I've written a couple of rules for myself which seems to catch the stock GIF
spams I receive fairly well. I've attached them here for your perusal. I
don't claim to be an expert in regex so they may not be the best way to
write such a rule, but they work for me! But you should score them
Hi all,In : http://wiki.apache.org/spamassassin/BayesInSpamAssassin, it is stated that : It's OK to feed emails with Spamassassin markup into the sa-learn command -- sa-learn will ignore any standard Spamassassin headers, and if the original email has been encapsulated into an attachment
Interesting set of rules, they look like they should do fairly well. I'll
run a masscheck on them in a minute. If they are decent I'm sure SARE would
be happy to include them in the stock spam ruleset if you give permission.
The only thing I see that makes me a little nervous is the unescaped @
Hi Loren, thanks for the feedback and suggestions! I didn't actually realise
that the @ symbol had to be escaped - my bad! I'm learning as I go... What a
pain that rawbody only does one line at a time; but at least now I know this
for sure - previously I wasn't completely sure about that.
although I imagine
they would be able to find a more efficient or less FP-risky way of
writing
them.
Not necessarily. Other than the things I mentioned, I don't see anything
particularly scarey about these rules. We have certainly written rules of
this sort to catch other things. By
Alan Au wrote:
Hi all,
In :
http://wiki.apache.org/spamassassin/BayesInSpamAssassin, it is stated
that :
It's OK to feed emails with Spamassassin markup into the sa-learn
command -- sa-learn will ignore any standard Spamassassin headers, and
if the original email has been encapsulated
Could you kindly explain to me about the @ character and why it needs to be
escaped, or in what conditions it needs to be escaped? Eg. you seem to imply
that it only needs to be escaped if followed by an alphabetic character. Is
that the only rule or are there other occasions when it should be
Russ B. wrote:
I'm using the latest SpamAssassin, and I was wondering if there was a list
of all the RBL's that SpamAssassin checks if you have skip_rbl_checks 0
Why?
There's no list per-se, but you can quickly derive one from the rules:
Michael Monnerie wrote:
On Dienstag, 28. Februar 2006 13:09 Matt Kettler wrote:
FYI : My personal-built spamass .cf file is 175k, making my
memory-resident perl ram sizes around ~70 megs per child. I've got
it trim as much as I can, but boy what a difference my own custom
rulesets make and I
Okay I've rewritten the first line of the rule in a way I think is better
(mind any line breaks)...
full__JF_STOCKSPAM1a/- Original
Message -[^\n]*\nFrom:[^\n]+\nTo:[EMAIL PROTECTED]@[^\n]+\nSent:[^\n]+\nSubject:[^\n]+\n{5,20}\w+/i
I've exchanged the .* and .+ with [^\n]
On Dienstag, 28. Februar 2006 13:35 Ronan McGlue wrote:
Is 70m excessive by list standards?? Really? I have 3.1 running with
almost all SARE rules, with RDJ updating them (where appropriate) w/
bayes(MySQL),SURBL,pyzor,DCC,razor. My local.cf is minimal. I barely
have any other local RE's of my
Matt Kettler writes:
You can also test how perl interprets a regex and how much memory it
will use by feeding it to the regex debugger:
perl -Mre=debug -e ' /(a|b)/'
perl -Mre=debug -e '/[ab]/'
wow, good tip Matt! I didn't know about that one myself ;)
by the way regarding memory usage
Justin Mason wrote:
Matt Kettler writes:
You can also test how perl interprets a regex and how much memory it
will use by feeding it to the regex debugger:
perl -Mre=debug -e ' /(a|b)/'
perl -Mre=debug -e '/[ab]/'
wow, good tip Matt! I didn't know about that one myself ;)
Hi everybody,
I'm using Spamassassin 3.0.3 on a Debian machine running spampd
proxy. When I check my receiving mail's headers I see that when talks
about autolearn always says no or failed, what could be the reason?
Thank you very much, have a nice day
Egoitz Aurrekoetxea wrote:
Hi everybody,
I'm using Spamassassin 3.0.3 on a Debian machine running spampd proxy.
When I check my receiving mail's headers I see that when talks about
autolearn always says no or failed, what could be the reason?
1) are you using spamd?
2) do you call spamc as
On Tuesday 28 February 2006 10:36 am, Egoitz Aurrekoetxea wrote:
I'm using Spamassassin 3.0.3 on a Debian machine running spampd
proxy. When I check my receiving mail's headers I see that when talks
about autolearn always says no or failed, what could be the reason?
My server was doing the
So is there no good way possible to automate learning spam and/or ham from
users?It sounds like the only way possible to do this without losing
headers and/or encoding formats is if I intercept everybody's email before
they pop it off and go through it manually to separate the ham from the
Webmaster wrote:
This is unfortunate because many clients are still using this client:
Microsoft Outlook Express: It does not appear to have a redirect option
Hmm. OE is actually one of the better clients for retrieving a true
copy of the original message that was downloaded via POP3.
SA-LEARN is still running from my daily cronjob Time: 399:04.25
Here is the ps -ax Output
ps -ax | grep sa-learn
24906 ?? R399:04.25 /usr/local/bin/perl -T -w
/usr/local/bin/sa-learn --s
37740 p0 RV 0:00.00 grep sa-learn (csh)
Output from /root/.spamassassin (BayesDB stored here)
I have a problem... Got aload of complaints about emails not coming
through. On investigating, I have discovered that we're getting rules
such as MISSING_SUBJECT hit, where an email clearly has a subject: line
in the headers. Also missing recieved header, no from_or_to etc..
So I can
jdow a écrit :
Over here in the US it's spelled extortion,
I've used the french version...
and indeed it is perhaps
over the line just a bit. If some hungry or simple publicity seeking
class action lawyer gets wind of it then SORBS may be history. {o.o}
this will probably happen someday.
-rw--- 1 root wheel 549775048704 Feb 28 10:47 bayes_toks
I'll leave it to the experts to help you out here, but I would assume that
a token db that's apparently half a terrabyte in size is a *slight*
indication of a problem somewhere... ;)
Steve Thomas wrote:
-rw--- 1 root wheel 549775048704 Feb 28 10:47 bayes_toks
I'll leave it to the experts to help you out here, but I would assume
that a token db that's apparently half a terrabyte in size is a
*slight* indication of a problem somewhere... ;)
BerkeleyDB uses sparse
On Tue, 2006-02-28 at 17:55 +, Hamish Marson wrote:
I have a problem... Got aload of complaints about emails not coming
through. On investigating, I have discovered that we're getting rules
such as MISSING_SUBJECT hit, where an email clearly has a subject: line
in the headers. Also
Hi,
at first I will excuse me for my maybe badly english, but I hope you can
understand where my problem ist.
I have here installed under Suse 10.0 spamassassin 3.1.
Also installed is here perl 5.8.7.
When is use spamassassin for example : spamassassin
[EMAIL PROTECTED]
Spamassassin comes
I don't believe what SORBS is doing fits the legal definition of
extortion... no matter how you spell it. :-) There is no threat of
either violence or criminal wrong doing and SORBS is operating a legal
service...
Re,
Clay
On 2/28/2006 at 1:12:14 pm, in message [EMAIL PROTECTED],
mouss
[EMAIL
On Tue, Feb 28, 2006 at 07:20:47PM +0100, Hans München wrote:
[8262] warn: Argument 1^I^I^I1 isn't numeric in numeric eq (==)
at /usr/lib/perl5/vendor_perl/5.8.7/Mail/SpamAssassin/Conf/Parser.pm line
605.
SpamAssassin auto-whitelist: adding address to blacklist:
[EMAIL PROTECTED]
Does
I don't believe what SORBS is doing fits the legal definition of
extortion... no matter how you spell it. :-) There is no threat of
either violence or criminal wrong doing and SORBS is operating a legal
service...
From dictionary.com:
1. The act or an instance of extorting.
2. Illegal use
I'm reading the Wiki:
http://wiki.apache.org/spamassassin/WritingRules
and don't see any information on matching against envelope information...
For instance, I get a lot of spam on alsa-devel@lists.sourceforge.net,
and want
to bias anything coming with that Envelope-Sender with a score of 4.0,
Philip Prindeville wrote:
Could we add an example of using envelope info?
SpamAssassin doesn't see the envelope. Some MTAs add headers for
envelope-header and envelope-recipients (Return-Path:, X-Apparently-To:, etc.)
If you're careful about how you call SpamAssassin you can fake envelope
On Tue, Feb 28, 2006 at 10:59:29AM -0800, [EMAIL PROTECTED] wrote:
If you're careful about how you call SpamAssassin you can fake envelope rules
using these headers.
It's worth noting that there's a pseudo-header called EnvelopeFrom which
is available to header rules which attempts to figure
[EMAIL PROTECTED] wrote:
Philip Prindeville wrote:
Could we add an example of using envelope info?
SpamAssassin doesn't see the envelope. Some MTAs add headers for
envelope-header and envelope-recipients (Return-Path:, X-Apparently-To:, etc.)
If you're careful about how you call
Maybe #3, in a strictly dictionary since of the word, but I doubt it. Never
#2; SORBS holds no official position or power. When you make an accusation
of extortion, you better be using the legal definition. I'm no lawyer, but I
am pretty sure the legal definition involves some force coupled
[EMAIL PROTECTED] wrote:
Philip Prindeville wrote:
Could we add an example of using envelope info?
SpamAssassin doesn't see the envelope. Some MTAs add headers for
envelope-header and envelope-recipients (Return-Path:, X-Apparently-To:, etc.)
If you're careful about how you call
I just upgraded from SA 2.63 to 3.1.0 and am running on SuSe 9.1. I'm
getting the following error in the log file all the time. Any ideas?
Thanks.
Feb 28 13:42:01 mail spamd[15013]: Use of uninitialized value in pattern
match (m//) at
Theo Van Dinter wrote:
On Tue, Feb 28, 2006 at 10:59:29AM -0800, [EMAIL PROTECTED] wrote:
If you're careful about how you call SpamAssassin you can fake envelope rules
using these headers.
It's worth noting that there's a pseudo-header called EnvelopeFrom which
is available to header
Could you kindly explain to me about the @ character and why it needs to
be
escaped, or in what conditions it needs to be escaped? Eg. you seem to
imply
that it only needs to be escaped if followed by an alphabetic character.
Is
It seems to be a Perl thing, if it sees @name in a regex it seems
On Tue, Feb 28, 2006 at 12:28:52PM -0700, Philip Prindeville wrote:
What am I missing? Is SA not using the Return-Path: line by default?
It will, depending on where it's found in the headers, and if there's a better
header found first.
debug: all '*From' addrs: [EMAIL PROTECTED]
[EMAIL
On Tue, Feb 28, 2006 at 02:29:11PM -0500, Gene Hendrickson wrote:
I just upgraded from SA 2.63 to 3.1.0 and am running on SuSe 9.1. I'm
getting the following error in the log file all the time. Any ideas?
Thanks.
Feb 28 13:42:04 mail spamd[15008]: Use of uninitialized value in
Hello all,
I thought that I had spamassassin running well. however, when I run sa-learn on
the spam and ham folders I have messages being logged to, every time both
folders results in
Learned from 0 message(s) (0 message(s) examined).
I currently have a very large amount of messages in both
Clay Davis wrote:
Maybe #3, in a strictly dictionary since of the word, but I doubt it. Never #2; SORBS holds no
official position or power. When you make an accusation of extortion, you better be
using the legal definition. I'm no lawyer, but I am pretty sure the legal definition
involves
Theo Van Dinter wrote:
header EnvelopeFrom =~ /[EMAIL PROTECTED]/
ought to do it.
The header is just the address. envfrom= is output from the SPF
debug line.
Yup.
That works.
Now... Is anyone going to try to talk me out of this, on the basis of it
being unsound? ;-)
-Philip
Gene Hendrickson wrote:
I just upgraded from SA 2.63 to 3.1.0 and am running on SuSe 9.1. I'm
getting the following error in the log file all the time. Any ideas?
Your upgrade got massively borked. SA 3.1.0 does not have a NoMailAudit.pm, that
file disappeared when SA 3.0.0 was released.
So
On Tue, Feb 28, 2006 at 11:37:46AM -0800, Loren Wilton wrote:
I'm not absolutely sure what @name in a regex really means to perl, but it
seems to not be what I usually expect. Escaping the @ ends up producing the
right results.
@name means the array name. Perl isn't sure whether or not you
On Tue, Feb 28, 2006 at 01:43:23PM -0600, [EMAIL PROTECTED] wrote:
Learned from 0 message(s) (0 message(s) examined).
I currently have a very large amount of messages in both folders. I have been
collecting them for several months on a mailing list that gets a large amount
of traffic.
The symptoms you describe sound a lot like a completely broken rule
someplace that should probably (but not absolutely guaranteed) show up as a
lint error. Unfortunately the error will probably be on some completely
innocent rule, quite possibly in another file.
Look in local.cf or any other
I am using SpamAssassin 3.1.0 with
MailScanner 4.50.15. Everything is running smooth, but when I
attempted to install RulesDuJour, it ran spamassassin lint and came back with the following:
[12928] warn: config: failed to
parse line, skipping: check_mx_attempts 1
[12928] warn: config:
Now... Is anyone going to try to talk me out of this, on the basis of it
being unsound? ;-)
The check someone (possibly you) showed about giving 6 points to From
@paypal.com appears to be unsound unless you are really sure you will
receive no paypal stuff. Which would probably be true of a
Drew Burchett wrote:
I am using SpamAssassin 3.1.0 with MailScanner 4.50.15. Everything is
running smooth, but when I attempted to install RulesDuJour, it ran
spamassassin –lint and came back with the following:
[12928] warn: config: failed to parse line, skipping: check_mx_attempts 1
Loren Wilton wrote:
Now... Is anyone going to try to talk me out of this, on the basis of it
being unsound? ;-)
The check someone (possibly you) showed about giving 6 points to From
@paypal.com appears to be unsound unless you are really sure you will
receive no paypal stuff. Which
Clay Davis a écrit :
Maybe #3, in a strictly dictionary since of the word, but I doubt it. Never
#2; SORBS holds no official position or power. When you make an accusation
of extortion, you better be using the legal definition. I'm no lawyer, but
I am pretty sure the legal definition
[EMAIL PROTECTED] wrote:
Hello all,
I thought that I had spamassassin running well. however, when I run sa-learn
on
the spam and ham folders I have messages being logged to, every time both
folders results in
Learned from 0 message(s) (0 message(s) examined).
Well that right there
Quoting Matt Kettler [EMAIL PROTECTED]:
[EMAIL PROTECTED] wrote:
Hello all,
I thought that I had spamassassin running well. however, when I run
sa-learn on
the spam and ham folders I have messages being logged to, every time both
folders results in
Learned from 0 message(s) (0
Quoting Theo Van Dinter [EMAIL PROTECTED]:
On Tue, Feb 28, 2006 at 01:43:23PM -0600, [EMAIL PROTECTED] wrote:
Learned from 0 message(s) (0 message(s) examined).
I currently have a very large amount of messages in both folders. I have
been
collecting them for several months on a mailing
Sorry, I don't agree. Nothing you listed is an illegal practice.
Not agreeing with their practices and extortion are very different.
(btw - I don't use them either.)
C
On 2/28/2006 at 4:19:34 pm, in message [EMAIL PROTECTED],
mouss
[EMAIL PROTECTED] wrote:
Clay Davis a écrit :
Maybe #3, in
Greetings!
I got a problem when I try to feed Bayes with large number of emails
(over 1500). It just hang there and I got the the following error
messages from maillog file:
.bayes: cannot open bayes databases /spamassassin/bayes_* R/W: lock
failed: File exists
Does anyone know how to
[EMAIL PROTECTED] wrote:
Quoting Theo Van Dinter [EMAIL PROTECTED]:
On Tue, Feb 28, 2006 at 01:43:23PM -0600, [EMAIL PROTECTED] wrote:
Learned from 0 message(s) (0 message(s) examined).
I currently have a very large amount of messages in both folders. I have
been
collecting them for
On Tuesday 28 February 2006 05:06 pm, Jonathan Nie wrote:
Greetings!
I got a problem when I try to feed Bayes with large number of emails
(over 1500). It just hang there and I got the the following error
messages from maillog file:
.bayes: cannot open bayes databases
Tyler Nally wrote:
On Tuesday 28 February 2006 05:06 pm, Jonathan Nie wrote:
Greetings!
I got a problem when I try to feed Bayes with large number of emails
(over 1500). It just hang there and I got the the following error
messages from maillog file:
.bayes: cannot open bayes databases
Jonathan Nie wrote:
Greetings!
I got a problem when I try to feed Bayes with large number of emails
(over 1500). It just hang there and I got the the following error
messages from maillog file:
.bayes: cannot open bayes databases /spamassassin/bayes_* R/W: lock
failed: File exists
Am Dienstag, 28. Februar 2006 19:31 schrieb Theo Van Dinter:
Look in your config file(s) (I'd start with local.cf) and see if you can
find something that looks like:
word 11
Thank you that was ist, was a mistake in 10_misc.cf
I wrote instead of : Bayes_auto_learn 1 /
Hans München wrote:
Am Dienstag, 28. Februar 2006 19:31 schrieb Theo Van Dinter:
Look in your config file(s) (I'd start with local.cf) and see if you can
find something that looks like:
word 1 1
Thank you that was ist, was a mistake in 10_misc.cf
I wrote instead of :
Hans, it is best if you do not change the files in the /usr/share/spamassassin
directory. Leave them alone. They will get overridden by values you put in
the /etc/mail/spamassassin/local.cf file. I found it's even nicer to
override the standard local.cf with 999_local.cf, which parses after all
From: Hamish Marson [EMAIL PROTECTED]
On Tue, 2006-02-28 at 17:55 +, Hamish Marson wrote:
I have a problem... Got aload of complaints about emails not coming
through. On investigating, I have discovered that we're getting rules
such as MISSING_SUBJECT hit, where an email clearly has a
If you want to automate learning spam and ham with no human interaction
at all simply turn on the autolearn process.
If you want to have manual intervention in the learning process and are
using Outlook Express there is no way that is extremely luser simple
to setup. There is a way that is not
If you are using nearly all the SARE rules I am not surprised at those
mem figures.
Note that the top printout you quoted does not indicate spamd is
using 10 times either 86 megs or 119 megs. Much of that memory is
shared. The time to worry is when you see the swap usage above a very
small
One of my users received a message today that landed in the spambucket. Upon
further review, it's a legit message from Paypal. In fact, SA even
recognized that it appeared to be a legit Paypal message, but since the
adjustment was a whopping -0.0 points, it wasn't enough to bring it back
below
Extortion means extracting funds by some form of criminal means.
Extortion in the form of, pay or we block access to your business,
is as wrong as pay or we'll break your legs.
{^_^}
- Original Message -
From: Clay Davis [EMAIL PROTECTED]
I don't believe what SORBS is doing fits the
jdow wrote:
Extortion means extracting funds by some form of criminal means.
Extortion in the form of, pay or we block access to your business,
is as wrong as pay or we'll break your legs.
{^_^}
SORBS isn't blocking access to anybody's business. The worst they could be
accused of is
[EMAIL PROTECTED] wrote:
jdow wrote:
Extortion means extracting funds by some form of criminal means.
Extortion in the form of, pay or we block access to your business,
is as wrong as pay or we'll break your legs.
{^_^}
SORBS isn't blocking access to anybody's business. The worst they
Matt Kettler wrote:
[EMAIL PROTECTED] wrote:
jdow wrote:
Extortion means extracting funds by some form of criminal means.
Extortion in the form of, pay or we block access to your business,
is as wrong as pay or we'll break your legs.
{^_^}
SORBS isn't blocking access to anybody's business.
Hi Matt,
I am new to spamassassin. Thank you so much for your help and Tyler too.
Bayes autolearn is enabled when I feed Bayes with the 1500 emails manually
using the sa-learn command. Does it cause the problem?
I also checked the Bayes database directory and found two stale lock files
On Tuesday 28 February 2006 10:46 pm, you wrote:
I am new to spamassassin. Thank you so much for your help and Tyler too.
Thanks.. I'm not the expert.. I just use it!
Bayes autolearn is enabled when I feed Bayes with the 1500 emails manually
using the sa-learn command. Does it cause the
What better checks are you referring to?
Something I need to pull down from SARE?
sare_spoof or something like that, as best I recall.
Loren
One of my users received a message today that landed in the spambucket.
Upon
further review, it's a legit message from Paypal. In fact, SA even
recognized that it appeared to be a legit Paypal message, but since the
adjustment was a whopping -0.0 points, it wasn't enough to bring it back
Matt Kettler wrote:
Egoitz Aurrekoetxea wrote:
Hi everybody,
I'm using Spamassassin 3.0.3 on a Debian machine running spampd proxy.
When I check my receiving mail's headers I see that when talks about
autolearn always says no or failed, what could be the reason?
1) are you using spamd?
2)
Stop receiving emails.
Stop the SpamAssassin service once the incoming mail spool is empty.
Then kill all vestiges of spamd or spamassassin that might still be
running from previously improperly terminated sessions.
Then run sa-learn.
If it STILL hangs with this lock you'd a problem somewhere fer
Hi Mr. Matt,Thanks a lot for replying me. I have some thing to clarify. Please see below :We forward a wrongly classifed email as attachement (RFC822) . Will it be OK for SpamAssassin to learn?Regards,Alan Matt Kettler [EMAIL PROTECTED] wrote:Alan Au wrote: Hi all, In :
78 matches
Mail list logo