Dave Walker davewal...@ubuntu.com writes:
Micah Anderson wrote:
I got a phish message that was understood by bayes as:
-2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1%
[score: 0.]
So I traiend with spamc -L spam but even after that I am
On 30.04.09 14:24, Charles Gregory wrote:
Proposal: Personal SPF - A DNS-based lookup system to allow individual
sender's of e-mail to publish a *personal* SPF record within the context
of their domain's SPF records, that would identify an IP or range of IP's
which they would be 'stating'
On Montag 04 Mai 2009 Raymond Dijkxhoorn wrote:
So what's next? There's a known big bug where several Valium rules
misfire at german messages. Should I open another bug?
I found bugs 6060 and 6086 reporting it, both are NEW. I've
commented both of them now, hope we get a quick
yep, it's certainly useful -- even if the fix is just to include the
FP messages in a mass-checked
corpus for the next time FRT_VALIUM1's score is calculated, ensuring
that it'll get a lower
score.
--j.
On Mon, May 4, 2009 at 10:19, Michael Monnerie
michael.monne...@is.it-management.at wrote:
Micah Anderson wrote:
Also, to see how experienced your Bayes knowledge is - use $ sa-leanrn
--dump magic
This shows me that I have no idea what these magic things are :) Does
this tell you anything useful?
0.000 0 3 0 non-token data: bayes db version
0.000
On Mon, 4 May 2009, John Hardin wrote:
Try wiping his AWL entry.
We can do that? What tool would I use?
- Charles
Matus UHLAR - fantomas wrote:
I think that scanning for viruses is much faster and should be done
first, preferrably oustide of SA.
Are you suggesting that ClamAV is faster by an order of magnitude that
exceeds the massively high ratio of non-virus spam to non-spam
viruses? It's simple math:
On 30.04.09 14:24, Charles Gregory wrote:
Proposal: Personal SPF - A DNS-based lookup system to allow individual
sender's of e-mail to publish a *personal* SPF record within the context
of their domain's SPF records, that would identify an IP or range of IP's
which they would be 'stating' are
Matus UHLAR - fantomas wrote:
I think that scanning for viruses is much faster and should be done
first, preferrably oustide of SA.
On 04.05.09 11:05, Adam Katz wrote:
Are you suggesting that ClamAV is faster by an order of magnitude that
exceeds the massively high ratio of non-virus spam
Brent Kennedy wrote:
I use ClamAV and SA too. My understanding is that you do not want to
continue processing an email if it is already seen as a virus(saves
processing time by the spam server). Keep in mind that some users
also have their AV on another box. I also use the short
On Mon, 4 May 2009, Matus UHLAR - fantomas wrote:
On 30.04.09 14:24, Charles Gregory wrote:
Proposal: Personal SPF - A DNS-based lookup system to allow individual
sender's of e-mail to publish a *personal* SPF record within the context
of their domain's SPF records, that would identify an IP or
On Mon, May 04, 2009 at 10:41:44AM -0400, Jeff Mincy wrote:
Feeding virus email into SpamAssassin Bayes seems like a bad idea to
me. The bayes tokens aren't going to be all that useful for catching
non virus spam.
buzzer
What happens when you receive a virus that isn't detected by any
From: Adam Katz antis...@khopis.com
Date: Sun, 03 May 2009 18:47:21 -0400
I am under the impression that virus checking is *not* that much easier
than a fully-loaded SA implementation, so therefore spam detection
should run first. Counter-point: online lookups cost bandwidth and
On Mon, 4 May 2009, Matus UHLAR - fantomas wrote:
OUR mail server *requires* that a user be connected via our dialups.
what do you mean? Users connected by your dialups can only be connected to
your mail server?
Yes, but also that the user must be connected to our dialup to gain
'relay'
On Mon, 2009-05-04 at 10:44 -0400, Charles Gregory wrote:
On Mon, 4 May 2009, John Hardin wrote:
Try wiping his AWL entry.
We can do that? What tool would I use?
man spamassassin-run
See the spamassassin options with whitelist in the name, particularly
--remove-addr-from-whitelist.
--
On Sun, 3 May 2009 20:48:47 +0200
Magnus Holmgren holmg...@lysator.liu.se wrote:
On onsdagen den 25 mars 2009, Bowie Bailey wrote:
BAYES_50 means Bayes has no opinion, the score for that should be 0.
I've set the score for BAYES_50 to 0.7 (I could probably increase
that) because in
On Sun, 3 May 2009, Jodizzz wrote:
...the longest email subject _evar_!
SA:SPAM-DELETE:RC:0(xxx.xx.xxx.xxx):SA:1(1528.3/5.5)
1528 is a ... rather large ... rather large SA score.
Did that user send a GTUBE to someone and AWL is now trying to average
everything he sends up to that score?
On Fri, May 1, 2009 at 3:37 PM, Adam Katz antis...@khopis.com wrote:
Can you determine how many of those were out-of-office messages? Then
again, even at just two, if you can stop such compromises, it's worth
it (and then some).
The replies I was talking about was, sadly, manually filtered to
On Mon, 4 May 2009, Karsten Bräckelmann wrote:
We can do that? What tool would I use?
See the spamassassin options with whitelist in the name, particularly
--remove-addr-from-whitelist.
Okay, maybe I'm misunderstanding. I was under the impression that
spamassassin had TWO 'whitelists'. One
You're wrong (but you're close). :)
You can configure your own whitelist_from_* and blacklist_from_* (or
the other whitelist/blacklist commands) in your user_prefs/configs.
Either you have the config or you don't, and the scores are for the
rule not each sender, so in that sense, it's permanent.
On Mon, 2009-05-04 at 12:16 -0400, Charles Gregory wrote:
On Mon, 4 May 2009, Karsten Bräckelmann wrote:
The original statement which you snippet is important, since the
question was how to do exactly that -- manipulating the AWL.
Try wiping his AWL entry.
We can do that? What tool would
I wrote:
I'd still rather block the offending message than intercept responses
to it (as that means it has suckered users, which means it has wasted
their time). I see APER as a possible aid in that pursuit, though as
Jesse has mentioned, it is not fully reliable (as to be determined).
On Mon, 2009-05-04 at 17:12 +0100, RW wrote:
On Sun, 3 May 2009 20:48:47 +0200 Magnus Holmgren wrote:
On onsdagen den 25 mars 2009, Bowie Bailey wrote:
BAYES_50 means Bayes has no opinion, the score for that should be 0.
I've set the score for BAYES_50 to 0.7 (I could probably
Theo Van Dinter wrote:
Then there's the AWL, aka the historical score averager, which has
some commands via spamassassin to do simple manipulation, usually to
correct undesired entries. The score changes per message, typically.
Any movement to rename AWL and thus to avoid explaining it so
Thanks for the replies. All is now clear. Though I would (politely)
request this be clarified in the entries in the docs. Thanks!
- Charles
On Mon, 4 May 2009, Karsten Bräckelmann wrote:
On Mon, 2009-05-04 at 12:16 -0400, Charles Gregory wrote:
On Mon, 4 May 2009, Karsten Bräckelmann wrote:
On Montag 04 Mai 2009 Justin Mason wrote:
yep, it's certainly useful -- even if the fix is just to include
the FP messages in a mass-checked
corpus for the next time FRT_VALIUM1's score is calculated, ensuring
that it'll get a lower
score.
It's in my mass corpus already, but I wonder if it's
Dear all, I use Postfix (version 2.3.8-2+etch1) + amavisd-new (version
2.4.2-6.1) + spamassassin (version 3.2.3-0.volatile1), and they are Debian
Etch packages.
Spamassassin is invoked from amavisd-new, so port TCP/783 is never open.
A pair of days ago, I notice that the messages are not being
Hallo!
I run a mail server for exampleALPHA.tld, and that same box also
happens to run as a 'tertiary' DNS server for exampleBETA.tld
There is no direct relationship between alpha and beta, other than that
our two organizations made an arrangement to act as fallback DNS for
each other. We do
On Mon, 4 May 2009, Michael Monnerie wrote:
On Montag 04 Mai 2009 Justin Mason wrote:
yep, it's certainly useful -- even if the fix is just to include
the FP messages in a mass-checked
corpus for the next time FRT_VALIUM1's score is calculated, ensuring
that it'll get a lower
score.
It's in
Charles Gregory wrote:
Proposal: Personal SPF - A DNS-based lookup system to allow individual
sender's of e-mail to publish a *personal* SPF record within the context
of their domain's SPF records, that would identify an IP or range of
IP's which they would be 'stating' are the only possible
On Mon, 2009-05-04 at 15:57 -0300, Alejandro Cabrera Obed wrote:
Dear all, I use Postfix (version 2.3.8-2+etch1) + amavisd-new (version
2.4.2-6.1) + spamassassin (version 3.2.3-0.volatile1), and they are
Debian Etch packages.
Spamassassin is invoked from amavisd-new, so port TCP/783 is never
I haven't looked at the rules at all (yet)...
On Mon, May 4, 2009 at 20:00, John Hardin jhar...@impsec.org wrote:
On Mon, 4 May 2009, Michael Monnerie wrote:
On Montag 04 Mai 2009 Justin Mason wrote:
yep, it's certainly useful -- even if the fix is just to include
the FP messages in a
2009/5/4 Karsten Bräckelmann guent...@rudersport.de:
Bear in mind that an email that gets a Bayes score of more than one
point can't be autolearned as ham.
Nope, this is wrong.
The Bayes rules (as well as some other rules) do NOT have any impact on
the auto-learning. In fact, the
I think usually when renaming it comes up, people just start talking
about the stuff it should or could be doing, and that branches into a
write a more fully featured plugin conversation, which then doesn't
go anywhere. :(
The AWL has also been around for so long that renaming it would
probably
If you're using amavis, what is calling spamc? It sounds like
something changed your config somewhere. Did someone put in a
procmailrc entry?
On Mon, May 4, 2009 at 2:57 PM, Alejandro Cabrera Obed
aco1...@gmail.com wrote:
Dear all, I use Postfix (version 2.3.8-2+etch1) + amavisd-new (version
On Mon, 2009-05-04 at 15:49 -0400, Theo Van Dinter wrote:
2009/5/4 Karsten Bräckelmann guent...@rudersport.de:
Bear in mind that an email that gets a Bayes score of more than one
point can't be autolearned as ham.
Nope, this is wrong.
The Bayes rules (as well as some other rules)
Adam Katz a écrit :
procmail-3.22-17.1
replace procmail with dovecot sieve, and use sieve rules pr user
Don't be so quick to implement that ... I've found sieve to be horribly
limiting in comparison to procmail, and LuKreme's option looks more
easily implemented than the sieve
On Mon, 4 May 2009, Jonas Eckerman wrote:
Why do you think it would be easier to get those of your users that send
through other servers to publish a personal SPF record with correct
information about the external IP address of the outgoing relay they use than
it would be to get then to use
Henrik K a écrit :
On Sun, May 03, 2009 at 06:25:01PM +0200, mouss wrote:
I can't use a dnsbl on recipient addresses in postfix. This requires
additionnal code (exceptionally if the records are hashed...). MySQL on
the other hand is supported by many daemons. Sure, SA would need a mysql
On Mon, 04 May 2009 22:38:00 +0200
Karsten Bräckelmann guent...@rudersport.de wrote:
According to that description and bug 2865 comment 3, the word
strongly seems to be key here. Not checked the code, but comment 3
pretty much translates to an additional constraint, that the real
result (using
2009/5/4 Karsten Bräckelmann guent...@rudersport.de:
via https://issues.apache.org/SpamAssassin/show_bug.cgi?id=2865. In
No commit pointer. I'm lazy, Theo, any hints to the actual commit so I
don't have to dig? :)
Sure. I found it by a) looking at the code and validating my
understanding,
Hallo!
I run a mail server for exampleALPHA.tld, and that same box also
happens to run as a 'tertiary' DNS server for exampleBETA.tld
There is no direct relationship between alpha and beta, other than that
our two organizations made an arrangement to act as fallback DNS for
each other. We
On 4-May-2009, at 09:40, Charles Gregory wrote:
Yes, but also that the user must be connected to our dialup to gain
'relay' access to our mail server. If someone, even one of our legit
users, is on a DSL connection, then they *cannot* send mail through
our server. They must use the server
Michael Scheidell wrote:
No, actually, 'exampleBETA.tld' is invalid.
(hint: without real domain names, no one can help you)
It could be any number of things.. Is 'exmapleBETA.tld' an a record for the
dns servers? Are the dns servers a records for the mx records?
With the dwindling economy,
On Mon, 4 May 2009, Michael Scheidell wrote:
No, actually, 'exampleBETA.tld' is invalid.
(hint: without real domain names, no one can help you)
I believe my descriptions are sufficiently precise that knowing the actual
domain names is irrelevant. However, you may substitute 'hwcn.org' for
On Mon, 2009-05-04 at 22:09 +0100, RW wrote:
There are two separate tests, the autolearn result must be consistent
with the overall classification, and not inconsistent with the bayes
scoring.
I stand corrected with egg on my face.
Yes, you are perfectly right. Spent a while digging through
On Mon, 2009-05-04 at 17:18 -0400, Theo Van Dinter wrote:
2009/5/4 Karsten Bräckelmann guent...@rudersport.de:
via https://issues.apache.org/SpamAssassin/show_bug.cgi?id=2865. In
No commit pointer. I'm lazy, Theo, any hints to the actual commit so I
don't have to dig? :)
Sure. I
Hello John,
sorry for the late answer, have not checked this mailfolder
Am 2009-05-02 20:46:32, schrieb John Hardin:
On Sun, 3 May 2009, Michelle Konzack wrote:
* B ?? ^Content-Type: image/(png|pjpeg|gif)
Adam, have you seen any pjpeg or gif attachments in your spams?
Michelle, are
On Mon, 2009-05-04 at 02:02 -0400, Micah Anderson wrote:
Dave Walker davewal...@ubuntu.com writes:
Micah Anderson wrote:
I got a phish message that was understood by bayes as:
-2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1%
[score:
On Mon, May 04, 2009 at 10:51:14PM +0200, mouss wrote:
That said, I am surprised because you defended the fact that the
freemail plugin includes the list of freemail domains...
Think about it. Maybe few thousand freemail domains, that hardly change. Why
would that require realtime updating?
Ok, just did that.
But still problem persists. He is still not able to send out using his email
address.
Weridest thing, he can send if he uses webmail. So I am guessing that he was
not block by AWL?
Karsten Bräckelmann-2 wrote:
On Mon, 2009-05-04 at 10:44 -0400, Charles Gregory wrote:
if people/you are using port 25 for submission, stop that.
since you are using qmail, why dont you just create an login auth only smtpd
service on port 587 for submission and let people hit it to login to relay
emails
make sure that the server does not check and score those emails coming in
52 matches
Mail list logo
