Just a quick note that the following SARE rules files have been
updated:
70_sare_genlsubj*cf -- Subject Header rules
70_sare_header*cf -- other Header rules
70_sare_html*cf -- HTML rules
70_sare_specific.cf -- rules to catch specific spammers
70_sare_uri*.cf -- URI rules
See http://www.
Does posting to this list open me up to dweebs harvesting email addresses?
I'm suddenly getting BS spams to this email address, and they have to be
coming from one of two sources. This list being one of the options.
Thanks.
Yep, I just found the culprit.
The below 2 websites volunteer SA users-list email addresses for all the
world to harvest. I found my email address in Google from posting here on
this list.
aspn.activestate.com/ASPN/ Mail/Message/spamassassin-users
spamassassin.apache.org/mail/users
Be warned,
I don't post terribly frequently, but I certaibly do post to this list (and
many others). Ditto for Usenet. No throw-away addresses for me.
I use SpamAssassin with Pyzor, Razor, DCC, and network checks, ClamAV, and
greylisting.
I can remember one spam message that made it into my Inbox this y
Not his point.
The second link definitely gets you to, what appear to be, the raw list
archive files.
The first link got me a blank page.
In addition, the actual "archives", that are viewable to the world, show
the senders' email addresses.
Seems to me that whatever's generating the list archiv
At 11:35 PM 3/14/2005, Greg Allen wrote:
Does posting to this list open me up to dweebs harvesting email addresses?
Without a doubt, yes.
I am 100% certain that there are spammers subscribed to this list, or are
getting the messages in some manner or another. It's rather obvious why
they do it.
Mike Burger wrote:
> The second link definitely gets you to, what appear to be, the raw list
> archive files.
I did not see any "raw list archives" at this moment. But I did see
the mail address in the mail archives here. This one for example.
http://spamassassin.apache.org/mail/users/200503
Eric A. Hall wrote:
Over the weekend I banged together a preliminary ldapBlacklist.pm plugin
which lets the master process query an ldap server for whitelist or
blacklist flags associated with the connecting SMTP client's reverse DNS,
the HELO identifer, the mail-from address, the From address, and
A friend who wishes to remain anonymous forwarded me this patch
and note:
> Jeff, Saw the thread on sa-users list about using SURBL without other
> networks
>
> Attached is a ugly patch which I think might do the trick.
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
sa30
Andy Jezierski wrote:
You need to teach Bayes at least 200 spam and 200 non-spam messages before
it will do anything for you.
Thanks. Is it true that SA will ignore DCC and Razor (evethough they are
enabled) if I turn on training mode?
Regards,
Norman Zhang
At 11:53 PM 3/14/2005, Greg Allen wrote:
Yep, I just found the culprit.
The below 2 websites volunteer SA users-list email addresses for all the
world to harvest. I found my email address in Google from posting here on
this list.
One of many.. As I pointed out before, there's probably multiple spam
On Tue, Mar 15, 2005 at 02:20:48AM -0500, Eric A. Hall wrote:
> - is there a way to force a plugin to load last? like, if I want SPF
>and all of the other validation stuff to get called first, but not
>to rely on it (it may not be installed), is there a way to force
>the plugin to get
Hallo,
I want to write a additional rule for spamassassin (3.0.2) which
match the following header lines.
Received: from blabla (unknown [1.2.3.4])
by my.mailserver.com
This rule shuld add bad scores to machines which don't talk rfc.
Her is my try which doesn't succeded.
header MY_RECV_
On Monday, March 14, 2005, 10:31:29 PM, Matt Kettler wrote:
> I am 100% certain that there are spammers subscribed to this list, or are
> getting the messages in some manner or another. It's rather obvious why
> they do it. Spam tools seem to quickly adapt to subjects discussed here.
> List harv
Hello,
after upgrade to:
vlado.ace#spamassassin -V
SpamAssassin version 3.0.2
running on Perl version 5.8.6
on
vlado.ace#uname -a
FreeBSD ace.botka.homeunix.org 5.4-PRERELEASE FreeBSD 5.4-PRERELEASE #0:
Sun Mar 13 05:42:56 CET 2005
[EMAIL PROTECTED]:/usrmnt/obj/usrmnt/src/sys/ACE i386
Sp
At 02:50 AM 3/15/2005, Jörg Schütter wrote:
This rule shuld add bad scores to machines which don't talk rfc.
Her is my try which doesn't succeded.
header MY_RECV_FQDN1 Received =~ /^from [a-zA-Z0-9-]+ (\w+ \w+) by
hostname\d\d\.domain\.com
describe MY_RECV_FQDN1 Sender does not use FQN in EHLO
sco
On 3/15/2005 2:50 AM, Jörg Schütter wrote:
> I want to write a additional rule for spamassassin (3.0.2) which
> match the following header lines.
>
> Received: from blabla (unknown [1.2.3.4])
> by my.mailserver.com
>
> This rule shuld add bad scores to machines which don't talk rfc.
http
Today I test the SA again.
I use spamc -U /tmp/spamd.sock < myspamtest, in the log file it said "
result: . 0 -
scantime=0.1,size=23009,mid=<[EMAIL PROTECTED]>,autolearn=failed"
Therefore Im pretty sure the spamd is running but just dont know why when
run SA itself it works but not spamd :(
-Original Message-
> From: Michael Parker [mailto:[EMAIL PROTECTED] Sent: 14 March 2005 22:28
> > On Mon, Mar 14, 2005 at 10:23:37PM +, Paul Reilly wrote:
> >
> > > Of course, I have to ask, how do you find the data "quite useful?" I
> >
> > It's useful to see what words/tokens are g
I have just received spam from [EMAIL PROTECTED]
Is there a test which identifies that the description (Esmeralada
Bouchard) bears no resemblance to the given sender's address?
Similarly I sometimes receive spam mail to my email address but with a
completely unrecognisable description.
Are there
Explain how does "Mike Spamassassin" describe [EMAIL PROTECTED], what's
the resemblence there?
Yang
On Tue, 15 Mar 2005 15:00:51 - (GMT), Mike Spamassassin
<[EMAIL PROTECTED]> wrote:
> I have just received spam from [EMAIL PROTECTED]
> Is there a test which identifies that the description (
At 10:00 AM 3/15/2005, Mike Spamassassin wrote:
I have just received spam from [EMAIL PROTECTED]
Is there a test which identifies that the description (Esmeralada
Bouchard) bears no resemblance to the given sender's address?
No.. It's quite common for normal people to have that.
For example, take
Point taken, but I still think it would be a valid test.
Like all SpamAssassin tests it should only be one of many indicators.
In particular all the ones that I receive I would expect to have "Mike" or
"Michael" in the description of my email address.
I would also like to be able to pick out those
Oh, my second of fame :-)
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & http://msie.winware.org
GRP Productions wrote on Tue, 15 Mar 2005 01:12:53 +0200:
> >I have been trying to get something from CVS for several days now, no luck.
>
> Send me your email in private ([EMAIL PROTECTED]) to send it to you.
Thanks for the offer. You can send it to the email address I use for this list,
or
Hello,
Where are URIBL scores configured?
Thanks,
Rod
--
Get Firefox Web Browser at the link below! You won't regret it!
http://tinyurl.com/4cqbv
Rodney Green wrote:
Hello,
Where are URIBL scores configured?
The same place all the scores are configured.
The defaults are in /usr/share/spamassassin/50_scores.cf
Your over-rides should probably go in /etc/mail/spamassassin/local.cf.
You can edit the defaults, but if you edit 50_scores, it wil
Jeff Chan wrote:
Well when they can sell spams that don't advertise a web site
for the same price as those that do, let us know. Until
then SURBLs have them.
SURBLs have them... most of the time... eventually... Er, yeah.
Hey, SURBLs are GREAT, no doubt about it but lets not kid ourselves. It
i
Stuart Johnston wrote:
Hey, SURBLs are GREAT, no doubt about it but lets not kid ourselves.
It is a long way from a 100% spam solution.
I think Jeff's point is that SURBL is one test spammers have a limited
ability to adapt to without cutting into their bottom line. Not that
it's perfect.
Mike Spamassassin wrote on Tue, 15 Mar 2005 16:24:20 - (GMT):
> Point taken, but I still think it would be a valid test.
> Like all SpamAssassin tests it should only be one of many indicators.
> In particular all the ones that I receive I would expect to have "Mike" or
> "Michael" in the de
May I ask what's the difference between
/var/lib/amavisd/.spamassassin/user_prefs and
/etc/mail/spamassassin/local.cf?
user_prefs contains
bayes_file_mode 0640
use_bayes 1
auto_learn 1
skip_rbl_checks 1
use_razor2 0
use_pyzor 0
use_dcc 0
#dcc_add_header 1
while local.cf contains
skip_rbl_checks
I have a user that is of Japanese origin and who converses with other
individuals in Japan in his same field of study. The messages they send
are in Japanese and trip the URI_SBL rule. These people are in
different .jp domains and I really don't want to get into the
administrative overhead of whi
Norman Zhang wrote:
May I ask what's the difference between
/var/lib/amavisd/.spamassassin/user_prefs and
/etc/mail/spamassassin/local.cf?
In general user_prefs is *intended* for per-user configuration, so that
individual users can over-ride the site-wide defaults.
local.cf (actually any .cf f
Matt Kettler wrote:
At 11:46 AM 3/14/2005, Paul Reilly wrote:
Is it possible to dump the bayesian tokens in
human readable format still?
No.
In sa 3.0+ they are base-64 encodings of the SHA1 hash of the token.
The hash is for all practical purposes not reversible.
This is done in part for privac
In general user_prefs is *intended* for per-user configuration, so that
individual users can over-ride the site-wide defaults.
local.cf (actually any .cf file in /etc/mail/spamassassin) is intended
for site-wide customizations, and gets used for all users. It is
intended to over-ride the defaul
AltGrendel wrote:
Does this apply to Bayes/SQL too?
It should. AFAIK, the hashing is done by SA 3.0's bayes engine, so the
kind of database used doesn't change the fact that tokens are hashed.
Norman Zhang wrote:
I don't have any user boxes on my gateway. So should I make user_pref
exactly the same as local.cf?
No, that's a waste. Make user_prefs an empty file and put all the
settings in local.cf
I have no users on the gateway. It will be amavis killing virus and
SPAM. Do I need at le
Matt Kettler wrote:
I don't have any user boxes on my gateway. So should I make user_pref
exactly the same as local.cf?
No, that's a waste. Make user_prefs an empty file and put all the
settings in local.cf
Thanks I will merge the setting into local.cf. One thing user_pref
disables DCC and Razor
Norman Zhang wrote:
Thanks I will merge the setting into local.cf. One thing user_pref
disables DCC and Razor along with autolearn. Should I disable them in
local.cf?
Depends on whether or not you want to use DCC and/or Razor. They are
network checks, so they can be comparatively slow, but they'
Depends on whether or not you want to use DCC and/or Razor. They are
network checks, so they can be comparatively slow, but they're both very
effective tests. (At least, if you are talking about Razor 2.6 or higher)
I would like to use them with SA. They won't affect Bayes scores?
Should I feed S
--
William R. Thomas
Corvar [EMAIL PROTECTED]
Co-Webmaster http://www.theonering.net/
*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*
If you want to see useful Perl examples, we can certainly a
Your message seems to be missing it's body, but I'm assuming you're
confused by how the scores for the AWL work.
I'd suggest a read of the wiki:
http://wiki.apache.org/spamassassin/AutoWhitelist
and
http://wiki.apache.org/spamassassin/AwlWrongWay
I had some questions about how the auto whitelist score was
generated. Specifically, it seems like it is working opposite to the
way it should be in some cases.
The equation for the AWL score is:
( meanscore - currentscore) * factor
generated from historic me
The Conexcol mailserver is misbehaving and sending DSN's back to the
From: header address, instead of the Return-Path. This winds up borking
junk back into poster's mailboxes, and prevents the mailing list from
auto-detecting the problem.
Can you drop them from the list until they have a chance
You were exactly correct, I was seeing the AwlWrongWay problem (maybe
phenomena is a better term) and didn't turn up anything on google
about it, and was vastly confused.
I wish I would have checked my email again before sending the full
explanation.
On Tue, Mar 15, 2005 at 04:03:49PM -0500, M
William R Thomas wrote:
I had some questions about how the auto whitelist score was
generated. Specifically, it seems like it is working opposite to the
way it should be in some cases.
The equation for the AWL score is:
( meanscore - currentscore) * factor
gene
Received: from ar39.lsanca2-4.16.241.28.lsanca2.elnk.dsl.genuity.net
([4.16.241.28] helo=watson1)
by pop-a065d23.pas.sa.earthlink.net with smtp (Exim 3.33 #1)
id 1DBKRe-Kp-00; Tue, 15 Mar 2005 14:23:22 -0800
1) Is "stmp" in lower case valid, or should it have been STMP?
2) Is it valid to hav
Hello,
I'm using spamassassin 3.0.2 from within MailScanner 4.39.6 on Debian
woody. After upgrading to spamassassin 3.0.2 (installed from source
tarball) I am unable to use sa-learn to train the bayes engine on ham or
spam. Spamassassin is otherwise working fine. Before upgrading I wiped
out my pr
Eric Dantan Rzewnicki wrote:
spamassassin -D -p --lint doesn't show any problems that I
can see.
if I run:
sa-learn --showdots --mbox --ham -p /opt/MailScanner/etc/spam.assassin.prefs.conf
sa-learn just hangs. Same happens for --spam.
strace shows it stuck on a read(0,
Any ideas?
What about sa-
Are there problems with mail header identification?
Am I in the wrong list with this question?
Thanks
Lars Dierich
> Mar 13 01:16:18 ns spamd[28893]: processing message
> <[EMAIL PROTECTED]> for web321p1:104.
> Mar 13 01:16:20 ns spamd[28893]: Use of uninitialized value in
> concatenation (.) or
On Wed, Mar 16, 2005 at 12:27:28AM +0100, [EMAIL PROTECTED] wrote:
> Are there problems with mail header identification?
> Am I in the wrong list with this question?
> > Mar 13 01:16:18 ns spamd[28893]: processing message
> > <[EMAIL PROTECTED]> for web321p1:104.
> > Mar 13 01:16:20 ns spamd[28893]
> I have just received spam from [EMAIL PROTECTED]
> Is there a test which identifies that the description (Esmeralada
> Bouchard) bears no resemblance to the given sender's address?
No. Because there is no possibly way of knowing that [EMAIL PROTECTED] really
isn't "Johnny P. Spammer".
> Simil
> I would also like to be able to pick out those from "Microsoft Support"
> which are not from microsoft.com and other typical phishing mails.
Now there you are on easier ground. SARE has several rules to catch phish
that are based on this sort of thing.
Loren
53 matches
Mail list logo
