"Fred I-IS.COM" <[EMAIL PROTECTED]> writes:
> I created a list which might be helpful, using a dictionary I searched for
> letter pairs which did not exist. I created the following meta rule to
> search for these non-existant pairs, it might do just what you are looking
> for.
Your meta rule see
Hi folks,
I've a type of spam with these words in the body:
wewillneed.com/x.html
How could I filter that?
Thanks for your help
Andrea
---
This SF.net email is sponsored by: SF.net Giveback Program.
SourceForge.net hosts over 70,000 Open Sou
Hi Spamassassin-talk,
I am trying to Install the latest SA on my RH 9 Linux mailserver
and am running into a issue. Following the instructions on the web
(I am a complete newbie btw) I get to the "make" instruction and I
get a error of:
Makefile:94: ***missing seperator. Stop
How d
Hi Fred,
Looks like there was no response to this so I will give it a try. My guess
is that longer rules consume more memory but are more efficient in terms of
time and processing. This is more of a guess on my part but I believe it is
correct. Maybe someone can add better detail.
--Larry
> -
Hi Andrea,
> -Original Message-
> From: Andrea Riela
> Sent: Tuesday, October 14, 2003 5:54 AM
> To: [EMAIL PROTECTED]
> Subject: [SAtalk] Rule for a specific spam
>
>
> Hi folks,
>
> I've a type of spam with these words in the body:
>
> wewillneed.com/x.html
>
> How could I filter th
Hi,
I have been off the list for a while but just upgraded to 2.60 and am seeing a
great increase in spam getting in below the threshold.
To help me track this down, I would like to add the scores to the X-Spam-Status
header. I have seen examples online in the dev archives that show:
You can use Bayes. Making it a relaying server won't affect it.
The problem you will have, is when someone from an invalid mail address,
sends a mail to an invalid mail address in the ecxhange, you will see
your mail queue growing
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL
Hi Keith,
Thanks for the reply!
> -Original Message-
> From: Keith C. Ivey
> Sent: Monday, October 13, 2003 11:31 PM
> To: [EMAIL PROTECTED]
> Subject: RE: [SAtalk] More HTML Obfuscation: This One Made It Through
>
>
> Larry Gilson <[EMAIL PROTECTED]> wrote:
>
> > ### I wrapped the raw
Hi David,
> I did also update DB_File using CPAN, but I noticed at the end of the
> CPAN output it said "DB_File is up to date" so I don't think it did actually
> update anything. Do you know how to check the DB_File version so I can
> confirm it's at 1.806?
Sorry, I don't know that. What I'd do
On Mon, 2003-10-13 at 21:14, Matt Kettler wrote:
> At 05:00 PM 10/13/03 -0400, Jon Fraley wrote:
> >I currently have RBL checks turned off on our SA 2.6. We do our RBL
> >checks at the firewall. Can SA do the RBL checks from within our
> >network behind a virus appliance, or does it just check th
On Tue, 2003-10-14 at 08:58, Matt Kettler wrote:
> Yes, but it's also a security risk to run spamd/spamc both always as root,
> which is why SA is falling back to "nobody" in the first place.
>
> Certainly the better solution is to specify a non-root user with the -u
> parameter, however, baring
All,
I would like some feedback from you all on the following idea. What if
spamassassin followed unsubscribe links for all emails that came through
it's filter for emails that are obviously spam. This way people would
automatically get unsubbed from some of these lists.
Leon
---
These RPMs worked on my RH9 system
http://spamassassin.rediris.es/released/RPMs/
David Rodgers
On Mon, 2003-10-13 at 21:06, Bill Polhemus wrote:
> I really would prefer to implement something as complex as SA through the
> RPMs on my Red Hat 9 system. So far, they are only up to SA 2.55. That h
On Tue, Oct 14, 2003 at 08:28:24AM -0500, Leon Oosterwijk wrote:
> All,
>
> I would like some feedback from you all on the following idea. What if
> spamassassin followed unsubscribe links for all emails that came through
> it's filter for emails that are obviously spam. This way people would
> a
On Tue, 14 Oct 2003, Leon Oosterwijk wrote:
> I would like some feedback from you all on the following idea. What
> if spamassassin followed unsubscribe links for all emails that came
> through it's filter for emails that are obviously spam. This way
> people would automatically get unsubbed from s
It's arguable whether that will unsubscribe them, or confirm to the
spammer that they've scored a direct hit, and make your users a more
valuable spam target. Think about it: Is someone who just hijacked a
Taiwanese elementary school's mail server to send out necrophilia
pornography with forged he
Sorry, yeah, I did, and I took out the -H parameter... Still doesn't
work with the -u parameter set to root...
On Tue, 2003-10-14 at 09:30, Tom Meunier wrote:
> [offlist]
>
> Dave, I dunno if you read my message. It seems to me that if you run
> with -H -u root what you're saying is that the
Spamassassin developers also include a spec file in the tarball so you
can also build rpms on your redhat system from the spamassassin tarball
by doing this
rpmbuild -tb Mail-SpamAssassin-2.60.tar.gz
it will build rpms and put them in
/usr/src/redhat/RPMS/i386/
David Rodgers
On Mon, 2003-10-
Leon Oosterwijk wrote:
I would like some feedback from you all on the following idea. What if
spamassassin followed unsubscribe links for all emails that came through
it's filter for emails that are obviously spam. This way people would
automatically get unsubbed from some of these lists.
Rule #1
Take a look at
http://www.spamassassin.org/doc/Mail_SpamAssassin_Conf.html
particularly the sections on TAGS and MESSAGE TAGGING OPTIONS.
On Tue, 14 Oct 2003, Mike Schrauder wrote:
> I have been off the list for a while but just upgraded to 2.60
> and am seeing a great increase in spam gett
Frrom somewhere in another dimension Leon Oosterwijk wrote:
All,
I would like some feedback from you all on the following idea. What if
spamassassin followed unsubscribe links for all emails that came through
it's filter for emails that are obviously spam. This way people would
automatically g
Leon Oosterwijk Sent: Tuesday, October 14, 2003 9:28 AM
> What if spamassassin followed unsubscribe links for all emails
> that came through it's filter for emails that are obviously spam.
The unsubscribe links of the worst of the worst spammers either don't work
at all (invalid links, 404, etc.)
Well, all I can tell you is what I'm running. 266 mhz, 64 megs ram, and
probably around 3000 rules. Yup, I'll get an exact count later. But I test
and run all the great rules people send me for the emporium. I am using
spamd and I think you will see a bug difference there.
The system runs nothing
You know I was just thinking about this. They might not --lint with lynx
downloads due to line wraps? someone mentioned "^M" characters?? I'm like a
chicken with my head cut off here at work. So I don't even remember what
editor I used with the evilrules.cf :-)
I don't have ftp running on the ser
Did anyone else get a nasty email this morning? I did! This weekend ROCKED
for my SA config. Jennifer, if you were here I'd kiss you and the deaf cat
;) Your rules bring a huge smile to my logs! Now check out this fan mail:
*Warning, foul language nearby*
"
You are a piss head for hacking my site
"Keith C. Ivey" wrote:
> One fairly easily detectable spam sign is the almost-white text
> (used to hide the irrelevant words), like this:
> > argumentation scabby
> > writhe
> That should have triggered HTML_FONT_INVISIBLE, but I think
> that test has some bugs.
It certainly has a bug on my sys
I got one of these, too, last night, from a machine at a Korean ISP, and
I've been trying to figure what I did.
Somehow I feel less special now. :)
Chris Santerre wrote:
Did anyone else get a nasty email this morning? I did! This weekend ROCKED for my SA config. Jennifer, if you were here I'd k
On 10/14/03 08:28 AM, Leon Oosterwijk sat at the `puter and typed:
> All,
>
> I would like some feedback from you all on the following idea. What if
> spamassassin followed unsubscribe links for all emails that came through
> it's filter for emails that are obviously spam. This way people would
>
Just a quick note on the evilrules. My next update will try to only be the
'freshest' domains. I will leave the older evilrules on the site, but in an
effort to shrink it down, I'm hoping that dealing with a smaller spamtrap
file will help. It all depends on how much spam they send me ;)
--Chris
I am no rule coder, so I was wondering if anyone has a rule to catch
spammers that hide their url in their email. Here is an example of what it
getting through my spam filters:
href="http://wewillneed.com/c/
05;ron.html?farrow=elrlnm"
It looks to me that a rule that find's http://, &, and number
On Tue, Oct 14, 2003 at 08:33:03AM -0700, Patrick Morris wrote:
> I got one of these, too, last night, from a machine at a Korean ISP, and
> I've been trying to figure what I did.
>
> Somehow I feel less special now. :)
>
> Chris Santerre wrote:
>
> >Did anyone else get a nasty email this morni
On 10/14/03 11:19 AM, Chris Santerre sat at the `puter and typed:
> Did anyone else get a nasty email this morning? I did! This weekend ROCKED
> for my SA config. Jennifer, if you were here I'd kiss you and the deaf cat
> ;) Your rules bring a huge smile to my logs! Now check out this fan mail:
>
I am seeing alot of this error in maillog from SA 2.6
Is it anything to be worried about? How to fix it?
spamd[15640]: Use of uninitialized value in concatenation (.) or string at
/usr/bin/spamd line 554.
Thank you.
Gus
-
This mail sent with 3w
All,
Thank you all for your posts. Of course I'm aware of the potential that
unsub's actually attract mail. Here are some thoughts on this.
- if in addition to your own address, (or in place of it) you submit a lot
of bogus addresses (ones that won't even resolve for mx) you poison a source
of
I'm glad you like. :) I'm still a little taken aback by them. They've
been almost too good to be true. I'm working on a couple rules to fill
the holes. I've already noticed a few changes they've made to their
technique (to no avail so far), and they seem to be working as I told
Larry. I'll le
How much bandwidth / month does it average??
Jennifer
>I don't have ftp running on the server. I was actually going to see if
>anyone wanted to mirror my site, or just the files. I think
distributing >the lists to another site is a good idea. Any takers for
mirroring?
--Chris
> -Original Me
not much at all. I might average around 300+ hits a week. really just a
trickle. I don't even have a fast connection and it doesn't seem to effect
us at all. I can probably move it to a personal page on my home provider as
well. I think I might do that too. It peaks after an update, but then dies
o
Give this a try, Add to local.cf or something.
add_header all Status _YESNO_, hits=_HITS_ required=_REQD_
tests=_TESTSSCORES(,)_ autolearn=_AUTOLEARN_ version=_VERSION_
Frederic Tarasevicius
Internet Information Services, Inc.
Mike Schrauder wrote:
> Hi,
> I have been off the list for a whil
Yes :) http://spamhammers.nxtek.net
They will be here until Chris does his site update, and then you can
find them on his Rule Emporium site.
Jennifer
-Original Message-
From: Terry Shows [mailto:[EMAIL PROTECTED]
Sent: Tuesday, October 14, 2003 11:59 AM
To: Jennifer Wheeler
Subject
Yes sir, that did it. Someone else had told me the rtfm, but told me where in the fm
to look, so I found it.
Thanks!
Mike S
> -Original Message-
> From: Fred I-IS.COM [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, October 14, 2003 1:28 PM
> To: Mike Schrauder; [EMAIL PROTECTED]
> Subject:
On Tue, Oct 14, 2003 at 11:56:31AM -0400, Louis LeBlanc wrote:
> On 10/14/03 11:19 AM, Chris Santerre sat at the `puter and typed:
> Ok, I'm in. What rules did you use for this? I've got honeypot
> addresses and legit ones. I'd love to start shutting down these
> buggers.
Count me in too - I'm
> Did anyone else get a nasty email this morning? I did! This weekend ROCKED
> for my SA config. Jennifer, if you were here I'd kiss you and the deaf cat
> ;) Your rules bring a huge smile to my logs! Now check out this fan mail:
>
Wow!
I feel so left out! Nobody left me any flaming emails this m
Leon Oosterwijk Sent: Tuesday, October 14, 2003 12:45 PM
> I'd like to set up a couple such honeypots and see what the level of
> attraction is they get. Perhaps this would make a good research project.
I was curious as to how many spams actually had unsub links. So I flipped
through my last 40 S
> -Original Message-
> From: Louis LeBlanc [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, October 14, 2003 11:57 AM
> To: Spamassassin-Talk (E-mail)
> Subject: Re: [SAtalk] Fan Mail!!! LOL We shut one down!
>
>
>Ok, I'm in. What rules did you use for this? I've got honeypot
>addresses and
OK, you all know I got the nasty email. You all know that my 'evilrules' has
to do with spam hosts. The ones that host the images. Well this seems to be
the way to attack the spammers.
When I called the provider of the provider of the provider of the spam host,
they were 'dead' serious about stop
> -Original Message-
> From: Bill Anderson
> Sent: Tuesday, October 14, 2003 12:03 PM
> To: Spamassassin
> Subject: [SAtalk] New rule for disguised html?
>
>
> I am no rule coder, so I was wondering if anyone has a rule to catch
> spammers that hide their url in their email. Here is an
Hey this spamstat program is cool!! I'm trying to run that hit freq script
on my older 75 meg spamtrap. OUCH, the server is chugging on it. But my logs
changed over on the 12th so this first set of stats is a good indication of
the weekend. My evilrules.cf file looks like it cost me .46 seconds in
On 10/14/03 01:52 PM, Chris Santerre sat at the `puter and typed:
>
>
> > -Original Message-
> > From: Louis LeBlanc [mailto:[EMAIL PROTECTED]
> > Sent: Tuesday, October 14, 2003 11:57 AM
> > To: Spamassassin-Talk (E-mail)
> > Subject: Re: [SAtalk] Fan Mail!!! LOL We shut one down!
> >
>
At Mon Oct 13 18:59:36 2003, Robert Leonard III wrote:
>
> Thanks for the tip.. I guess it was an addressing/permission issue.. I see
> now, when I --lint -D that there are < 200 in my HAM db and the SPAM has now
> gone over 200 so I am assuming it works.. do I need to do a..
>
> sa-learn --spam
At 14:06 10/14/2003 -0400, Colin A. Bartlett wrote:
Leon Oosterwijk Sent: Tuesday, October 14, 2003 12:45 PM
> I'd like to set up a couple such honeypots and see what the level of
> attraction is they get. Perhaps this would make a good research project.
I was curious as to how many spams actually
UPDATE!
I just got off the phone with UPENN.edu! Apparently we have our boy. I think
his name is Brian. He has had known issues from the past, and they were
already in the process of dealing with the older ones. However I don't think
he will get what he deserves. Why wouldn't they have shut him o
Chris Santerre Sent: Tuesday, October 14, 2003 2:09 PM
> OK, you all know I got the nasty email. You all know that my 'evilrules'
has
> to do with spam hosts. The ones that host the images. Well this seems to
be
> the way to attack the spammers.
If we start putting the squeeze on the image hosts,
Congrats! :) ...I'm thinking now he wishes he hadn't written you the
Love Letter. Your EEEee-vil rules are strong!
Jennifer
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Chris Santerre
Sent: Tuesday, October 14, 2003 2:01 PM
To: Spamassassin-Talk (E-
>> I've tried sa-learn --spam, but it goes for a LONG TIME.. is that normal?
>> I've never actually let it finish, thinking it was 'stuck'.. but it may
just
>> take a long time..
>You could add --showdots to the command-line, which will output a '.'
>to the screen for each message processed.
You
Roger Merchberger Sent: Tuesday, October 14, 2003 2:50 PM
> Where might I find the script that's doing the automagic posting? I
> wouldn't mind doing that, either... ;-)
I don't think there IS one. That was some of the discussion we had here. I
just manually tried them. Took about 10 minutes to g
Roger,
I'm thinking about writing one. I'll post here if I come up with something.
Leon
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On
> Behalf Of Colin A. Bartlett
> Sent: Tuesday, October 14, 2003 2:52 PM
> To: Roger Merchberger; [EMAIL PROTECTED
So, I'm watching the mail logs like a hawk and just today I notice this:
Oct 14 13:39:02 codeine spamd[9012]: Malformed UTF-8 character (unexpected
continuation byte 0x93, with no preceding start byte) in transliteration
(tr///) at /usr/lib/perl5/vendor_perl/5.8.0/Mail/SpamAssassin/EvalTests.pm
On Tue, 14 Oct 2003, Colin A. Bartlett wrote:
> If we start putting the squeeze on the image hosts, do you think that
> spammers will then just start to embed the images within their email?
> Certainly the bandwidth requirements become more costly then, but it doesn't
> seem like that would be a ha
> On Tue, Oct 14, 2003 at 08:33:03AM -0700, Patrick Morris wrote:
>> I got one of these, too, last night, from a machine at a Korean ISP, and
>> I've been trying to figure what I did.
>>
>> Somehow I feel less special now. :)
>>
>> Chris Santerre wrote:
>>
>> >Did anyone else get a nasty email this
I could donate some bandwidth to the cause. I've got a surplus of outbound bandwidth
. . .
-Original Message-
From: Chris Santerre [mailto:[EMAIL PROTECTED]
Sent: Tuesday, October 14, 2003 12:25 PM
To: 'Jennifer Wheeler'
Cc: 'Spamassassin-Talk (E-mail)'
Subject: RE: [SAtalk] Too many ru
On Tue, 14 Oct 2003, Louis LeBlanc wrote:
> Set up a pristine new email address, but DON'T GIVE IT OUT TO
> ANYONE.
> Everytime you get a spam with an unsubscribe link, follow it and
> unsubscribe this new pristine address. Nevermind who the message was
> sent to, I promise the unsub page won
On Tue, 14 Oct 2003, Chris Santerre wrote:
> OK, you all know I got the nasty email. You all know that my 'evilrules' has
> to do with spam hosts. The ones that host the images. Well this seems to be
> the way to attack the spammers.
>
[snip..]
> Since many spammers are resorting to image spam, I
On Tue, Oct 14, 2003 at 03:25:14PM -0500, David B Funk wrote:
> 2) Virus/worm hijacked PCs. We're seeing lots of PCs on cable modems
> that have "remote control" trojan/worms on them that are being
> used by spammers as open proxies (for both SMTP & HTTP).
> So you may be able to
Okay, I wanted to drop in your evilrules.cf file into my SA setup, and I did
so using (in /etc/mail/spamassassin/):
lynx -dump http://www.merchantsoverseas.com/wwwroot/gorilla/evilrules.cf >
evilrules.cf
However, this seems to cause problems. After this, doing a spamassassin -t
causes all sorts
Well it has been long overdue. Matter of fact, I had way more to do. I
decided some update is better then none. I also changed the update a little,
so hit refresh on those pages :)
First, I have to deeply apologies. It has been so long since the last update
that I've misplaced a lot of where some
On Fri, 10 Oct 2003, [iso-8859-1] Luis Hernán Otegui wrote:
> Hi, does anyone have any ideas about how to create a shortcut in PINE to
> remove spam headers from a message? Also, it would be great if this shortcut
> could pipe the results to sa-learn, so the message could be learned either
> as ha
Nope, it looks like WordPad is a bad place to edit :) Apparently it has some
hidden characters in it. AS of 4:40 EST today, I resaved it under MSDOS text
format in the hopes it fixed it. Did you get the file before then?
This won't happen again once I solve it. It just that it was so big I
checked
Chris Santerre Sent:
> I don't have ftp running on the server. I was actually going to see if
> anyone wanted to mirror my site, or just the files. I think distributing
> the lists to another site is a good idea. Any takers for mirroring?
Hosting is what we do and we have plenty of bandwidth. I w
> http://www.merchantsoverseas.com/wwwroot/gorilla/evilrules.cf
Interestingly, this is triggering a rule in the evilrules.cf itself:
rawbody G_WWW_MERCHANTSOVERSEAS_COM /www\.merchantsoverseas\.com/
describe G_WWW_MERCHANTSOVERSEAS_COMEvil_10_9_03
G_WWW_MERCHANTSOVERSEAS_COM
score G_WWW
> Nope, it looks like WordPad is a bad place to edit :)
> Apparently it has some
> hidden characters in it. AS of 4:40 EST today, I resaved it
> under MSDOS text
> format in the hopes it fixed it. Did you get the file before then?
Aye, I'm sure I did. However, someone has also suggested wget, w
I implemented some of the rules others have posted on this
list regarding “obfuscating text”. Now that I am running SA 2.60, I
note that I’m getting the following error message.
Failed to compile body SpamAssassin tests, skipping:
(Bareword "i" not allowed while
"strict subs" i
On Tue, 14 Oct 2003, Chris Santerre wrote:
> I saved these in *gulp* MSDOS text in the hopes it wouldn't have any crazy
> characters. (Yeah I'm using a windows system!) Please let me know if you
> have any problems.
This is nearly always a problem for people trying to save stuff on Unix
flavors,
I had the same problem.. though I think I just solved it.. if you open up
the rules in whatever editor you choose, I found ONE line that wrapped and
messed up the whole thing.. when I 'unwrapped' that single line,
it --lint'ed' fine.. I'm implementing it now.. I had the same problem in the
oct03_r
Something is
wrong in the syntax. IE: a missing / or ) or something. Maybe a line wrap.
It says something about a bare 'i' which is usually found at the end of a regex.
So I'm guessing line wrap.
Also run
:
spamassassin
-d --lint
after placing
a new rule in.
THe MY_ looks
like one
Hi,
On Tue, 14 Oct 2003, Stewart, John wrote:
> > Nope, it looks like WordPad is a bad place to edit :)
> > Apparently it has some
> > hidden characters in it. AS of 4:40 EST today, I resaved it
> > under MSDOS text
> > format in the hopes it fixed it. Did you get the file before then?
gvim work
At 15:39 10/14/2003 -0500, Stewart, John wrote:
Okay, I wanted to drop in your evilrules.cf file into my SA setup, and I did
so using (in /etc/mail/spamassassin/):
lynx -dump http://www.merchantsoverseas.com/wwwroot/gorilla/evilrules.cf >
evilrules.cf
However, this seems to cause problems. After t
At 05:00 PM 10/14/2003, Bill Polhemus wrote:
Failed to compile body SpamAssassin tests, skipping:
(Bareword "i" not allowed while "strict subs" in use at
/usr/share/spamassassin/70_obfuscate.cf, rule MY_RBDY_INVSTXT, line 1.
)
Please pardon my abject ignorance, but I'll need someone to tran
Hi,
I'm using spamassassin 2.55 (willing to upgrade if necessary)
I receive mails which already may have been filtered through
spamassassin. (from sf.net, for example)
My mta scans every mail i receive, possibly overriding
any spam tag already set.
Is there a way to change the tags spamassas
On Tue, 14 Oct 2003, Bill Polhemus wrote:
> Failed to compile body SpamAssassin tests, skipping:
> (Bareword "i" not allowed while "strict subs" in use at
Just a quick guess. I'd say that you put a space in front of the 'i' that
goes at the end of the condition that does not belong there.
had one slip through:
X-Spam-Status: No, hits=3.3 required=5.0
tests=BAYES_80,HTML_70_80,HTML_FONT_BIG,HTML_FONT_COLOR_BLUE,
HTML_FONT_COLOR_GRAY,HTML_FONT_COLOR_RED,
HTML_FONT_FACE_ODD,MIME_HTML_ONLY,MISSING_MIMEOLE,
MISSING_OUTLOOK_NAME
v
cheers folks,
By default SA attaches suspected SPAM mails in non text/plain format as
"Content-Disposition: attached", which means for me, that the mail only
is displayed when I willingly click a button.
This is very inconvenient for quickly scanning the SPAM mails for false
positives. As I setup
>
>
> lynx -dump http://www.merchantsoverseas.com/wwwroot/gorilla/evilrules.cf >
> evilrules.cf
>
The -dump causes lynx to put CR after 80 characters. Try lynx -source and
you should get a clean file.
--
Danny Aldham Providing Certified Internetworking Solutions to Business
www.postino.c
Chris,
Thanks for the rules below. I'm a bit late jumping on some recent
spam, since I was out of town on vacation, with an expensive dial-up
connection. However, I have some variations you may want to consider
(The Comma rule you may already have, and has proven very useful here
-- the two other
I'm a new installer of SpamAssassin on Red Hat ver 8
with the latest SA...
In the USAGE document for SA it states "*PLEASE* consider setting it up as "off
by default" for most accounts, and let users opt-in to using it." Which
sounds like a great idea, just exactly is the best way to tu
On Tuesday 14 October 2003 08:19 am, Chris Santerre wrote:
> Did anyone else get a nasty email this morning?
I didn't. I'm feeling left out and unloved.
;-)
--
Give a man a match, and he'll be warm for a minute, but set him on
fire, and he'll be warm for the rest of his life.
Advanced SPAM fi
On Tue, 14 Oct 2003 15:46:10 -0700 (PDT), you wrote:
>had one slip through:
>
>X-Spam-Status: No, hits=3.3 required=5.0
>tests=BAYES_80,HTML_70_80,HTML_FONT_BIG,HTML_FONT_COLOR_BLUE,
> HTML_FONT_COLOR_GRAY,HTML_FONT_COLOR_RED,
> HTML_FONT_FACE_ODD,MIME_HTML_ONLY,M
I tried the evilrules.cf on my dual AMD 1Gb 2 Ultra-SCSI qmail server and it
died in minutes.
I run 100K+ emails in a 24 hour period. (98+% are tagged as spam)
After reboot I see that spamd takes a while to catch up... avg is 30+ seconds
per msg (all rbl look ups are set to timeout at 5 seconds
guenther <[EMAIL PROTECTED]> writes:
> By default SA attaches suspected SPAM mails in non text/plain format as
> "Content-Disposition: attached", which means for me, that the mail only
> is displayed when I willingly click a button.
>
> This is very inconvenient for quickly scanning the SPAM mail
Hi Jennifer,
> -Original Message-
> From: Jennifer Wheeler
> Sent: Tuesday, October 14, 2003 12:27 PM
> To: 'Larry Gilson'
> Subject: RE: [SAtalk] Popcorn, Backhair, and Weeds
>
>
> Hi Larry!
>
> I read your message late yesterday, and had to digest it a
> little before responding. My
Thanks Michael.
I took your advice and installed a new DB_File the old
fashioned way. ;) with the downloaded .tar.gz and that seems
to have solved this spamd issue.
I'm not exactly sure how DB_File is used by spamd, but commenting
out the bayes in the local.cf didn't seem to make any differen
Larry Gilson <[EMAIL PROTECTED]> wrote:
> / \w{1,7}<\/?[^<>]{0,150}>\w{1,7}/
>
> This one seems to be working well so far. It will catch any
> normal and funky stuff within the tags but makes sure it will
> not run over any subsequent tags.
Since '/' matches the character class '[^<>]', there
That would depend on where you put the call to spamassassin. and how you
integrate SA into your mail system.
Brian Nath writes:
I'm a new installer of SpamAssassin on Red Hat ver 8 with the latest SA...
In the USAGE document for SA it states "*PLEASE* consider setting it up as
"off by de
At 05:03 PM 10/13/03 -0700, Justin Mason wrote:
Matt Kettler writes:
> I could possibly see it becoming a configfile option, much like use_bayes,
> in which case I'd guess the command line would be deprecated, but I don't
> ever see it becoming a default without a lot of people (myself included)
>
On 14 Oct 2003 00:42:38 -0700, Daniel Quinlan <[EMAIL PROTECTED]>
posted to gmane.mail.spam.spamassassin.general:
> "Fred I-IS.COM" <[EMAIL PROTECTED]> writes:
>> I created a list which might be helpful, using a dictionary I
>> searched for letter pairs which did not exist. I created the
>> fol
94 matches
Mail list logo
