[EMAIL PROTECTED]
Reply-To: users@spamassassin.apache.org
LuKreme wrote on Wed, 10 Dec 2008 23:19:25 -0700:
mail# gpg --list-keys /etc/mail/spamassassin/sa-update-keys/pubring.gpg
gpg: error reading key: No public key
I get the same, and without the path to a file I get the keys from the
mail# gpg --list-keys /etc/mail/spamassassin/sa-update-keys/pubring.gpg
gpg: error reading key: No public key
And another doc you didn't read before asking here, LuKreme...
I get the same, and without the path to a file I get the keys from the
global keyring which are non for SA. man gpg
Hello everyone,
I'm (somewhat) new to SA, and it works nicely, except now I would like
to boost its effectiveness at finding spam. I have searched the web and
frankly I'm disappointed with the results - except basic config there is
not much info there on how to finetune SA to get better
Marcin Krol schrieb:
Is anybody here willing to share other / better techniques and tips?
No silver bullet, only blood, sweat and tears :-)
* Create custom rules that to match your uncaught spam (and maybe share
these rules back on this list).
* If circumstances permit, make use of
Matthias Leisi wrote:
Marcin Krol schrieb:
Is anybody here willing to share other / better techniques and tips?
No silver bullet, only blood, sweat and tears :-)
I agree.
* Create custom rules that to match your uncaught spam (and maybe share
these rules back on this list).
Yes,
On Thu, 2008-12-11 at 12:52 +0100, Marcin Krol wrote:
Through experimentation I have found that the following techniques are
highly effective:
- SURBL and URIBL are extremely effective at identifying spam
They are enabled by default -- unless you are running local tests only.
Did you (or
* If circumstances permit, make use of extensive whitelisting, so that
you can increase the score of rules (or maybe lower the threshold after
which you consider a message to be spam).
When whitelisting, never whitelist just based on a plain sender or author
address (such as 'whitelist_from').
Matthias Leisi wrote:
* If circumstances permit, make use of extensive whitelisting, so that
you can increase the score of rules (or maybe lower the threshold after
which you consider a message to be spam).
With all due respect, that's risky... My users often get legit mails out
of blue or
Karsten Bräckelmann wrote:
- SURBL and URIBL are extremely effective at identifying spam
They are enabled by default -- unless you are running local tests only.
Did you (or your distro default) disable network tests? If you
specifically had to enable these, you are likely missing more of them.
Ned Slider wrote:
Yes, additional DNSBLs such as psbl and uceprotect can be integrated
into SA
Well, isn't it better to use them before SA, provided your MTA does have
this feature (I recommend Exim to everyone)?
Also look at setting up Bayes and train it well. A well trained Bayes
setup
On Wed, 10 Dec 2008, LuKreme wrote:
I'm still unclear on how the --gpgkey makes it more secure. If the file
is signed, the signature is checked against the public key that I have
in pubring.gpg. What does the gpgkey do?
It indicates which key to use to check the signature.
--
John Hardin
LuKreme wrote:
On 10-Dec-2008, at 20:36, SM wrote:
it's a hexadecimal number which identifies the key.
And the source of that number is, evidently, a complete mystery.
That's my point. I've seen lots of instructions like this:
# wget http://somesite.tld/somepath/GPG.KEY
# sudo
Ned Slider wrote:
Also look at setting up Bayes and train it well. A well trained Bayes
setup can hit 99% plus spam (for me) and can be highly effective.
On 11.12.08 15:19, Marcin Krol wrote:
Except I found that while it often gets positive identification right,
it sometimes produces false
Marcin Krol wrote:
Matthias Leisi wrote:
* If circumstances permit, make use of extensive whitelisting, so
that you can increase the score of rules (or maybe lower the
threshold after which you consider a message to be spam).
With all due respect, that's risky... My users often get
Marcin,
Did you manually (initially) train it
with your collected ham and recent (not older than 3 months) spam?
No, I just waited until default 200 hams and 200 spams kicked it in. As
I mentioned elsewhere, I get a weird effect of correct positives, but
relatively many false negatives
Marcin Krol wrote:
Karsten Bräckelmann wrote:
Did you manually (initially) train it
with your collected ham and recent (not older than 3 months) spam?
No, I just waited until default 200 hams and 200 spams kicked it in.
As I mentioned elsewhere, I get a weird effect of correct
On Thu, 2008-12-11 at 15:13 +0100, Marcin Krol wrote:
Karsten Bräckelmann wrote:
Razor is quite good, too. Also Pyzor, though it requires much more
resources.
See, my friend who works at a hosting company didn't find Razor to be
much improvement. Perhaps he misconfigured it or smth?
On Thu, 2008-12-11 at 16:01 +0100, Karsten Bräckelmann wrote:
On Thu, 2008-12-11 at 15:13 +0100, Marcin Krol wrote:
Forgot to add...
No, I just waited until default 200 hams and 200 spams kicked it in. As
I mentioned elsewhere, I get a weird effect of correct positives, but
relatively
On 11.12.08 15:47, Mark Martinec wrote:
Quality of bayes auto-learning improves if you let all your mail
pass through SpamAssassin:
- outbound mail is often a high-quality source of ham
for autolearning;
But when one of your users starts spamming (trojan or wtf), you have problem
and can
Matus UHLAR - fantomas wrote:
- blocking at MTA by RBL or other techniques (such as graylisting)
is efficient and effective, but deprives SpamAssassin of spam samples,
so if your resources permit, it is better to let SpamAssassin deal
with all RBLs.
I don't think so. We get enough of
Karsten Bräckelmann wrote:
Do train false negatives. It does help Bayes, if you train FN according
to Bayes, that is spam that has been caught, but got a low, ham-ish
Bayes score.
It seems that I need to brush up on specifics of SA Bayes; so far I have
used only DSPAM from among statistical
y
Reply-To: users@spamassassin.apache.org
Karsten Bräckelmann wrote on Thu, 11 Dec 2008 12:48:34 +0100:
Hmm, mine doesn't. :)
My package says gnupg-1.4.5-13.
Instead that option's desc starts with List all
keys from the public keyrings, or just the keys given on the command
line.
Yeah,
support [EMAIL PROTECTED] 12/11/08 2:52 AM
Prempting some responses:
What about external remote workers?
What about those who email stuff to themselves?
I hear this kind of thing all the time when people moan about spoofing.
On Wed, 2008-12-10 at 12:19 -0500, Kevin Parris wrote:
You do not
At 22:19 10-12-2008, LuKreme wrote:
I ssh to the server and then I sudo su (so I am sure I have discarded
my own login environment, I do not normally do this)
mail# gpg --list-keys /etc/mail/spamassassin/sa-update-keys/pubring.gpg
gpg: error reading key: No public key
gpg --no-default-keyring
Mouss wrote on Wed, 10 Dec 2008 10:34:21 +0100:
90_2tld.cf.sare.sa-update.dostech.net
Thanks, for the tip, I wasn't aware of it. As I understand it helps URIBL
to score on subdomains that it otherwise wouldn't check at all?
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive
RobertH wrote on Wed, 10 Dec 2008 17:49:28 -0800:
what ones did you keep? if you recall, any particular reason why?
Hm, I checked and it seems I was wrong, partly. I still have them in the
channels.txt for my sa-update. I removed them on some other machines
partly because of memory
On Thu, 11 Dec 2008, Karsten Br�ckelmann wrote:
I still recommend initial training, to give Bayes a good kick-start.
Initial _manual_ training.
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
[EMAIL PROTECTED]FALaholic #11174 pgpk -a [EMAIL PROTECTED]
key:
On Thu, 2008-12-11 at 16:28 +0100, Marcin Krol wrote:
Karsten Bräckelmann wrote:
Do train false negatives. It does help Bayes, if you train FN according
to Bayes, that is spam that has been caught, but got a low, ham-ish
Bayes score.
It seems that I need to brush up on specifics of SA
On Thu, 2008-12-11 at 08:18 -0800, John Hardin wrote:
On Thu, 11 Dec 2008, Karsten Bräckelmann wrote:
I still recommend initial training, to give Bayes a good kick-start.
Initial _manual_ training.
Err... Yes! :)
--
char *t=[EMAIL PROTECTED];
main(){ char
On Thu, 11 Dec 2008, Karsten Br�ckelmann wrote:
On Thu, 2008-12-11 at 08:18 -0800, John Hardin wrote:
On Thu, 11 Dec 2008, Karsten Bräckelmann wrote:
I still recommend initial training, to give Bayes a good kick-start.
Initial _manual_ training.
Err... Yes! :)
The reason I stressed
On Thu, 2008-12-11 at 08:28 -0800, John Hardin wrote:
On Thu, 11 Dec 2008, Karsten Bräckelmann wrote:
I still recommend initial training, to give Bayes a good kick-start.
Initial _manual_ training.
Err... Yes! :)
The reason I stressed that is it sounds like the OP turned on
On Thu, 2008-12-11 at 15:19 +0100, Marcin Krol wrote:
Ned Slider wrote:
Yes, additional DNSBLs such as psbl and uceprotect can be integrated
into SA
Well, isn't it better to use them before SA, provided your MTA does have
this feature (I recommend Exim to everyone)?
No -- unless you
Ned Slider wrote:
Yes, additional DNSBLs such as psbl and uceprotect can be integrated
into SA
On Thu, 2008-12-11 at 15:19 +0100, Marcin Krol wrote:
Well, isn't it better to use them before SA, provided your MTA does have
this feature (I recommend Exim to everyone)?
On 11.12.08
Hi all,
I have a problem with getting spamassassin to find the razor-agent.conf
When running spamassassin -D testmail.txt it says:
.
.
.
[22640] warn: razor2: razor2 check failed: No such file or directory razor2:
Can't read conf file: = /etc/razor/razor-agent.conf at
On Thu, Dec 11, 2008 at 05:33:36PM +, Johan Borch wrote:
[22640] warn: razor2: razor2 check failed: No such file or directory razor2:
Can't read conf file: = /etc/razor/razor-agent.conf at
/usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Plugin/Razor2.pm line 326.
Do you have a
Karsten Bräckelmann wrote:
On Thu, 2008-12-11 at 15:19 +0100, Marcin Krol wrote:
Ned Slider wrote:
Yes, additional DNSBLs such as psbl and uceprotect can be integrated
into SA
Well, isn't it better to use them before SA, provided your MTA does have
this feature (I recommend Exim to
LuKreme wrote:
On 10-Dec-2008, at 16:01, mouss wrote:
so 5 is a little too high.
Ah, gotcha. I am scoring whitelist at -5 though, so a 5 still puts them
at 0. Without other spam tags, they should still pass, no?
whitelist_from_dkim and related rules (whitelist_from_spf,
Marcin Krol wrote:
Matus UHLAR - fantomas wrote:
- blocking at MTA by RBL or other techniques (such as graylisting)
is efficient and effective, but deprives SpamAssassin of spam samples,
so if your resources permit, it is better to let SpamAssassin deal
with all RBLs.
I don't think so.
Ned Slider a écrit :
Genuine spam traps are great for bayes training as they should contain a
representative sample of spam your users will be seeing plus you know
they only contain spam so you don't need to check the contents before
feeding them to bayes to learn :)
you must be careful
On Thu, Dec 11, 2008 at 05:57:10PM +, Ned Slider wrote:
Genuine spam traps are great for bayes training as they should contain a
representative sample of spam your users will be seeing plus you know
they only contain spam so you don't need to check the contents before
feeding them
I have this in local.cf in qmail.here.net's /etc/mail/spamassassin dir
whitelist_from_rcvd joe.sm...@here.com qtdenexmbm24.AD.HERE.COM
But email from that address still tagged as spam. What am I doing wrong?
Return-Path: joe.sm...@here.com
Received: (qmail 10789 invoked by uid
Asif Iqbal a écrit :
I have this in local.cf in qmail.here.net's /etc/mail/spamassassin dir
whitelist_from_rcvd joe.sm...@here.com qtdenexmbm24.AD.HERE.COM
But email from that address still tagged as spam. What am I doing wrong?
you should run the message through spamassassin
Johan Borch a écrit :
Hi all,
I have a problem with getting spamassassin to find the razor-agent.conf
When running spamassassin -D testmail.txt it says:
.
.
.
[22640] warn: razor2: razor2 check failed: No such file or directory razor2:
Can't read conf file: =
From: mouss mo...@netoyen.net
Date: Thu, 11 Dec 2008 19:55:44 +0100
Asif Iqbal a écrit :
I have this in local.cf in qmail.here.net's /etc/mail/spamassassin dir
whitelist_from_rcvd joe.sm...@here.com qtdenexmbm24.AD.HERE.COM
But email from that address
On Thu, Dec 11, 2008 at 2:09 PM, Jeff Mincy j...@delphioutpost.com wrote:
From: mouss mo...@netoyen.net
Date: Thu, 11 Dec 2008 19:55:44 +0100
Asif Iqbal a écrit :
I have this in local.cf in qmail.here.net's /etc/mail/spamassassin dir
whitelist_from_rcvd
On Thu, 2008-12-11 at 18:36 +0100, Matus UHLAR - fantomas wrote:
Ned Slider wrote:
Yes, additional DNSBLs such as psbl and uceprotect can be integrated
into SA
On Thu, 2008-12-11 at 15:19 +0100, Marcin Krol wrote:
Well, isn't it better to use them before SA, provided your MTA
On 11-Dec-2008, at 07:39, Bowie Bailey wrote:
LuKreme wrote:
On 10-Dec-2008, at 20:36, SM wrote:
it's a hexadecimal number which identifies the key.
And the source of that number is, evidently, a complete mystery.
That's my point. I've seen lots of instructions like this:
# wget
On 11-Dec-2008, at 10:48, Kelson wrote:
LuKreme wrote:
On 10-Dec-2008, at 16:01, mouss wrote:
so 5 is a little too high.
Ah, gotcha. I am scoring whitelist at -5 though, so a 5 still puts
them at 0. Without other spam tags, they should still pass, no?
whitelist_from_dkim and related
On 10-Dec-2008, at 02:41, hofmae wrote:
I think the main problem is that there is one of our adressess in the
return-path. Thats wrong i think, because the spammer sends a
spammail with
one of our adressess in the return-path. The actualy spammail we
don't get
to see...
I think the main
LuKreme wrote:
On 11-Dec-2008, at 07:39, Bowie Bailey wrote:
It's almost like Just download this key file and you'll be fine.
Don't worry about where it came from, just put it in your keyring.
Not at all, I KNOW where the gpg.key came from, because I downloaded
it. And it came from
Mark Martinec schrieb:
or construct custom rules to whitelist (=add negative score points)
based on some other specific chraracteristic of mail to be passed.
Your own (your companys) street address, phone number, or some hopefully
unique token which you typically add in footers of outgoing
Dirk Bonengel wrote:
it hangs my SA 3.2.4 setup on waiting for a reply from
ctyme.ixhash.net .
The strange thing is that it consumes a lot of CPU while hanging... Some
problem in the ctyme.ixhash.net side? Anybody is experiencing the same?
I see the same problem: SA hanging with CPU to 100%
Asif Iqbal a écrit :
I have this in local.cf in qmail.here.net's /etc/mail/spamassassin
dir
whitelist_from_rcvd joe.sm...@here.com
qtdenexmbm24.AD.HERE.COM
But email from that address still tagged as spam. What am I doing
wrong?
On 11.12.08
On Thu, 2008-12-11 at 13:32 -0700, LuKreme wrote:
It's almost like Just download this key file and you'll be fine. Don't
worry about where it came from, just put it in your keyring.
Not at all, I KNOW where the gpg.key came from, because I downloaded
it. And it came from the same
On Thu, 2008-12-11 at 22:29 +0100, Karsten Bräckelmann wrote:
On Thu, 2008-12-11 at 13:32 -0700, LuKreme wrote:
Not at all, I KNOW where the gpg.key came from, because I downloaded
it. And it came from the same server as the rules are coming.
The KeyID is coming from who knows where.
Matthias Leisi wrote on Thu, 11 Dec 2008 22:05:34 +0100:
(and
are thus likely to be quoted in reply emails)
correctly working email programs leave the signature out from quoting
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
On 11-Dec-2008, at 14:29, Karsten Bräckelmann wrote:
...or read the documentation.
I read a hell of a lot of stuff about all this, and have been running
SA since 2.mumble If you are a plug-n-play sysadmin, then no
problem. If you are already well-versed in the vagaries of gpg, then
Asif Iqbal wrote:
On Thu, Dec 11, 2008 at 2:09 PM, Jeff Mincy j...@delphioutpost.com wrote:
From: mouss mo...@netoyen.net
Date: Thu, 11 Dec 2008 19:55:44 +0100
Asif Iqbal a écrit :
I have this in local.cf in qmail.here.net's /etc/mail/spamassassin dir
On 11-Dec-2008, at 11:51, Asif Iqbal wrote:
whitelist_from_rcvd joe.sm...@here.com
qtdenexmbm24.AD.HERE.COM
Really here.com? The here.com that is registered to Network
Solutions? Or are you making up domain names?
Use example.com or whateveryouwant.tld so we know you are
On Thu, Dec 11, 2008 at 8:09 PM, LuKreme krem...@kreme.com wrote:
On 11-Dec-2008, at 11:51, Asif Iqbal wrote:
whitelist_from_rcvd joe.sm...@here.com qtdenexmbm24.AD.HERE.COM
Really here.com? The here.com that is registered to Network Solutions? Or
are you making up domain names?
On Thu, Dec 11, 2008 at 7:48 PM, Matt Kettler mkettler...@verizon.net wrote:
Asif Iqbal wrote:
On Thu, Dec 11, 2008 at 2:09 PM, Jeff Mincy j...@delphioutpost.com wrote:
From: mouss mo...@netoyen.net
Date: Thu, 11 Dec 2008 19:55:44 +0100
Asif Iqbal a écrit :
I have this in local.cf
61 matches
Mail list logo