Hi,
I would like automatically learn each users Bayes database in the
following way:
Do the following once a day for each user:
1.) sa-learn -u username --ham ../maildir/cur
2.) sa-learn -u username --spam ../maildir/.Spam/cur
The idea is to train the Bayes for each user without the need to
Am 27.03.2015 um 16:16 schrieb Michael:
I would like automatically learn each users Bayes database in the
following way:
Do the following once a day for each user:
1.) sa-learn -u username --ham ../maildir/cur
2.) sa-learn -u username --spam ../maildir/.Spam/cur
The idea is to train the
On 03/27/2015 08:20 PM, Amir Caspi wrote:
On Mar 27, 2015, at 12:56 PM, Matus UHLAR - fantomas
uh...@fantomas.sk wrote:
I see no network checks here... do you use network checks?
On Mar 27, 2015, at 1:11 PM, Kevin A. McGrail kmcgr...@pccc.com
wrote:
Are you using network tests? These are
On Mar 27, 2015, at 12:56 PM, Matus UHLAR - fantomas uh...@fantomas.sk wrote:
I see no network checks here... do you use network checks?
On Mar 27, 2015, at 1:11 PM, Kevin A. McGrail kmcgr...@pccc.com wrote:
Are you using network tests? These are scoring pretty high for me.
I presume you're
On Mar 27, 2015, at 1:20 PM, Axb axb.li...@gmail.com wrote:
These three samples are very different in the sense that #1 is a hacked
site, #2 #3 are the regular snowshoe.
Of course, I picked three different samples on purpose. But, I have hundreds
that replicate these.
What I miss in your
On Mar 27, 2015, at 1:33 PM, Axb axb.li...@gmail.com wrote:
Are you using Mailscanner? if yes then it's you munging URIS so they breaking
lookups on any hash type as in
Yes, I am using MailScanner. Some URIs are munged, others are not. For
example, you can see in that very pastebin you
On 03/27/2015 08:45 PM, Amir Caspi wrote:
On Mar 27, 2015, at 1:33 PM, Axb axb.li...@gmail.com wrote:
Are you using Mailscanner? if yes then it's you munging URIS so
they breaking lookups on any hash type as in
Yes, I am using MailScanner. Some URIs are munged, others are not.
For example,
On 03/27/2015 07:51 PM, Amir Caspi wrote:
Here are a few spamples:
http://pastebin.com/3nSLurGv (this scored BAYES_99 but would still
have been FN with BAYES_999) http://pastebin.com/LaKT5ZZK (I have a
rule template for these URIs but recent spams have modified them to
cause high risk of FPs
Apologies if this is an overly obvious answer, but are you using any
greylisting? This would (potentially) move your user away from the
wavefront of a spam's distribution, and give it a better chance of
triggering the network-based tests.
On Fri, 27 Mar 2015, Amir Caspi wrote:
This is my whole
On Mar 27, 2015, at 1:38 PM, sha...@shanew.net wrote:
Apologies if this is an overly obvious answer, but are you using any
greylisting? This would (potentially) move your user away from the
wavefront of a spam's distribution, and give it a better chance of
triggering the network-based tests.
On Feb 16, 2015, at 11:47 AM, Kevin A. McGrail kmcgr...@pccc.com wrote:
I'm happy to look at a recent sample and throw it through my system to see
what it hits but overall, I've been seeing the exact opposite.
So, one of my users has been getting dozens (sometimes nearly 100) FNs per DAY
On Mar 27, 2015, at 12:20 PM, Axb axb.li...@gmail.com wrote:
- Please post missed spam samples in pastebin.com - do not post samples to
mailing lists
Of course, I would never post it to the list. I will put up a few in pastebin
but there are so many of them, and there are a few different
On 27.03.15 15:16, Michael wrote:
I would like automatically learn each users Bayes database in the
following way:
Do the following once a day for each user:
1.) sa-learn -u username --ham ../maildir/cur
2.) sa-learn -u username --spam ../maildir/.Spam/cur
What do you think about this
On 27.03.2015 19:09, RW wrote:
On Fri, 27 Mar 2015 15:16:13 +
Michael wrote:
Hi,
I would like automatically learn each users Bayes database in the
following way:
Do the following once a day for each user:
1.) sa-learn -u username --ham ../maildir/cur
2.) sa-learn -u username
On 27.03.2015 19:54, Matus UHLAR - fantomas wrote:
On 27.03.15 15:16, Michael wrote:
I would like automatically learn each users Bayes database in the
following way:
Do the following once a day for each user:
1.) sa-learn -u username --ham ../maildir/cur
2.) sa-learn -u username --spam
Am 27.03.2015 um 19:13 schrieb Amir Caspi:
On Feb 16, 2015, at 11:47 AM, Kevin A. McGrail kmcgr...@pccc.com wrote:
I'm happy to look at a recent sample and throw it through my system to see what
it hits but overall, I've been seeing the exact opposite.
So, one of my users has been getting
On 27.03.15 12:51, Amir Caspi wrote:
Here are a few spamples:
http://pastebin.com/3nSLurGv (this scored BAYES_99 but would still have been
FN with BAYES_999)
http://pastebin.com/LaKT5ZZK (I have a rule template for these URIs but recent
spams have modified them to cause high risk of FPs for
On 27.03.2015 16:21, Reindl Harald wrote:
Am 27.03.2015 um 16:16 schrieb Michael:
I would like automatically learn each users Bayes database in the
following way:
Do the following once a day for each user:
1.) sa-learn -u username --ham ../maildir/cur
2.) sa-learn -u username --spam
On Fri, 27 Mar 2015 15:16:13 +
Michael wrote:
Hi,
I would like automatically learn each users Bayes database in the
following way:
Do the following once a day for each user:
1.) sa-learn -u username --ham ../maildir/cur
2.) sa-learn -u username --spam ../maildir/.Spam/cur
The
On 03/27/2015 07:13 PM, Amir Caspi wrote:
On Feb 16, 2015, at 11:47 AM, Kevin A. McGrail kmcgr...@pccc.com
wrote:
I'm happy to look at a recent sample and throw it through my system
to see what it hits but overall, I've been seeing the exact
opposite.
So, one of my users has been getting
On Fri, 27 Mar 2015 12:13:30 -0600
Amir Caspi wrote:
On Feb 16, 2015, at 11:47 AM, Kevin A. McGrail kmcgr...@pccc.com
wrote:
I'm happy to look at a recent sample and throw it through my system
to see what it hits but overall, I've been seeing the exact
opposite.
So, one of my users
On Mar 27, 2015, at 12:22 PM, Reindl Harald h.rei...@thelounge.net wrote:
we have currently 577 different subjects and subject-parts scored , i don't
want to publish them because i'd like the spammers don't change to new ones
:-)
Sadly, that doesn't help me. I don't have time to compile
On 3/27/2015 2:51 PM, Amir Caspi wrote:
On Mar 27, 2015, at 12:20 PM, Axb axb.li...@gmail.com wrote:
- Please post missed spam samples in pastebin.com - do not post samples to
mailing lists
Of course, I would never post it to the list. I will put up a few in pastebin
but there are so many
On 27.03.2015 19:54, Matus UHLAR - fantomas wrote:
the easiest way is to train on false positives and false negatives.
dovecot imapd has plugin to train when mail is moved from/to spam.
On 27.03.15 20:10, Michael wrote:
My concerns are the following:
Sometimes new kind of spam is appearing.
On Fri, 27 Mar 2015, Amir Caspi wrote:
On Mar 27, 2015, at 12:56 PM, Matus UHLAR - fantomas uh...@fantomas.sk wrote:
I see no network checks here... do you use network checks?
On Mar 27, 2015, at 1:11 PM, Kevin A. McGrail kmcgr...@pccc.com wrote:
Are you using network tests? These are
On Fri, 27 Mar 2015, Amir Caspi wrote:
On Mar 27, 2015, at 1:38 PM, sha...@shanew.net wrote:
Apologies if this is an overly obvious answer, but are you using any
greylisting? This would (potentially) move your user away from the
wavefront of a spam's distribution, and give it a better chance
On Fri, 27 Mar 2015 20:03:18 +0100
Michael wrote:
On 27.03.2015 19:09, RW wrote:
On Fri, 27 Mar 2015 15:16:13 +
cur doesn't imply that the mail has been read; for that you
need to check the seen flag in the filename, an S somewhere after
the colon.
Yes, that's true. But if I'm
Hi,
Yes, that's true. But if I'm right, new mails stay in new until the
appropriate folder in the IMAP client has been opened, right? I just
assume, if the use has some false negatives in the folder, he will
either immediately delete it or just move it into the Spam folder.
People can have
On 03/27/2015 11:51 AM, Amir Caspi wrote:
On Mar 27, 2015, at 12:20 PM, Axb axb.li...@gmail.com wrote:
- Please post missed spam samples in pastebin.com - do not post samples to
mailing lists
Of course, I would never post it to the list. I will put up a few in
pastebin but there are so
On Mar 27, 2015, at 2:09 PM, Axb axb.li...@gmail.com wrote:
As an AV product I'd recommend Sophos AND ESETS/Nod32.
I'll look into Sophos, I'm not entirely sure if I can deploy it on my system or
not. We have to use RPMs that can be distributed to the virtual hosts, etc...
I'll definitely
On Mar 27, 2015, at 3:34 PM, Richard Doyle lists...@islandnetworks.com wrote:
All of these were From: domains created today.
Shouldn't they have been picked up by DOB? Or do I need to manually enable
some DOB plugin in SA? (If so, please let me know how...) When I ran the third
spample
On 03/27/2015 11:44 PM, Amir Caspi wrote:
On Mar 27, 2015, at 3:34 PM, Richard Doyle
lists...@islandnetworks.com wrote:
All of these were From: domains created today.
Shouldn't they have been picked up by DOB? Or do I need to manually
enable some DOB plugin in SA? (If so, please let me know
On Mar 27, 2015, at 5:12 PM, Axb axb.li...@gmail.com wrote:
DOB isn't realtime/zero hour.
That kind of defeats the point, isn't it? I mean, if you wait too long, it's
no longer DOB, it's few-DOB...
I would have imagined that a DOB server would operate in a caching mode where
the first query
On 03/27/2015 03:44 PM, Amir Caspi wrote:
On Mar 27, 2015, at 3:34 PM, Richard Doyle lists...@islandnetworks.com
wrote:
All of these were From: domains created today.
Shouldn't they have been picked up by DOB? Or do I need to manually enable
some DOB plugin in SA? (If so, please let me
On Fri, 27 Mar 2015 17:40:58 -0600
Amir Caspi wrote:
On Mar 27, 2015, at 5:12 PM, Axb axb.li...@gmail.com wrote:
DOB isn't realtime/zero hour.
That kind of defeats the point, isn't it? I mean, if you wait too
long, it's no longer DOB, it's few-DOB...
I think it's 5 days, and the
On 03/28/2015 12:40 AM, Amir Caspi wrote:
On Mar 27, 2015, at 5:12 PM, Axb axb.li...@gmail.com wrote:
DOB isn't realtime/zero hour.
That kind of defeats the point, isn't it? I mean, if you wait too
long, it's no longer DOB, it's few-DOB...
I would have imagined that a DOB server would
From: Amir Caspi ceph...@3phase.com
Sent: Friday, March 27, 2015 7:30 PM
To: RW
Cc: users@spamassassin.apache.org
Subject: Re: Uptick in spam
On Mar 27, 2015, at 6:19 PM, RW rwmailli...@googlemail.com wrote:
There are deep checks for SBL (via zen) and SPAMCOP. XBL/PBL are
last-external only
You also may want to look at the Invaluement IP/URI lists.
(Invaluement.com). Detection rate is real good and FP level is
extraordinary.
+1. Very happy with invaluement at $DAYJOB.
--
Dave Pooser
Cat-Herder-in-Chief, Pooserville.com
On Mar 27, 2015, at 6:19 PM, RW rwmailli...@googlemail.com wrote:
There are deep checks for SBL (via zen) and SPAMCOP. XBL/PBL are
last-external only
Interesting. I wonder why I see those XBL/PBL hits, then. Maybe Zen timed out
on those queries from sendmail... or something. Either way I
David Jones skrev den 2015-03-28 03:13:
I have Spamhaus in
front of invaluement in
my postfix configuration but I may try flipping the order just to see
if it will start blocking more
than Spamhaus.
with postfix posttscreen one can test all ips on all rbls in same single
smtpd client check,
Dear list,
i have a system with SpamAssassin 3.4.0 installed. I have installed the
rules provided in Downloads link.
http://apache.bytenet.in//spamassassin/source/Mail-SpamAssassin
-rules-3.4.0.r1565117.tgz
the system is not connected to internet. I need to download the rules
(new) from a
On 3/27/2015 10:13 PM, David Jones wrote:
The invaluement RBL is not expensive either and it is awesome. We pay
thousands per year for
a Spamhaus feed because of our volume and mailboxes. The invaluement RBL is
only hundreds
per year and it's almost as good as Spamhaus Zen. I have Spamhaus
42 matches
Mail list logo
