrote: > > Is there a simple check to make sure salearn is working? > > (I get the message that "192 messages have been examined", > > and ~/.spamassassin/bayes_seen and bayes_tok are pretty large, > > 300kB and 5MB.) > For the record, using sql for babes is considerably faster. Do you mean using SQL in some way would speed up salearn? Do you have a reference for that? Actually, I run salearn as a cron job in the middle of the night, so it doesn't matter too much to me if it takes 1 minute or 5 minutes. > > 4) I haven't found a short and simple SA tutorial, > > explaining how SA works, > > with a few tests that one might add to the default, > > and a couple of checks one could try to make sure it is working. > If you see X-Spam headers, it’s working. If in the X-Spam-Report you see > BAYES_ then that is working. I'm not certain that SA is taking account of the result of sa-learn. I'm surprised that the spam score does not seem to change significantly after many instances of almost identical messages are put through sa-learn. -- Timothy Murphy e-mail: gayleard /at/ eircom.net School of Mathematics, Trinity College, Dublin 2, Ireland
Re: Dumping email with blank To: header ?
On 9/4/2014 1:51 PM, John Hardin wrote: On Thu, 4 Sep 2014, LuKreme wrote: For the record, using sql for babes is considerably faster. Is that anything like "SQL for Dummies"? I've heard good things about the Derek Zoolander Center for Kids who can't SQL Good and who Wanna Learn to do Other Stuff Good too.
Re: Dumping email with blank To: header ?
On 9/4/2014 2:18 PM, John Hardin wrote: On Thu, 4 Sep 2014, jdow wrote: On 2014-09-04 10:51, John Hardin wrote: On Thu, 4 Sep 2014, LuKreme wrote: > For the record, using sql for babes is considerably faster. Is that anything like "SQL for Dummies"? John, I was wondering if there was an SQL for boys, too. SQL for Jocks, maybe? I gotta wonder how LuKreme developed *that* particular finger-macro... :) His new website development work to replace facebook? Select * from babes where interested in me = 'true'; 0 rows in set (0.00 sec) Just to continue the silliness... Regards, KAM
Re: Dumping email with blank To: header ?
On Thu, 4 Sep 2014, jdow wrote: On 2014-09-04 10:51, John Hardin wrote: On Thu, 4 Sep 2014, LuKreme wrote: > For the record, using sql for babes is considerably faster. Is that anything like "SQL for Dummies"? John, I was wondering if there was an SQL for boys, too. SQL for Jocks, maybe? I gotta wonder how LuKreme developed *that* particular finger-macro... :) -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Users mistake widespread adoption of Microsoft Office for the development of a document format standard. --- 13 days until the 227th anniversary of the signing of the U.S. Constitution
Re: Dumping email with blank To: header ?
On 2014-09-04 10:51, John Hardin wrote: On Thu, 4 Sep 2014, LuKreme wrote: For the record, using sql for babes is considerably faster. Is that anything like "SQL for Dummies"? John, I was wondering if there was an SQL for boys, too. {O,o}
Re: Dumping email with blank To: header ?
On Thu, 4 Sep 2014, LuKreme wrote: For the record, using sql for babes is considerably faster. Is that anything like "SQL for Dummies"? -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Trusting in anti-gun laws to keep you from being shot is like refusing to wear your seatbelt because you trust traffic laws to keep you from being in a car accident. -- Erin Palette --- 13 days until the 227th anniversary of the signing of the U.S. Constitution
Re: Dumping email with blank To: header ?
> On 04 Sep 2014, at 05:32 , Timothy Murphy wrote: > > 1) Is there a simple way of dumping email with an empty To: header? > This seems invariably to be spam, and I'm surprised SA doesn't seem > to score it highly. You may be surprised if you actually check spam and ham. > 2) Does "autolearn" actually remove spam with a very high score? > Or does it still get marked as spam by SA and passed on? SA never removes mail under any circumstances. > Is there a simple check to make sure salearn is working? > (I get the message that "192 messages have been examined", > and ~/.spamassassin/bayes_seen and bayes_tok are pretty large, > 300kB and 5MB.) For the record, using sql for babes is considerably faster. > 4) I haven't found a short and simple SA tutorial, > explaining how SA works, > with a few tests that one might add to the default, > and a couple of checks one could try to make sure it is working. If you see X-Spam headers, it’s working. If in the X-Spam-Report you see BAYES_ then that is working. -- she [Esk] was already learning that if you ignore the rules people will, half the time, quietly rewrite them so they don't apply to you. --Equal Rites
Re: Dumping email with blank To: header ?
On Thu, 4 Sep 2014, Timothy Murphy wrote: 1) Is there a simple way of dumping email with an empty To: header? If by "dump" you mean "discard", this simple test might be better done in your MTA. However, "poison pill" rules (absent certain DNSBLs) are generally discouraged. This seems invariably to be spam, and I'm surprised SA doesn't seem to score it highly. Probably because even if it's a good spam sign, it isn't very common or it appears together with enough other spam signs that it's not scored very highly by itself. If you post some spamples of such to pastebin we'll take a look. Maybe it doesn't consider this to be a header? Yes, it does. There are rules that check for no TO or CC. For example: http://ruleqa.spamassassin.org/20140902-r1621946-n/REPLYTO_WITHOUT_TO_CC/detail If you want to score for "no TO or CC header", you could do this: meta NO_TO_CC !__TOCC_EXISTS 2) Does "autolearn" actually remove spam with a very high score? Or does it still get marked as spam by SA and passed on? "autolearn" is submission of the message to the Bayes backend for training. This can affect the scoring of subsequently-scanned messages, but it does not affect the score of that message. Also: SA does not directly have anything to do with the delivery process. All it does is generate a spamminess score. *Something else* has to interpret that score to decide the ultimate destination of the message: inbox, quarantine or bit bucket. 3) As will be obvious, I am not a student of SA; I just use the default setting, which seems to work well enough for me. But I'm a little surprised that more or less identical email that I have marked as spam many times and passed through salearn still seems to get through. That would seem to indicate a problem with Bayes. Is there a simple check to make sure salearn is working? You will see BAYES_* rule hits on messages if Bayes is working. You have to learn a minimum number of spam *and* ham messages before it will start working. This will report statistics about the Bayes database. /usr/bin/sa-learn --dump magic The most common mistake is to train Bayes as a user that is not the same user that SA is running under to scan messages - i.e., you're training the wrong Bayes database. Check which user spamd is running under, and which user you're running sa-learn as. They should be the same user. 4) I haven't found a short and simple SA tutorial, explaining how SA works, with a few tests that one might add to the default, and a couple of checks one could try to make sure it is working. The definitive test to check whether SA is scanning messages is to send a message containing the GTUBE string, it should always be detected and score 1000 points. Google "spam GTUBE" for more details. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- The tree of freedom must be freshened from time to time with the blood of tyrants and tyrannosaurs. -- DW, commenting on the GM6 Lynx .50BMG bullpup --- 13 days until the 227th anniversary of the signing of the U.S. Constitution
Dumping email with blank To: header ?
1) Is there a simple way of dumping email with an empty To: header? This seems invariably to be spam, and I'm surprised SA doesn't seem to score it highly. Maybe it doesn't consider this to be a header? 2) Does "autolearn" actually remove spam with a very high score? Or does it still get marked as spam by SA and passed on? 3) As will be obvious, I am not a student of SA; I just use the default setting, which seems to work well enough for me. But I'm a little surprised that more or less identical email that I have marked as spam many times and passed through salearn still seems to get through. Is there a simple check to make sure salearn is working? (I get the message that "192 messages have been examined", and ~/.spamassassin/bayes_seen and bayes_tok are pretty large, 300kB and 5MB.) 4) I haven't found a short and simple SA tutorial, explaining how SA works, with a few tests that one might add to the default, and a couple of checks one could try to make sure it is working. -- Timothy Murphy e-mail: gayleard /at/ eircom.net School of Mathematics, Trinity College, Dublin 2, Ireland