On 4/25/2007 1:08 AM, Marc Perkel wrote:
I'm seeing a lot of one words spam. I'm guessing they are probing for
capabilities. Is anyone else seeing this? If so - what do you know about
it?
more probably spammy borked templates
Chris wrote:
Since changing to embarqmail.com last Sunday each post I've
made to this list has been marked-up as possible spam. Is
Embarq that screwed up? Or is Synacor? Here are the markups
on the one I just posted:
X-Virus-Checked: Checked by ClamAV on apache.org
X-Old-Spam-Flag: YES
Rosenbaum, Larry M. writes:
2) I tried to compile the rules to see how much speed increase I
could
get, but it didn't work. After running sa-compile and uncommenting
the
Rule2XSBody plugin, I got the following error:
# spamassassin --lint
ld.so.1: /usr/local/bin/spamassassin:
Hi,
I was wondering if it has any negative effects on my Bayes database if I
regularly learn all spam/ham messages via a cron job. Sa-learn skips
already learned messages. Am I thus right to assume that apart from the
relatively high CPU load there are no drawbacks? Or should I keep a
Arik Raffael Funke schrieb:
Hi,
Hello!
I was wondering if it has any negative effects on my Bayes database if I
regularly learn all spam/ham messages via a cron job. Sa-learn skips
already learned messages. Am I thus right to assume that apart from the
relatively high CPU load there are no
Matthias Haegele wrote:
Arik Raffael Funke schrieb:
I.e. what about expiring tags, etc. Sa-learn would routinely
re-encounter 5 year-old spam...
Q: Would it be useful (regarding cpu and i/o performance) if only
learned messages (copied from a maildir) that are new (e.g. not older
than a
Arik Raffael Funke wrote:
Matthias Haegele wrote:
Arik Raffael Funke schrieb:
I.e. what about expiring tags, etc. Sa-learn would routinely
re-encounter 5 year-old spam...
Q: Would it be useful (regarding cpu and i/o performance) if only
learned messages (copied from a maildir) that are new
-Original Message-
From: Marc Perkel [mailto:[EMAIL PROTECTED]
Sent: Wednesday, April 25, 2007 12:04 AM
To: users@spamassassin.apache.org
Subject: IP - Responsible Person
Is there an algorithm that one can feed an IP address into and return
the email address of the
Hi,
several of my HAMs are tagged with SUBJECT_ENCODED_TWICE.
Is this forbidden by any RFC?
Even mutt, a usually very RFC-compliant MUA, does that.
For example this mail from ebay:
X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on kira2.XXX.de
X-Spam-Scores:
Andy Spiegl schrieb:
Hi,
several of my HAMs are tagged with SUBJECT_ENCODED_TWICE.
Is this forbidden by any RFC?
Even mutt, a usually very RFC-compliant MUA, does that.
afaik no, but other things which spammers do are not forbidden too ;-)?
It is the same here mainly MLs with Subject
Hi,
I have been looking for a set of rules that have been specially done
for combating French spam (in particular content). I found those at
http://maxime.ritter.eu.org, but they aren't official, and I was
wondering whether people know about any others.
Cheers
Anton
Hi,
I am writing a programme which needs to parse the summary (_SUMMARY_)
returned by SA, and after combing the docs couldn't find relevant
specs. It appears that the lines are a fixed length, but I couldn't be
sure... is there anywhere I can get the specs so my parser doesn't do
silly things?
afaik no, but other things which spammers do are not forbidden too ;-)?
Right. :-)
But the score for SUBJECT_ENCODED_TWICE is pretty high:
1.723
How does that justify?
Greetings,
Andy.
--
If you have good memory you can forget the rest.
Hi, list, I know this is one of those egg and chicken kind of questions,
but having now the possibility of checking the impact of various setups, I
was wondering if it is more convenient to let the MTA perform the RBL
checks, or disable them and let SA do this job.
Currently I am using
On Wednesday 25 April 2007 15:40, Andy Spiegl wrote:
afaik no, but other things which spammers do are not forbidden too ;-)?
Right. :-)
But the score for SUBJECT_ENCODED_TWICE is pretty high:
1.723
How does that justify?
Not at all. At least not outside English-speaking locales.
--
But the score for SUBJECT_ENCODED_TWICE is pretty high:
1.723
How does that justify?
Well, it may have changed over time. But at the time the score was set, it
was justified by the fact that that was a pretty good indicator of spam, and
not a very strong hit against ham.
Since the scores
Michael Scheidell wrote:
-Original Message-
From: Marc Perkel [mailto:[EMAIL PROTECTED]
Sent: Wednesday, April 25, 2007 12:04 AM
To: users@spamassassin.apache.org
Subject: IP - Responsible Person
Is there an algorithm that one can feed an IP address into and return
the email address
Andy Spiegl wrote:
But the score for SUBJECT_ENCODED_TWICE is pretty high:
1.723
How does that justify?
No doubt it is justified by the fact that the corpora used to
determine SpamAssassin scores don't contain enough non-English-language
content.
You'll almost certainly find that you
Hi, list, I know this is one of those egg and chicken kind
of questions, but having now the possibility of checking the
impact of various setups, I was wondering if it is more
convenient to let the MTA perform the RBL checks, or disable
them and let SA do this job.
Currently I am using
On Tue, Apr 24, 2007 at 09:03:51PM -0700, Marc Perkel wrote:
Is there an algorithm that one can feed an IP address into and return
the email address of the responsible person for the IP to report spam to?
There is the command-line whois, as well as the ARIN web site
Bret:
You do not mean you run the same RBLs at the MTA and SA level do you?
If the MTA rejects on an RBL there should be nothing for SA to score on
as that message is rejected already. I currently score in SA on a
number of RBLs but would be interested to know what you regard as safe
to use
Since the scores were set with a threshold of 5, you would need three of
those and change to get the message marked as sapm. If you are having
problems wiht this makring messages as spam, I'd look to see what else is
hitting also.
Sometimes HTML_10_20 or/and HTML_IMAGE_ONLY
Then, if bayes
Luis Hernán Otegui wrote:
Hi, list, I know this is one of those egg and chicken kind of
questions, but having now the possibility of checking the impact of
various setups, I was wondering if it is more convenient to let the MTA
perform the RBL checks, or disable them and let SA do this job.
John Wilcock [EMAIL PROTECTED] writes:
No doubt it is justified by the fact that the corpora used to
determine SpamAssassin scores don't contain enough
non-English-language content.
So maybe there needs to be 'recruitment' drive to get more people who
receive non-English emails to submit to
Well, I have a caching dns running, and it performs (almost) flawlessly.
zen.spamhaus.org seems to perform very well here, since when I look at the
mail logs I don' find any false positives. I was using cbl.abuseat.org, bu
it was too loosy on checks, so many .edu.ar servers from here (I live and
Hi everyone,
Curious to know why this scored ( well didn't score) this way;
0.0 ADVANCE_FEE_1 Appears to be advance fee fraud (Nigerian 419)
Jean-Paul Natola
Network Administrator
Information Technology
Family Care International
588 Broadway Suite 503
New York, NY 10012
On Wed, 25 Apr 2007, Arik Raffael Funke wrote:
I was wondering if it has any negative effects on my Bayes
database if I regularly learn all spam/ham messages via a cron
job. Sa-learn skips already learned messages. Am I thus right to
assume that apart from the relatively high CPU load there
Bob McClure Jr wrote:
On Tue, Apr 24, 2007 at 09:03:51PM -0700, Marc Perkel wrote:
Is there an algorithm that one can feed an IP address into and return
the email address of the responsible person for the IP to report
spam to?
There is the command-line whois, as well as the ARIN web site
My thinking on this is that if we had better automated reporting then
spammers could be shut down at the source and we could reduce spam that
way. I think what needs to happen is to develop some sort of
auto-reporting of spam process that's easy and tie in ISPs and the big
boys into the
Luis Hernán Otegui wrote:
Well, I have a caching dns running, and it performs (almost) flawlessly.
zen.spamhaus.org http://zen.spamhaus.org seems to perform very well
here, since when I look at the mail logs I don' find any false
positives. I was using cbl.abuseat.org http://cbl.abuseat.org,
On Wed, Apr 25, 2007 at 09:10:04AM -0700, Marc Perkel wrote:
My thinking on this is that if we had better automated reporting then
spammers could be shut down at the source and we could reduce spam that
way. I think what needs to happen is to develop some sort of
auto-reporting of spam
On Apr 25, 2007, at 5:49 AM, Arik Raffael Funke wrote:
I was wondering if it has any negative effects on my Bayes database
if I regularly learn all spam/ham messages via a cron job.
Sa-learn skips already learned messages. Am I thus right to assume
that apart from the relatively high CPU
You do not mean you run the same RBLs at the MTA and SA level
do you? If the MTA rejects on an RBL there should be nothing
for SA to score on as that message is rejected already. I
currently score in SA on a number of RBLs but would be
interested to know what you regard as safe to use at
snip
Regarding sa-update, which channels are you using? I'm
currently running on saupdates.openproect.com. Any
suggestions on this subject?
I Use:
updates.spamassassin.org
00_FVGT_File001.cf.sare.sa-update.dostech.net
99_FVGT_meta.cf.sare.sa-update.dostech.net
Marc Perkel wrote:
My thinking on this is that if we had better automated reporting then
spammers could be shut down at the source and we could reduce spam that
way. I think what needs to happen is to develop some sort of
auto-reporting of spam process that's easy and tie in ISPs and the big
On Wed, 25 Apr 2007, Arik Raffael Funke wrote:
This message was created automatically by mail delivery software (TMDA).
Your message attached below is being held because the address
[EMAIL PROTECTED] has not been verified.
To release your message for delivery, please send an empty message
John Rudd wrote:
Marc Perkel wrote:
My thinking on this is that if we had better automated reporting then
spammers could be shut down at the source and we could reduce spam
that way. I think what needs to happen is to develop some sort of
auto-reporting of spam process that's easy and tie
On Wed, 25 Apr 2007, Marc Perkel wrote:
I agree it would have to be done right. Here's what I'm thinking is that
autoreporting could go to a screening system that would track these auto
generated complaints. A few complains wouldn't cause anything to happen but
lest say the complaint rate is
Randal, Phil wrote:
Arik Raffael Funke wrote:
Matthias Haegele wrote:
Arik Raffael Funke schrieb:
I.e. what about expiring tags, etc. Sa-learn would routinely
re-encounter 5 year-old spam...
Q: Would it be useful (regarding cpu and i/o performance) if only
learned messages (copied from a
Chris St. Pierre wrote:
On Wed, 25 Apr 2007, Marc Perkel wrote:
I agree it would have to be done right. Here's what I'm thinking is
that autoreporting could go to a screening system that would track
these auto generated complaints. A few complains wouldn't cause
anything to happen but lest
Faisal N Jawdat wrote:
On Apr 25, 2007, at 5:49 AM, Arik Raffael Funke wrote:
I was wondering if it has any negative effects on my Bayes database if
I regularly learn all spam/ham messages via a cron job.
I did this for a while and didn't find any problems.
Good news. At least in practise
On Apr 25, 2007, at 4:30 PM, Arik Raffael Funke wrote:
I am now probably venturing off-topic on my own thread but the
point you make is interesting: You train only misfiled messages.
What about new but correctly filed messages? You _never_ train on
them?
Given that bayes is a statistical
JamesDR wrote:
At one point in time, I tried to send reports to some ISP's (RR,
Comcast, AOL, Bellsouth, Verizon and a few others) with no noticeable
change in the amount of spam received from these ISP's.
If such a system were implemented I'm willing to bet one automated
system will talk to
Chris wrote:
[2474] dbg: metadata: X-Spam-Relays-Trusted: [ ip=127.0.0.1
rdns=localhost.localdomain helo=localhost by=mailrelay.embarq.synacor.com
ident= envfrom= intl=1 id=8B8062336D7 auth= ] [ ip=127.0.0.1 rdns=
helo=mailrelay.embarq.synacor.com by=localhost ident= envfrom= intl=1
Justin Mason wrote:
Apache SpamAssassin 3.2.0-rc3 is now available! This is a *PRERELEASE*,
not the full release of 3.2.0.
Downloads are available from:
http://people.apache.org/~jm/devel/
It's running here but I'm getting hammered by joe job bounces and I
don't see any VBounce rules
On Wed, 25 Apr 2007, Rick Macdougall wrote:
Justin Mason wrote:
Apache SpamAssassin 3.2.0-rc3 is now available! This is a *PRERELEASE*,
not the full release of 3.2.0.
Downloads are available from:
http://people.apache.org/~jm/devel/
It's running here but I'm getting hammered by joe
Vincent Li wrote:
On Wed, 25 Apr 2007, Rick Macdougall wrote:
It's running here but I'm getting hammered by joe job bounces and I
don't see any VBounce rules firing. It is not commented out in v320.pre.
Have you specified
whitelist_bounce_relays hostname_of_your_MTA
in
Rick Macdougall writes:
Vincent Li wrote:
On Wed, 25 Apr 2007, Rick Macdougall wrote:
It's running here but I'm getting hammered by joe job bounces and I
don't see any VBounce rules firing. It is not commented out in v320.pre.
Have you specified
whitelist_bounce_relays
On Wed, 25 Apr 2007, Rick Macdougall wrote:
Vincent Li wrote:
On Wed, 25 Apr 2007, Rick Macdougall wrote:
It's running here but I'm getting hammered by joe job bounces and I
don't see any VBounce rules firing. It is not commented out in
v320.pre.
Have you specified
Justin Mason wrote:
Rick Macdougall writes:
Vincent Li wrote:
On Wed, 25 Apr 2007, Rick Macdougall wrote:
It's running here but I'm getting hammered by joe job bounces and I
don't see any VBounce rules firing. It is not commented out in v320.pre.
Have you specified
On Wednesday 25 April 2007 4:34 pm, Daryl C. W. O'Shea wrote:
Chris wrote:
[2474] dbg: metadata: X-Spam-Relays-Trusted: [ ip=127.0.0.1
rdns=localhost.localdomain helo=localhost by=mailrelay.embarq.synacor.com
ident= envfrom= intl=1 id=8B8062336D7 auth= ] [ ip=127.0.0.1 rdns=
On Wed, 25 Apr 2007, Rick Macdougall wrote:
Justin Mason wrote:
Rick Macdougall writes:
Vincent Li wrote:
On Wed, 25 Apr 2007, Rick Macdougall wrote:
It's running here but I'm getting hammered by joe job bounces and I
don't see any VBounce rules firing. It is not commented out
Justin Mason wrote:
Rick Macdougall writes:
Vincent Li wrote:
On Wed, 25 Apr 2007, Rick Macdougall wrote:
It's running here but I'm getting hammered by joe job bounces and I
don't see any VBounce rules firing. It is not commented out in v320.pre.
Have you specified
I keep getting this error - Cant locate object method 'new' via package
IO::Zlib at /usr/bin/sa-update line 671 - when attempting to run sa-update.
It worked fine when I ran it about 10 months ago (im way behind).
Using SA version 3.1.3 on Fedora.
I am still having problems with the following errors popping up from time to
time:
**
An error was detected while processing a file of BSMTP input.
The error message was:
421 Lost incoming connection
The SMTP transaction started in line 0.
The error was detected in line 3.
0
Chris wrote:
What I'm trying to figure out Daryl is what would be added to my
trusted_networks config line to reflect embarq and or synacor. Previously
this is all I had on that line, 127/8 192.168/16 207.217.121/24 209.86.93/24.
Since I'm now 'in between' hosts, meaning that El is forwarding
Are the spammers testing some new spamtool
I am getting mails with just a single word like gushes using etc
what is this about now ?
Thanks
Ram
Marc Perkel wrote:
I agree it would have to be done right. Here's what I'm thinking is
that autoreporting could go to a screening system that would track
these auto generated complaints. A few complains wouldn't cause
anything to happen but lest say the complaint rate is coming in really
Jean-Paul Natola wrote:
Hi everyone,
Curious to know why this scored ( well didn't score) this way;
0.0 ADVANCE_FEE_1 Appears to be advance fee fraud (Nigerian 419)
From STATISTICS-set3.txt (in the SA tarball)
OVERALL% SPAM% HAM% S/ORANK SCORE NAME
2.302
ram wrote:
Are the spammers testing some new spamtool
I am getting mails with just a single word like gushes using etc
what is this about now ?
Read the archives for more details, however the general consensus is
it's due to:
1) a mass run of short-emails to a broader-range of
60 matches
Mail list logo
