using pyzor -> no suckage. I'm
not sure it's directly caused by pyzor, either, but I think it's
pretty clearly related in some way. I'd be interested to hear how
a problem like this could be related to _any_ MTA; Postfix doesn't
know or care what pyzor does.
Chris
Pyzor, and would like to be able to
run it. Thoughts?
Chris St. Pierre
Unix Systems Administrator
Nebraska Wesleyan University
On Fri, 13 Jun 2008, Chris St. Pierre wrote:
On Fri, 13 Jun 2008, Matus UHLAR - fantomas wrote:
How do you use spamassassin, from procmail/maildrop? milter?
I ca
}
Chris St. Pierre
Unix Systems Administrator
Nebraska Wesleyan University
For what it's worth, this appears to be happening on _every_ message
that comes through. In other words, no spam at all is getting tagged,
and we're running on RBLs, etc., alone. So I'd appreciate any and all
suggestions. :)
Thanks.
Chris St. Pierre
Unix Systems Adminis
299]: spamd: setuid to spamd succeeded
Jun 12 08:04:08 vostok spamd[1299]: spamd: processing message <[EMAIL
PROTECTED]> for spamd:402
Any other ideas? Thanks!
Chris St. Pierre
Unix Systems Administrator
Nebraska Wesleyan University
do naive word matching (and why you
shouldn't, either).
Chris St. Pierre
Unix Systems Administrator
Nebraska Wesleyan University
sults from that. Thanks for any help.
Bad idea. My name can be easily and legitimately displayed in dozens
of different ways, without even considering typos:
Chris St. Pierre
Chris St Pierre
Chris St-Pierre
Chris Saint Pierre
Chris Saint-Pierre
Christopher St. Pierre
...
Christopher A. St. P
on as each user individually?
Manual expiration was recommended to me a long time ago as a way to
increase database performance, but it seems like it may not be worth
it if I have to run N forced expirations, for potentially large values
of N.
Thanks for your help.
Chris St. Pierre
Un
completely dumping the database?)
Thanks!
Chris St. Pierre
Unix Systems Administrator
Nebraska Wesleyan University
for help. You might try, I dunno, a SpamControl
list.
Chris St. Pierre
Unix Systems Administrator
Nebraska Wesleyan University
than one MX. Using a MySQL backend for Bayes and AWL
lets me share that data between our MXes.
Chris St. Pierre
Unix Systems Administrator
Nebraska Wesleyan University
y needs a 1-2Mb file
per user.
I think users would be just as adept at poisoning such a split
database as they would be at poisoning a unified, site-wide database.
In any reasonably diverse user base, what my fellow user thinks is
spam should not affect what I get in my mailbox.
Chris St. Pierre
Unix Systems Administrator
Nebraska Wesleyan University
sting to have a
test that checks the "user name-email address" pairs according to some
settings?
That's an interesting idea, but it
a) is probably going to be quite resource-intensive;
b) requires LDAP, NIS, etc., so that SpamAssassin can have a clue
about your accounts;
c) req
eader spam Flag _YESNOCAPS_
add_header all Level _STARS(*)_
add_header all Status _YESNO_, bayes=_BAYES_ score=_SCORE_ required=_REQD_
tests=_TESTSSCORES(,)_ autolearn=_AUTOLERRN_ version=_VERSION_
rewrite_header Subject [SPAM:_STARS(*)_]
What's going on here that prevents the tagging from happening?
t anything:
score ALL_TRUSTED 0
Chris St. Pierre
Unix Systems Administrator
Nebraska Wesleyan University
LOPSA Sysadmin Days: Professional Training for Professional SysAdmins
August 6-7, Cherry Hill, NJ
http://lopsa.org/SysadminDays
lly no reason to be concerned about the
difference in the amount of spam and ham getting reported.
Chris St. Pierre
Unix Systems Administrator
Nebraska Wesleyan University
LOPSA Sysadmin Days: Professional Training for Professional SysAdmins
August 6-7, Cherry Hill, NJ
http://lopsa.org/SysadminDays
ubmissions -- that's what gave them such low rates of
FPs.
Chris St. Pierre
Unix Systems Administrator
Nebraska Wesleyan University
Never send mail to [EMAIL PROTECTED]
mmers do best? I'll give you a minute to think about it.
...
If you said, "Send a lot of email really quickly," you were right!
Why on earth would you willingly make the ability to DOS a site
dependent on volume, the one thing that spammers are the best at?
Chris St. Pierre
hard numbers in your presentation on why you need N more
servers and X more sysadmins.
Good luck!
Chris St. Pierre
Unix Systems Administrator
Nebraska Wesleyan University
Never send mail to [EMAIL PROTECTED]
I can't tell from a quick browse through the Scalix wiki what delivery
agent it uses, but I'd look into that and see if you can use procmail
or Sieve with it.
Chris St. Pierre
Unix Systems Administrator
Nebraska Wesleyan University
Never send mail to [EMAIL PROTECTED]
SPAM-L or some
other forum where it's relevant.
I can't help but note that you have only yourself to blame:
From: Jonas Eckerman <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Fix your Reply-To header and you won't get any more list messages in
your private email.
Chris S
fake
message and checking for recipient errors. Still, a lot of people
don't reject mail for bum users, choosing instead to accept the mail
and bounce it -- again, for precisely this reason.
Chris St. Pierre
Unix Systems Administrator
Nebraska Wesleyan University
On Fri, 30 Mar 2007, Henrik Krohns wrote:
On Thu, Mar 29, 2007 at 03:50:52PM -0500, Chris St. Pierre wrote:
On Thu, 29 Mar 2007, Craig M wrote:
Could future versions of sa-update please be a little more vocal?
Like maybe "no new updates found | loaded xxx new updates | error xxx&q
everywhere.
Chris St. Pierre
Unix Systems Administrator
Nebraska Wesleyan University
Never send mail to [EMAIL PROTECTED]
ge, then you'll need to translate the
rules, as it were. SA does not have a language abstraction layer.
Spam detection is based heavily on content. Content is mired in
language.
Chris St. Pierre
Unix Systems Administrator
Nebraska Wesleyan University
xcuse to use whitelist_from.
Chris St. Pierre
Unix Systems Administrator
Nebraska Wesleyan University
he URIBL_* family of rules aren't among your top 5 most effective,
something is seriously wrong with your SA installation.
FWIW, the OP's message scored 31.3 on my system, as it hit Razor2 and
two URIBL rules (the scores for which I crank up).
Chris St. Pierre
Unix Systems Administrato
Sure.
header __LOCAL_SENDER From =~ /@example\.com/i
meta FORGED_LOCAL_SENDER __LOCAL_SENDER && !TRUSTED_NETWORKS
score FORGED_LOCAL_SENDER 1
This depends on a proper setting of TRUSTED_NETWORKS.
(Note: untested code, YMMV, etc.)
Chris St. Pierre
Unix Systems Administrator
bounce/redirect the message
(which doesn't munge sender data) or forward as an attachment (ditto,
but harder to extract).
Chris St. Pierre
Unix Systems Administrator
Nebraska Wesleyan University
Never send mail to [EMAIL PROTECTED]
should use the _TESTSSCORES(,)_
macro in your add_header line to figure that out.
Chris St. Pierre
Unix Systems Administrator
Nebraska Wesleyan University
Never send mail to [EMAIL PROTECTED]
am you missed:
http://sas.nebrwesleyan.edu/forum/index.php?action=vthread&forum=6&topic=3
Heh. That's the page of one of our student organizations, so I
happily have nothing to do with it
Chris St. Pierre
Unix Systems Administrator
Nebraska Wesleyan University
Never send mail to [EMAIL PROTECTED]
yes
DB?
Feed it from the primary? (you don't want a secondary MX to have a
different bayes from the primary since it will have a VERY jaded view of
the world. Spammers go for the secondary first)
We don't have a secondary MX. Our MySQL database is shared between
two MX nodes of equal pr
directive -- I believe innodb_flush_method=O_DSYNC -- can
cause data loss if your machine crashes, but I don't really care
because this is just Bayes data.
HTH.
Chris St. Pierre
Unix Systems Administrator
Nebraska Wesleyan University
Never send mail to [EMAIL PROTECTED]
can find a Handle.pm file,
then you're probably looking at a borked @INC path.
Chris St. Pierre
Unix Systems Administrator
Nebraska Wesleyan University
Never send mail to [EMAIL PROTECTED]
your machines -- that ensures that all of
your processes (including SA) get restarted and get the new tz data.
Chris St. Pierre
Unix Systems Administrator
Nebraska Wesleyan University
Never send mail to [EMAIL PROTECTED]
ad of just dumping the stripped, decoded text to stdout, though,
he'd want to write the whole message (which would probably have to be
reassembled from its constituent parts) to wherever he wanted it.
No idea what the I/O requirements of such a plugin would be, but I'd
bet it ain'
#x27;ll have to wait and see how much things have
improved. If they haven't improved much, I'll be back on Monday. :)
Thanks again!
Chris St. Pierre
Unix Systems Administrator
Nebraska Wesleyan University
Never send mail to [EMAIL PROTECTED]
he flux by adopting some greylisting technique.
Actually, I meant that, of the 40K messages I receive, about 30K are
discarded by greylisting, RBLs, HELO restrictions, etc.
I can't imagine trying to scan all the mail I get. :)
Chris St. Pierre
Unix Systems Administrator
Nebraska Wesl
0K messages per day, <10K of which ever
make it to SpamAssassin.
Ideas? Thanks!
Chris St. Pierre
Unix Systems Administrator
Nebraska Wesleyan University
------------
Never send mail to [EMAIL PROTECTED]
Chris St. Pierre
Unix Systems Administrator
Nebraska Wesleyan University
}
If you're not using Maildir, you'll have to figure out what to do from
there. I know Mail::Box supports MH, Mbox, and who knows what else,
but haven't used those myself.
http://search.cpan.org/~markov/Mail-Box-2.069/lib/Mail/Box-Overview.pod
should ge
nt to do per-user learning, you'll have to grab the
ReSent-From: header out of each message, but that's pretty trivial.
Chris St. Pierre
Unix Systems Administrator
Nebraska Wesleyan University
Never send mail to [EMAIL PROTECTED]
your question
right above it?
Chris St. Pierre
Unix Systems Administrator
Nebraska Wesleyan University
Never send mail to [EMAIL PROTECTED]
t_ do.
Alternatively, you can forward them on as attachments and then strip
the attachments and learn those, but I think this makes it much more
complicated than necessary.
If so, how ?
man sa-learn
Chris St. Pierre
Unix Systems Administrator
Nebraska Wesleyan Unive
which is a lot less trivial. In that case, Perl's
Mail::Box::Manager is your friend.
Chris St. Pierre
Unix Systems Administrator
Nebraska Wesleyan University
Never send mail to [EMAIL PROTECTED]
On Wed, 21 Feb 2007, Dean Clapper wrote:
Do the emails that I put in the spamtrap have to be in original form? Or, can
I "Bounce" them from my mail client to [EMAIL PROTECTED]
Bouncing preserves the original form of the message. What you don't
want to do is forward the mess
measure of the success of a spam filtering
plan is user satisfaction.
Chris St. Pierre
Unix Systems Administrator
Nebraska Wesleyan University
--
Never send mail to [EMAIL PROTECTED]
ice plugin to have.
Chris St. Pierre
Unix Systems Administrator
Nebraska Wesleyan University
Never send mail to [EMAIL PROTECTED]
agged with BAYES_99 but are not marked as
spam. If Bayes is right about them, turn up your scoring; if not,
continue training.
This is where a user feedback look -- such as spam/ham reporting links
in your webmail client, or the equivalent training for desktop client
users -- can be really useful.
ike you're delivering to Mbox-style mail boxes, so
you'll want to do:
$ sa-learn --mbox --ham /var/spool/mail/ham
Hope that helps!
Chris St. Pierre
Unix Systems Administrator
Nebraska Wesleyan University
Never send mail to [EMAIL PROTECTED]
spamhaus,
etc.).
You could also take care of this by greylisting on the /24 netblock
instead of the /32 address. Most greylisters support this these days,
and it eliminates retry problems with large mx pools.
Chris St. Pierre
Unix Systems Administrator
Nebraska Wesleyan University
only Sendmail greylister I know of that uses MySQL
Chris St. Pierre
Unix Systems Administrator
Nebraska Wesleyan University
Never send mail to [EMAIL PROTECTED]
It looks like 7.0 is enough to get them tagged as spam. If you want
to get them higher (e.g., so that Amavis or something will discard
them), crank up the scores on RAZOR2_CHECK and URIBL_*. I've found
both to be very reliable with exceedingly few FPs.
Chris St. Pierre
Unix Sy
scan them, etc.,
and you'll save yourself some cycles and some headaches.
Chris St. Pierre
Unix Systems Administrator
Nebraska Wesleyan University
Never send mail to [EMAIL PROTECTED]
of delivered mail:
Total messages delivered: 17842 (32.8% of all messages)
Delivered ham: 5869 (32.9% of delivered, 10.8% of total)
Delivered spam: 2975 (16.7% of delivered, 5.5% of total)
On-campus mail: 8998 (50.4% of delivered, 16.5% of total)
RBL is still the king for us.
Chris St. Pierre
Un
% of the mail we filter (and about 25% of our
total mail) is rejected by greylisting. Each of our MTAs processes
about 400K messages per week. We greylist after all other MTA
restrictions, so that boils down to over 100K messages that SA would
have to scan if we weren't using greylisting.
Ch
ame (misconfigured)
spamming software to send out his legitimate mailing lists.
If someone can't properly identify themselves to your server, tell 'em
to pound sand.
Chris St. Pierre
Unix Systems Administrator
Nebraska Wesleyan University
Check out the SARE rulesets, ImageInfo, FuzzyOcr, ...
Chris St. Pierre
Unix Systems Administrator
Nebraska Wesleyan University
On Thu, 26 Oct 2006, san wrote:
>
>Hi, How to write a rules to avoid below type of mails or is there a rule
>already which marks this as spam. Everday i g
dn't have to worry about setting up what you describe, which I'm
pretty sure is impossible anyway.
Chris St. Pierre
Unix Systems Administrator
Nebraska Wesleyan University
ither of these places:
http://daryl.dostech.ca/sa-update/sare/sare-sa-update-howto.txt
http://www.exit0.us/index.php?pagename=RulesDuJour
Chris St. Pierre
Unix Systems Administrator
Nebraska Wesleyan University
spam sneaks through our system tends to be
scored in the 3-4.9 range -- i.e., just below our threshold of 5. I
see _very_ few reported false negatives with a score below 2 or 3.
Chris St. Pierre
Unix Systems Administrator
Nebraska Wesleyan University
ve MTA configuration (blacklists,
forcing somewhat RFC-compliant behavior, etc.), I see very little
phishing mail.
Chris St. Pierre
Unix Systems Administrator
Nebraska Wesleyan University
eed to rev up my Perl?
Thanks!
Chris St. Pierre
Unix Systems Administrator
Nebraska Wesleyan University
mp;c2coff=1&client=opera&rls=en&q=spam+backscatter&btnG=Search
If so, you'll need to look at your MTA.
Chris St. Pierre
Unix Systems Administrator
Nebraska Wesleyan University
hing else. You can
use it to munge the message, but anything else is up to other software
-- in this case, probably your IMAP server.
Chris St. Pierre
Unix Systems Administrator
Nebraska Wesleyan University
F distance -- did not show an appreciable improvement in
the accuracy of the algorithm, although the processing time improved.
It's too bad this won't work, although if someone else wants to take a
crack at it, I'd be happy to share my code, word lists, etc.
Chris St. Pierre
Unix Sy
accepted.
Still, you can see that we're rejecting over 9 messages per minute due
to bad HELOs, bogus recipients, etc., and only marking 3 messages per
minute as spam.
Chris St. Pierre
Unix Systems Administrator
Nebraska Wesleyan University
27;re filtering SpamAssassin stuff to a different log, that could
cause the problems.
Chris St. Pierre
Unix Systems Administrator
Nebraska Wesleyan University
ple message would score a 48 and
the guilty sample would score a 118, yet a larger gap
(magnitude-wise).
Another option would be to use a combination of Levenshtein distance
and an algorithm like metaphone for representing the pronunciation of
a word. So levenshtein(metaphone("orgy", &q
re getting spam advertising "analr bictches" or the like.
Chris St. Pierre
Unix Systems Administrator
Nebraska Wesleyan University
On Wed, 4 Oct 2006, Eric A. Hall wrote:
>
>On 10/4/2006 5:57 PM, Richard Doyle wrote:
>> I've been getting lots of porn site spam containing wo
+ return $arg x $length;
+ },
+
TESTS => sub {
my $arg = (shift || ',');
return (join($arg, sort(@{$self->{test_names_hit}})) ||
"none");
Chris St. Pierre
Unix Systems Administrator
Ne
e unable to duplicate the behavior I'm
accustomed to, but I'd like to give my users as much consistency as possible.
Thanks!
Chris St. Pierre
Unix Systems Administrator
Nebraska Wesleyan University
71 matches
Mail list logo
