two bits of sa related code i've written, neither of them are what
i'd particularly call polished, but if you feel like firing them
up, i'd love to hear your feedback:
Phisher:
http://www.faisal.com/software/phisher/
This is a plugin that does nothing more complicated than check for
the
Look at this, X-Spam-Checker-Version: SpamAssassin 3.1.4 (2006-07-25) on chrysalis.chrysalishosting.comX-Spam-Level: X-Spam-Status: No, score=
4.3 required=5.0 tests=BAYES_50,HG_HORMONE, HTML_40_50,HTML_MESSAGE,J_CHICKENPOX_43,J_CHICKENPOX_55,OFFER, SPECIAL_OFFER,UNPARSEABLE_RELAY
On 8/25/2006 2:59 AM, Christopher Mills wrote:
Look at this,
X-Spam-Checker-Version: SpamAssassin 3.1.4 (2006-07-25) on
chrysalis.chrysalishosting.com http://chrysalis.chrysalishosting.com
X-Spam-Level:
X-Spam-Status: No, score= 4.3 required=5.0 tests=BAYES_50,HG_HORMONE,
Adding a point for corrupted images is sounding better and better.
I disagree. To check out what happens I converted a JPG picture into a GIF
file
and sent it to myself. One time I converted it with IrfanView and the second
time with PaintShop Pro. Both GIF files had the result
giftopnm: EOF
On 8/25/2006 3:06 AM, Christopher Mills wrote:
You're right...time to change my glasses, BUT, it is flagging the
message as SPAM when the score has not yet reached the required 5.0, any
clues as to why that is so?
Unless you're invoking SpamAssassin with the -t option, I highly doubt
that
Hi,
Justin Lloyd wrote:
Hello, all.
A couple of months ago I built new mail servers to replace our existing
ones that had aging mail configurations (and disparate OS
configurations), running sendmail 8.12.6 and SA 3.0.2. Our configuration
now consists of 2 RHEL 4 ES servers that share the load
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Plenz wrote:
Adding a point for corrupted images is sounding better and better.
I disagree. To check out what happens I converted a JPG picture into a GIF
file
and sent it to myself. One time I converted it with IrfanView and the
second
time
From: Christopher Mills [EMAIL PROTECTED]
Look at this,
X-Spam-Checker-Version: SpamAssassin 3.1.4 (2006-07-25) on
chrysalis.chrysalishosting.com
X-Spam-Level:
12345
X-Spam-Status: No, score=4.3 required=5.0 tests=BAYES_50,HG_HORMONE,
Hello,
My local.cf is like that :
required_hits 5.0
add_header all Report _REPORT_
rewrite_header Subject 1
add_header spam Flag _YESNOCAPS_
add_header all Checker-Version SpamAssassin _VERSION_ (_SUBVERSION_) on
_HOSTNAME_
add_header all Status _YESNO_, score=_SCORE_ required=_REQD_
I work in an italian company, we are receiving some spam written in (very
bad) italian language, obviously produced by some automatic translator.
Although their content is heavily pornographic, the spam score is very low,
because they don't match any of the porn-specific rules, which are
Hi,
I just spotted this FP in our SA 3.1.4 quarantine...
I have no means to contact the sender, but I guess he used an Outlook
(Express?) client to SMTP a Domino server.
Even if we had the threshold at the default 5 it would have been
stopped. Is there a workaround on the rules or should I
Mark Martinec writes:
Vivek Khera wrote:
in the current port for 3.1.4, there are no freebsd-specific patches
to SA, so whatever this was is no longer there.
You are one day behind :)
On Aug 23, 2006, at 5:01 PM, Justin Mason wrote:
anyone know what this is/does?
You might wish to look at tweaking your BAYES_xx scores to reduce false
positives.
I guess that depends on how healthy your Bayes database is, though.
Cheers,
Phil
--
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK
-Original Message-
From: Paolo Cravero as2594
Matt Kettler wrote:
Philip Prindeville wrote:
There's no way to whitelist just the empty address then? Rather than
everything?
-Philip
Not given the simple file-glob format of the whitelist commands. You'd
need a regular expression and negation.
You could do it with a rule...
Randal, Phil wrote:
You might wish to look at tweaking your BAYES_xx scores to reduce false
positives.
I guess that depends on how healthy your Bayes database is, though.
Can't really say how healthy it is. 99% of spam (guessing, but pretty
close) is in English language, 99% of our ham is
Matt Kettler wrote:
Christopher Mills wrote:
Look at this,
X-Spam-Checker-Version: SpamAssassin 3.1.4 (2006-07-25) on
chrysalis.chrysalishosting.com http://chrysalis.chrysalishosting.com
X-Spam-Level:
X-Spam-Status: No, score= 4.3 required=5.0 tests=BAYES_50,HG_HORMONE,
We have an Exchange SpamAssassin folder that our users can drop false
negatives into. Then I periodically run a Perl script (using
Mail::IMAPClient) to retrieve the messages and retrain both mail servers
with those (not just the mail server through which the message arrived).
Whenever I receive a
On Friday, Aug 25th 2006 at 10:25 -0400, quoth Jim Maul:
=Matt Kettler wrote:
= Christopher Mills wrote:
= Look at this,
=
= X-Spam-Checker-Version: SpamAssassin 3.1.4 (2006-07-25) on
= chrysalis.chrysalishosting.com http://chrysalis.chrysalishosting.com
= X-Spam-Level:
=
--On Friday, August 25, 2006 12:05 AM -0700 Plenz [EMAIL PROTECTED]
wrote:
I disagree. To check out what happens I converted a JPG picture into a GIF
file
and sent it to myself. One time I converted it with IrfanView and the
second time with PaintShop Pro. Both GIF files had the result
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Kenneth Porter wrote:
--On Friday, August 25, 2006 12:05 AM -0700 Plenz
[EMAIL PROTECTED] wrote:
I disagree. To check out what happens I converted a JPG picture
into a GIF
file
and sent it to myself. One time I converted it with IrfanView and
On Friday 25 August 2006 11:20, Kenneth Porter wrote:
We need to stop giving a free pass to broken content creation software just
because it's popular. When someone sends you broken content, you should
react the same way you would if they sent you documents on dirt-smeared
paper. Stop letting
On Friday 25 August 2006 11:24, decoder wrote:
I've heard that it truncates the mail at 30kb, no matter if that is
within a MIME block or not... So my plugin gets a broken image..
though it was not broken originally...
How better to get that fixed than to put them on notice, and
start tagging
From: decoder [EMAIL PROTECTED]
To: users@spamassassin.apache.org
Subject: Re: Discourage broken content
Date: Fri, 25 Aug 2006 21:24:14 +0200
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Kenneth Porter wrote:
--On Friday, August 25, 2006 12:05 AM -0700 Plenz
[EMAIL PROTECTED] wrote:
I
I think we should discourage all broken content in email and on the
web.
But who is to decide what is broken. Just because
giftext/giffix/gocr/etc. fail to parse it, doesn't necessarily mean it's
broken. The software may be buggy (note the patches on the download
page needed to make these
On Friday 25 August 2006 11:33, Kash, Howard (Civ, ARL/CISD) wrote:
I think we should discourage all broken content in email and on the
web.
But who is to decide what is broken. Just because
giftext/giffix/gocr/etc. fail to parse it, doesn't necessarily mean it's
broken.
Yes, by
Yes, by definition, it DOES mean its broken.
So when then giftext author made an error in assuming every image would
have a global colormap, he redefined the GIF specification so that any
that don't are no longer valid?
Howard
On 25-Aug-06, at 3:20 PM, Kenneth Porter wrote:
--On Friday, August 25, 2006 12:05 AM -0700 Plenz [EMAIL PROTECTED]
online.de wrote:
I disagree. To check out what happens I converted a JPG picture
into a GIF
file
and sent it to myself. One time I converted it with IrfanView and the
second
Could somebody explain to me the reason why MailScanner acts this way?
A good question could be decide if you adapt this plugin to be
compatible
with MailScanner or tha last one should change this practice.
As a resource/denial of service protection mechanism. If someone starts
feeding you
On Fri, 25 Aug 2006, Plenz wrote:
Adding a point for corrupted images is sounding better and better.
I disagree. To check out what happens I converted a JPG picture into a GIF
file
and sent it to myself. One time I converted it with IrfanView and the second
time with PaintShop Pro. Both GIF
On Fri, 25 Aug 2006, enediel gonzalez wrote:
From: decoder [EMAIL PROTECTED]
Kenneth Porter wrote:
I completely agree, the problem is, some implementations makes this
impossible. For example MailScanner.
I've heard that it truncates the mail at 30kb, no matter if that is
within a MIME block
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Logan Shaw wrote:
On Fri, 25 Aug 2006, enediel gonzalez wrote:
From: decoder [EMAIL PROTECTED] Kenneth Porter wrote:
I completely agree, the problem is, some implementations makes
this impossible. For example MailScanner.
I've heard that it
On Friday 25 August 2006 11:40, Kash, Howard (Civ, ARL/CISD) wrote:
Yes, by definition, it DOES mean its broken.
So when then giftext author made an error in assuming every image would
have a global colormap, he redefined the GIF specification so that any
that don't are no longer valid?
One
-Original Message-
From: decoder [mailto:[EMAIL PROTECTED]
Sent: Friday, August 25, 2006 2:24 PM
To: users@spamassassin.apache.org
Subject: Re: Discourage broken content
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Kenneth Porter wrote:
--On Friday, August 25, 2006 12:05 AM
On Friday 25 August 2006 12:10, Rick Cooper wrote:
That is patently false. I have a graphics design/advertising department at
one of my locations and these fellas send huge graphics files back and
forth when they have emergency proofs/changes and MailScanner has *never*
damaged anything, ever,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Rick Cooper wrote:
-Original Message- From: decoder
[mailto:[EMAIL PROTECTED] Sent: Friday, August 25, 2006 2:24
PM To: users@spamassassin.apache.org Subject: Re: Discourage
broken content
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello,
I just uploaded FuzzyOcr 2.3b to the download site. If you find bugs
or run into problems, please mail back :)
The major changes are:
- - Added a configurable timeout (maximum runtime) for the plugin, to
avoid any lockups/unwanted delays
-
Hello all.. Running OS/X, SA 3.1.3 ...
Recently, and unfortunately, I don't check my logs that often, but it
goes back at least as far back as my logs go (5 days), I'm getting
the below in my mail.log:
Aug 25 14:01:58 www spamd[257]: dns: sendto() failed: Connection
refused at
On Friday 25 August 2006 13:17, decoder wrote:
Another wish: I'd like to create a database to ship with the plugin so
it can be used out of the box but I do not have much samples here, so
it would be nice if you sent me picture samples of common picture spam
you get with [picture sample] in
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
John Andersen wrote:
On Friday 25 August 2006 13:17, decoder wrote:
Another wish: I'd like to create a database to ship with the
plugin so it can be used out of the box but I do not have much
samples here, so it would be nice if you sent me
On Fri, 25 Aug 2006, Evan Platt wrote:
Aug 25 14:01:58 www spamd[257]: dns: sendto() failed: Connection
refused at /Library/Perl/5.8.6/Mail/SpamAssassin/DnsResolver.pm line
339, GEN7 line 97.\n
Verify that the DNS server is actually running on any hosts that
you're looking to for DNS
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Michael Scheidell wrote:
Now if you could just ocr the whole thing as text, and pass it back to
SA to score!
I explained before why this is not going to happen really soon:
a) It is VERY hard to realize. To preserve the message, you would need
two
On Friday 25 August 2006 13:41, John D. Hardin wrote:
On Fri, 25 Aug 2006, Evan Platt wrote:
Aug 25 14:01:58 www spamd[257]: dns: sendto() failed: Connection
refused at /Library/Perl/5.8.6/Mail/SpamAssassin/DnsResolver.pm line
339, GEN7 line 97.\n
Verify that the DNS server is actually
On Friday 25 August 2006 13:39, decoder wrote:
Maybe it would. But this kind of hash is no real hash. It is just a
combination of picture features that I invented... but it seems
reliable in my tests so far.
Not sure it matters a whole lot what the actual content is when using
Razor. If
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
John Andersen wrote:
On Friday 25 August 2006 13:39, decoder wrote:
Maybe it would. But this kind of hash is no real hash. It is
just a combination of picture features that I invented... but it
seems reliable in my tests so far.
Not sure it
On Fri, 25 Aug 2006, Michael Scheidell wrote:
Now if you could just ocr the whole thing as text, and pass it
back to SA to score!
That's what I was thinking, and would allow leverage by a lot of
plugins (e.g. the Word plugin I am prepping to start)...
Create some PerMsgStatus string variable
On Fri, Aug 25, 2006 at 01:44:54PM -0800, John Andersen wrote:
It seems likely that he would have notices such a glaring deficiency, No?
Possibly. My recollection is that Net::DNS only looks at the first server
entry in resolv.conf. So if that server happens to not be running named, the
system
On Friday 25 August 2006 13:55, Theo Van Dinter wrote:
On Fri, Aug 25, 2006 at 01:44:54PM -0800, John Andersen wrote:
It seems likely that he would have notices such a glaring deficiency, No?
Possibly. My recollection is that Net::DNS only looks at the first server
entry in resolv.conf. So
On Fri, Aug 25, 2006 at 11:43:47PM +0200, decoder wrote:
a) It is VERY hard to realize. To preserve the message, you would need
two plugins, one that runs as first rule, converts the message to text
only, and another one that runs as last rule and puts the image back
into the message (so the
At 02:44 PM 8/25/2006, you wrote:
It seems likely that he would have notices such a glaring deficiency, No?
my resolv.conf consists of
nameserver 192.168.1.66
(my router).
Without DNS, a whole lot of stuff is broke.
I wonder if he has all necessary Perl Modules.
I'm open to suggestions,
On Fri, 25 Aug 2006, John Andersen wrote:
On Friday 25 August 2006 13:17, decoder wrote:
Another wish: I'd like to create a database to ship with the plugin so
it can be used out of the box but I do not have much samples here, so
it would be nice if you sent me picture samples of common
On Friday 25 August 2006 14:09, Evan Platt wrote:
At 02:44 PM 8/25/2006, you wrote:
It seems likely that he would have notices such a glaring deficiency, No?
my resolv.conf consists of
nameserver 192.168.1.66
(my router).
Manually change that to your ISPs DNS server, or better yet, to his
On Fri, 25 Aug 2006, John Andersen wrote:
Verify that the DNS server is actually running on any hosts that
you're looking to for DNS services. /etc/resolv.conf should list them.
Connection Refused means there's nothing listening at the port
you're trying to connect to. In this case, it
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
John D. Hardin wrote:
On Fri, 25 Aug 2006, John Andersen wrote:
On Friday 25 August 2006 13:17, decoder wrote:
Another wish: I'd like to create a database to ship with the
plugin so it can be used out of the box but I do not have much
samples
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Theo Van Dinter wrote:
On Fri, Aug 25, 2006 at 11:43:47PM +0200, decoder wrote:
a) It is VERY hard to realize. To preserve the message, you would
need two plugins, one that runs as first rule, converts the
message to text only, and another one
At 03:12 PM 8/25/2006, you wrote:
Manually change that to your ISPs DNS server, or better yet, to his
Secondary. Try that for a bit...
Done.
Still getting
Aug 25 15:26:09 www spamd[281]: bayes: bayes db version 0 is not able
to be used, aborting! at
On Friday 25 August 2006 14:27, Evan Platt wrote:
At 03:12 PM 8/25/2006, you wrote:
Manually change that to your ISPs DNS server, or better yet, to his
Secondary. Try that for a bit...
Done.
Still getting
Aug 25 15:26:09 www spamd[281]: bayes: bayes db version 0 is not able
to be used,
On Fri, 25 Aug 2006, John D. Hardin wrote:
I think he was speaking of word lists.
Sigh. That's what I get for reading and responding in sequence.
--
John Hardin KA7OHZICQ#15735746http://www.impsec.org/~jhardin/
[EMAIL PROTECTED]FALaholic #11174pgpk -a [EMAIL PROTECTED]
key:
On Aug 24, 2006, at 10:11 AM, [EMAIL PROTECTED] wrote:
Since upgrading to 3.14, when I turn on bayes auto-learn with:
bayes_auto_learn 1
and I set the learn boundaries with:
bayes_auto_learn_threshold_nonspam-3.5
bayes_auto_learn_threshold_spam 15.5
I get unexpected
On Fri, 25 Aug 2006, Theo Van Dinter wrote:
On Fri, Aug 25, 2006 at 11:43:47PM +0200, decoder wrote:
a) It is VERY hard to realize. To preserve the message, you would need
two plugins, one that runs as first rule, converts the message to text
only, and another one that runs as last rule and
-Original Message-
From: John Andersen [mailto:[EMAIL PROTECTED]
Sent: Friday, August 25, 2006 4:20 PM
To: users@spamassassin.apache.org
Subject: Re: Discourage broken content
On Friday 25 August 2006 12:10, Rick Cooper wrote:
That is patently false. I have a graphics
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Expertsites, Inc. wrote:
From: decoder [EMAIL PROTECTED]
Hello,
I just uploaded FuzzyOcr 2.3b to the download site. If you find
bugs or run into problems, please mail back :)
This release failed to recognize the sample png.eml file with
From: [EMAIL PROTECTED]
On Aug 24, 2006, at 10:11 AM, [EMAIL PROTECTED] wrote:
Since upgrading to 3.14, when I turn on bayes auto-learn with:
bayes_auto_learn 1
and I set the learn boundaries with:
bayes_auto_learn_threshold_nonspam-3.5
bayes_auto_learn_threshold_spam 15.5
I
From: Gino Cerullo [EMAIL PROTECTED]
On 25-Aug-06, at 3:20 PM, Kenneth Porter wrote:
--On Friday, August 25, 2006 12:05 AM -0700 Plenz [EMAIL PROTECTED]
online.de wrote:
I disagree. To check out what happens I converted a JPG picture
into a GIF
file
and sent it to myself. One time I
Logan Shaw wrote:
So... is it safe to assume their servers are configured
incorrectly? Or should our MTA be somehow adding that
header if it's missing? Or is there some other way that our
MailScanner+SpamAssassin combo should be getting the envelope
sender information?
MailScanner
Here's another example:
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.1.4 (2006-07-25) on localhost
X-Spam-Level: *
X-Spam-Status: Yes, score=6.0 required=5.0
tests=ADVANCE_FEE_1,BAYES_95,
DNS_FROM_RFC_ABUSE,DNS_FROM_RFC_POST,SPF_HELO_PASS
autolearn=spam
Hello,
I just uploaded FuzzyOcr 2.3b to the download site. If you find
bugs or run into problems, please mail back :)
The jpeg.eml and png.eml samples failed to provide FuzzyOcr hits on my
system because the messages scored higher than the default
focr_autodisable_score. You should mention
I think we should discourage all broken content in email and on the
web.
At one time we could assume that broken content was an honest
mistake and make an attempt at fixing it. But with the rise of
malicious content attempting to exploit bugs in content handlers
(like overruns in
Today I got animated spam. The first frame only with dots an lines, the
second frame with spam text, the third frame again with dots and lines. The
duration of the text frame is very long, the others are very short.
Is there a command line utility which can extract animated GIFs?
--
View this
68 matches
Mail list logo
