Hi Guys,
We have recently been suffering from tons of inline image spam but this has
been pretty much killed by installing FuzzyOCR. Over the last week I have
been adding to the FuzzyOCR words file, and recently went on a Web search to
see what other lists I could find - to my surprise there
Sorry, my fault. Having now done spamd -D it is indeed showing the
following:
[1108] dbg: plugin: fixed relative path:
/var/lib/spamassassin/3.001007/updates_spamassassin_org/50_scores.cf
So, I suppose sa-update is working for spamd as well
-Original Message-
From: Theo Van Dinter
thank you for your help. that worked. but i was having another problem as
well :)
I am not able to match : in the regular expression.
for example I was trying to match Symbol:
body LOCAL_DEMONSTRATION_RULE /\bsymbol:\b/i
score LOCAL_DEMONSTRATION_RULE 6.0
describe LOCAL_DEMONSTRATION_RULE
Sonnie wrote:
Matt Kettler-3 wrote:
Okay... I see. So since that mail is addressed to a valid email address it
is being sent on through to my inbox.
So, is there any way to get Spamassassin to do more than just mark it? Is
there a way to get it to delete it or at least send it
-Original Message-
From: Robert LeBlanc [mailto:[EMAIL PROTECTED]
Sent: Sunday, December 10, 2006 9:53 PM
To: SpamAssassin
Subject: Re: Synchronising Bayes mysql data between two server
On that note, one relatively simple solution that has worked
well at a number of larger Maia
-Original Message-
From: Nigel Kendrick [mailto:[EMAIL PROTECTED]
Sent: Monday, December 11, 2006 11:25 AM
To: users@spamassassin.apache.org
Subject: FuzzyOCR Words List
Hi Guys,
We have recently been suffering from tons of inline image spam but this
has
been pretty much
set delivery off
At 06:19 AM 12/10/2006 -0800, John Rudd wrote:
The Botnet plugin seems to catch the vast majority of them here. Have you
tried it?
Nope, been considering it though. I did check my spam bin and it
appears that only about one in twenty of those advice spams are getting
through, so
Those razor2 and pyzor checks look interesting, but I haven't seen
them on any of my emails that get filtered. Is that something special you
have to setup, or is it a default feature of SA?
Steven Lake
Owner/Technical Writer
Raiden's Realm
www.raiden.net
A friendly web community
I thought all the stupid spammers were already eliminated. But now there
is another full generation alive
These spammers use specific patterns for their from-ids that makes
themselves too obvious. It took us quite a while to find out what was
hammerring us but Now I am blocking all these spams
Hello All,
What is the preferred to backup the following bayesiab DB files?
What is the suggested frequency to make backups of the following DBase's?
# ls -l /var/spool/amavis/.spamassassin/
total 14366
drwx-- 2 vscan vscan 280 Dec 11 15:18 .
drwx-- 1 vscan root 456 Dec 10
As spam keeps increasing in volume and complexity we will eventually
lose the war on spam if we don't change the standards. I'd like to open
a discussion about what needs to be done and how to go about doing that.
So I'll start.
Any changes to the standard needs to be evolutionary. If we add
-Original Message-
From: Marc Perkel [mailto:[EMAIL PROTECTED]
Sent: Monday, December 11, 2006 8:49 AM
To: users@spamassassin.apache.org
Subject: Breaking up the Bot army - we need a plan
We can talk about other things but I'll stop here to focus on
the bot army.
I think you
On Monday 11 December 2006 15:57, Duncan, Brian M. wrote:
ISP's client address). The places I've been using it, and the people I
hear about who are using it, have seen a high degree of success.
It can be downloaded from:
http://people.ucsc.edu/~jrudd/spamassassin/Botnet.tar
I just
On Mon, Dec 11, 2006 at 11:14:03AM +, kailash vyas wrote:
I am not able to match : in the regular expression.
for example I was trying to match Symbol:
body LOCAL_DEMONSTRATION_RULE /\bsymbol:\b/i
remove the trailing \b (unless you expect there to be alphanumeric chars
right after the
Duncan Hill wrote:
On Monday 11 December 2006 15:57, Duncan, Brian M. wrote:
ISP's client address). The places I've been using it, and the people I
hear about who are using it, have seen a high degree of success.
It can be downloaded from:
On Mon, 11 Dec 2006, Duncan, Brian M. wrote:
From: Marc Perkel [mailto:[EMAIL PROTECTED]
We can talk about other things but I'll stop here to focus on
the bot army.
I think you are preaching to the wrong crowd.
If you want to help lower your Spam from botnets look into the
botnet
On Monday 11 December 2006 16:16, John Rudd wrote:
Duncan Hill wrote:
I just finished a very quick test of the Botnet tool, and the sheer
number of FPs against eBy mail coming from eBay's servers was staggering
- literally every single mail from eBay. It also, for my testing, hit on
a
From: Sonnie [EMAIL PROTECTED]
Matt Kettler-3 wrote:
As I understand it, the cpanel/exim blackhole setting for the default
will discard *ALL* mail that isn't addressed to an existing valid
account.
This feature has absolutely nothing to do with what spamassassin thinks
of your message.
LuKreme wrote:
On 8-Dec-2006, at 13:35, Robert S wrote:
spamassassin --debug --lint 21 | less
I went with
# spamassassin -D --lint 21| grep -i dcc
[85448] dbg: config: read file /usr/local/share/spamassassin/25_dcc.cf
[85448] dbg: plugin: registered
FuzzyOcr is proving to be useful but it does seem to be a bit too 'Fuzzy' at
times...
[2006-12-08 13:27:47] Debug mode: Found word best in line
shotermprcetargetoo
with fuzz of 0.25 scanned with scanset /usr/bin/gocr
-i -
[2006-12-08 13:27:47] Debug
David Morton wrote:
Daryl C. W. O'Shea wrote:
Additionally, this channel's bundle includes a pre file that loads a
bunch of plugins, some of which that there's a good chance you don't
really care to have running, like HashCash (and for many Pyzor)...
all these are loaded:
Actually,
The bayes_auto_learn default is 1 and the bayes db increases automatically.
I cleared bayes db and I put bayes_auto_learn 0 (in local.cf), but the bayes
db increases automatically too.
I don't want to increase automatically the bayes db, how can I do?
Thank
Andrea
Karl Auer wrote:
It might be a bad idea, but I've set the score for BAYES_00 to zero.
It seemed to me that the only emails (other than VERY short ones)
that ever got a zero Bayes rating were spams :-) and the -4.9 that
BAYES_00 gives by default seemed more than excessive.
Anyway, my
Again I think you are preaching to the wrong crowd.
No offense meant.
Please distinguish between filtering spam (a solution that
keeps spam out of your mailbox) and changing the protocols
and/or ISP behavior to make spamming more difficult (a
solution which keeps spam off the wire in the
On Mon, Dec 11, 2006 at 12:07:17PM +0500, Shahzad Abid wrote:
I want to allow this particular client's IP address in ALLOW list of SA.
What should I do to achieve this task as I am newbie to SA.
What do you mean by allow list? Bypass scanning, whitelist, etc?
Generally speaking, if you
Nigel Kendrick wrote:
FuzzyOcr is proving to be useful but it does seem to be a bit too 'Fuzzy' at
times...
First of all, try lowering the focr_threshold to 0.25 or even lower
Secondly, add custom thresholds for the rules that misfire
For example change the line with 'best' to
best::0.2
So that
Michael Schaap wrote:
2.0 BOTNET The submitting mail server looks like part
[ip=12.34.56.789 rdns=dhcp12.34.example.org]
The bad news, of course, is that BOTNET is a meta rule, so you can't do
this for that rule. You can still do so for the
Duncan Hill wrote:
On Monday 11 December 2006 16:16, John Rudd wrote:
Duncan Hill wrote:
I just finished a very quick test of the Botnet tool, and the sheer
number of FPs against eBy mail coming from eBay's servers was staggering
- literally every single mail from eBay. It also, for my
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Marc Perkel wrote:
How do we isolate
end users so that they can't get viruses as easily and spread them as
easily?
That would seem to be the job of filters, either upstream from the
end-users or installed on their computers. Upstream solutions
John Rudd wrote:
Marc Perkel wrote:
I'm someone who works from home and provides so service from home. So
I would not want to be prohibited from running an email server from
home. But if I had to got to a web panel that my ISP provided to open
up ports that would be fine with me.
I'm
From: John Rudd [mailto:[EMAIL PROTECTED]
Marc Perkel wrote:
I'm someone who works from home and
provides so service from home. So I would not want to be
prohibited from
running an email server from home. But if I had to got to a web panel
that my ISP provided to open up ports that
Matthias Keller wrote:
John Rudd wrote:
Marc Perkel wrote:
I'm someone who works from home and provides so service from home. So
I would not want to be prohibited from running an email server from
home. But if I had to got to a web panel that my ISP provided to open
up ports that would be
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Matthias Keller wrote:
And just closing port 25 outgoing wont help for long as spammers just
switch to submission port
Yes, but the point of using a submission port to segregate the traffic
channels is not to obfuscate things for spammers, it's to
On Mon, 11 Dec 2006, John Rudd wrote:
Marc Perkel wrote:
I'm someone who works from home and
provides so service from home. So I would not want to be prohibited from
running an email server from home. But if I had to got to a web panel
that my ISP provided to open up ports that would
On Mon, 11 Dec 2006, Matthias Keller wrote:
I'm curious.. as someone who ALSO runs a home mail server...
What's wrong with evolving best practices to require that our outgoing
email be channeled through our ISP's mail server, instead of having
our customer-assigned IP addresses
I'm using Debian's 3.0.3-2sarge1 spam assassin package and I'm
attempting to use sa-learn to train the bayesian filter. I've built up a
corpus of spam in an IMAP/mbox folder using Thunderbird. The folder has
approximately 500 messages.
Something appears to be going wrong though, sa-learn only
Robert LeBlanc wrote:
Connections arriving on port 25 can be assumed to come from
servers with MX records, so that becomes a testable assumption and a
precondition for connection.
Since when? If I rejected mail on that condition I would never have
received your message.
Daryl
i noted in a recent thread a suggestion to not feed bayes-poisoning
spam to sa-learn.
that's an interesting thought; and actually makes some initial sense to me.
is this, in fact, widely suggested/recommended?
e.g., if i have a blabby, bayes-poisoning spam that already scores high,
John D. Hardin wrote:
On Mon, 11 Dec 2006, Matthias Keller wrote:
I'm curious.. as someone who ALSO runs a home mail server...
What's wrong with evolving best practices to require that our outgoing
email be channeled through our ISP's mail server, instead of having
our customer-assigned
On Mon, Dec 11, 2006 at 07:59:15PM +, James Davis wrote:
corpus of spam in an IMAP/mbox folder using Thunderbird. The folder has
approximately 500 messages.
$ sa-learn --spam Mail/Junk
Learned from 1 message(s) (1 message(s) examined).
Any ideas what it is?
Tell sa-learn that it's a
Hello!
I've been using SpamAssassin here for some time now, and haven't done
much configuration. Procmail calls spamassassin on my Gentoo Linux box,
configured without bayes but with network checks.
Now I realized that mail I send will be marked by such a setup as spam.
There are mostly two
John D. Hardin wrote:
On Mon, 11 Dec 2006, John Rudd wrote:
Marc Perkel wrote:
I'm someone who works from home and
provides so service from home. So I would not want to be prohibited from
running an email server from home. But if I had to got to a web panel
that my ISP provided to open up
James Davis wrote:
I'm using Debian's 3.0.3-2sarge1 spam assassin package and I'm
attempting to use sa-learn to train the bayesian filter. I've built up a
corpus of spam in an IMAP/mbox folder using Thunderbird. The folder has
approximately 500 messages.
Something appears to be going wrong
Theo Van Dinter wrote:
Tell sa-learn that it's a mbox file ala --mbox, otherwise the default is
file. :)
Thank you. Where do I apply for the idiot of the year award? ;-)
James
--
http://www.freecharity.org.uk/ - Free hosting for charities
http://picasaweb.google.com/jrwdavis - Photography
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Daryl C. W. O'Shea wrote:
Robert LeBlanc wrote:
Connections arriving on port 25 can be assumed to come from
servers with MX records, so that becomes a testable assumption and a
precondition for connection.
Since when? If I rejected mail on
Robert LeBlanc wrote:
Connections arriving on port 25 can be assumed to come from
servers with MX records, so that becomes a testable assumption and a
precondition for connection.
There are two things that are wrong with that statement.
1) MX records are a good idea, not an absolute
Matthias Keller wrote:
John D. Hardin wrote:
On Mon, 11 Dec 2006, Matthias Keller wrote:
I'm curious.. as someone who ALSO runs a home mail server...
What's wrong with evolving best practices to require that our
outgoing email be channeled through our ISP's mail server, instead
of having
so what is wrong with a MTA that
- checks helo and just takes a note
- accepts smtp auth, if provided (and erases bad notes from the helo in that
case)
- accepts an optional second helo after the auth and discards it
- accepts mail from and rcpt to
... and at the first rcpt to issues a 5xx if the
Robert LeBlanc wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Daryl C. W. O'Shea wrote:
Robert LeBlanc wrote:
Connections arriving on port 25 can be assumed to come from
servers with MX records, so that becomes a testable assumption and a
precondition for connection.
Since when? If I
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
John Rudd wrote:
Robert LeBlanc wrote:
Connections arriving on port 25 can be assumed to come from
servers with MX records, so that becomes a testable assumption and a
precondition for connection.
There are two things that are wrong with that
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Daryl C. W. O'Shea wrote:
You said that if you're only expecting
mail from non-local domains (MX-to-MX) on port 25 you can reject hosts
if they don't have an MX record. That's not true and that's what I said.
As I conceded in another post a few
Robert LeBlanc wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
John Rudd wrote:
Robert LeBlanc wrote:
Connections arriving on port 25 can be assumed to come from
servers with MX records, so that becomes a testable assumption and a
precondition for connection.
There are two things that
JamesDR wrote:
SPF already does this
poorly.
We need something that actually works.
Robert LeBlanc wrote:
My mistake, then; thanks for the clarification. I suppose what we
need, then, is something like a TX record for helping to identify
outbound mail servers.
That already exists. It's called SPF.
--
Bowie
John Rudd wrote:
JamesDR wrote:
SPF already does this
poorly.
We need something that actually works.
And what would you do differently? An SPF record is basically just a list
of valid mail servers for a domain plus a bit of information about how
strict the domain wants to be
On Mon, 11 Dec 2006, Matthias Keller wrote:
John D. Hardin wrote:
On Mon, 11 Dec 2006, Matthias Keller wrote:
And forcing users to use their ISP's mail server efficively defeats SPF
How so?
I'm assuming a home business owner owns and uses their own domain and
has the ability
Hi,
I was checking on some rule changes that I made to my SA box and noticed that I
had misconfigured my /etc/procmailrc by not including DROPPRIVS=yes so spamd
was running as root. I included DROPPRIVS=yes and restarted spamd but then I
noticed some razor2 errors popping up:
Dec 11 11:52:40
On Mon, 11 Dec 2006, John Rudd wrote:
Think open relay. The ISP mailserver should only be accepting mail
*from* their domain or *to* their domain. Mail from and to domains
they don't own should be blocked.
I think you're mis-stating this.
1) Being an open relay isn't about accepting
On Mon, 11 Dec 2006, Robert LeBlanc wrote:
My mistake, then; thanks for the clarification. I suppose what we
need, then, is something like a TX record for helping to
identify outbound mail servers.
SPF
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
[EMAIL
On Mon, 11 Dec 2006, Henry Kwan wrote:
I was checking on some rule changes that I made to my SA box and noticed that
I
had misconfigured my /etc/procmailrc by not including DROPPRIVS=yes so spamd
was running as root.
erm. Are you sure you're running spam*D* from procmail? That's not
On Mon, 11 Dec 2006, Marc Perkel wrote:
All outgoing email from consumers should by default be required to
use authenticated SMTP or some new authenticated protocol.
Unfortunately this is defeated by a Remember this password? option
in the mail client. A bot can easily retrieve the
John D. Hardin jhardin at impsec.org writes:
erm. Are you sure you're running spam*D* from procmail? That's not
correct. Either you run spamd as root as a system service and run
spam*C* (the client) from procmail, or you run spamassassin from
procmail and don't run spamd at all...
Hi,
John Rudd wrote:
JamesDR wrote:
SPF already does this
poorly.
We need something that actually works.
Would you care to elaborate on why SPF doesn't work for sender
verification? Its pretty simple, doesn't get much more simple that what
SPF does... If SPF doesn't work, nothing
John D. Hardin wrote:
On Mon, 11 Dec 2006, Marc Perkel wrote:
All outgoing email from consumers should by default be required to
use authenticated SMTP or some new authenticated protocol.
Unfortunately this is defeated by a Remember this password? option
in the mail client. A bot can easily
Matthias Keller wrote:
John D. Hardin wrote:
On Mon, 11 Dec 2006, Matthias Keller wrote:
I'm curious.. as someone who ALSO runs a home mail server...
What's wrong with evolving best practices to require that our
outgoing email be channeled through our ISP's mail server, instead
of having
JamesDR wrote:
John Rudd wrote:
JamesDR wrote:
SPF already does this
poorly.
We need something that actually works.
Would you care to elaborate on why SPF doesn't work for sender
verification? Its pretty simple, doesn't get much more simple that what
SPF does... If SPF doesn't
On Mon, 11 Dec 2006, John Rudd wrote:
I look up the SPF record for foo.com. It says: +all
...so the SPF spec has some holes that permit abuse. Tighten the spec
my prohibiting +all and +0.0.0.0/1 +8.0.0.0/1 and similar nonsense,
and/or modify SPF client implementations to place an upper limit
In my above example, SPF did nothing useful. And, my example shows
exactly why SPF does not help at all with the spambot
problem. If I'm a
spambot wrangler, I create a group of throw-away domains, put in SPF
records for them that say +all, and then send out my storm of spam.
Then I
On Mon, 2006-12-11 at 14:41 -0800, Bret Miller wrote:
took me almost 2 months to get all the issues straightened out after we
moved and changed ISPs. Everything's an extra cost option. But I have
a nice list now, so next time they all get negotiated as included
before we sign the contract.
John D. Hardin wrote:
This doesn't mean SPF is crap.
As SPF currently exists, it is crap.
-Original Message-
From: Leon Kolchinsky [mailto:[EMAIL PROTECTED]
Sent: Monday, December 11, 2006 8:54 AM
To: users@spamassassin.apache.org
Subject: backup for bayesian DB
Hello All,
What is the preferred to backup the following bayesiab DB
files? What is the suggested
On Monday 11 December 2006 16:50, JamesDR wrote:
Would you care to elaborate on why SPF doesn't work for sender
verification? Its pretty simple, doesn't get much more simple that what
SPF does... If SPF doesn't work, nothing will.
There is nothing in SPF to keep a spammer with a botnet from
On Mon, 11 Dec 2006, Bret Miller wrote:
OTOH, I can see where a spammer could easily register a bunch of
domains, and then update the SPF records to include the specific
spambots that are delivering e-mail from each domain.
That's not a problem. That means you can with high confidence toss
John Rudd wrote:
a) if you're big, have reverse DNS that works, looks like a server, and
doesn't look like a client (ie. the things Botnet looks for).
b) if you're small:
i) try to get your ISP to do the right thing (above) with your
reverse DNS, or
ii) get a hosted service that does
From: news [mailto:[EMAIL PROTECTED] Behalf Of Mark Nienberg
I think the false positives are coming almost entirely from small
businesses running
an in-house exchange server. I also think that a lot of them use
a filtering service
like postini in front of their exchange machine,
On Tue, Dec 12, 2006 at 12:38:02AM -, Geoff Soper wrote:
I'm moving from calling SA on a per message basis to using spamc. This
means I need to specify a value for SA_RESTART. Should I being using
/usr/bin/spamassassin or /etc/rc.d/init.d/spamassassin and reload or
restart? What's the
In the welcome message that I received when I subscribed to this list it says:
Send mail to the following for info and FAQ for this list:
[EMAIL PROTECTED]
[EMAIL PROTECTED]
But the info address returns an error message and the faq address says there
are no faqs.
The welcome message
Mark Nienberg wrote:
In the welcome message that I received when I subscribed to this list it
says:
Send mail to the following for info and FAQ for this list:
[EMAIL PROTECTED]
[EMAIL PROTECTED]
Useless addresses, I also tried.
[snip]
But a message I sent to that address bounced
René Berber wrote:
No dice ;-) I tried the same you are doing, since I read the newsgroup using
Gmane, and what I found out (very easily) is that this list uses ezmlm, and that
piece of ... doesn't have that functionality, in fact has very little
functionality (compared to Mailman).
Oh, I
snowcrash+spamassassin wrote:
i noted in a recent thread a suggestion to not feed bayes-poisoning
spam to sa-learn.
I missed that thread, but IMNSHO, that's Horsehockey.
Please, ask them to explain how well bayes-poisoning spam works in a
system with chi-squared combining? Actually, ask them
I was wondering if SA could be modified to take an IP address
for the second argument to whitelist_from_rcvd as well as a
domain/host name string.
Lately I seem to be dealing with a lot of small businesses with
poorly set-up mail servers, and no rDNS. Sigh.
It would be useful to not bounce
On Wed, Dec 06, 2006 at 12:30:10PM +0100, Ralf Hildebrandt wrote:
Yes, using diff I found that only line that is different is the addition of
require_version 3.001007. in /usr/share/spamassassin/20_drugs.cf.
But what is your question? OK, one line changed. Maybe somebody forget
to add the
Once again, Perkel clutters the SpamAssassin list with a non-SpamAssassin
discussion. One which, IIRC, he's just rehashing from a year or so ago
(are we going to see a rehash of the the future of email storage is sql
thread, too?). There are FAR more appropriate forums for these non-SA
related
Philip Prindeville wrote:
I was wondering if SA could be modified to take an IP address
for the second argument to whitelist_from_rcvd as well as a
domain/host name string.
Unfortunately, no. It would be a nice feature to add.
whitelist_from_rcvd_ip or some such.
Lately I seem to be
Suppose I have two servers using spamd. Server a has a max of 30 connection.
I run spamc -d serverA,serverB
Now suppose serverA has 30 connections already and is at the limit. Will
spamc be denied and fail over to serverB?
Am Montag, 11. Dezember 2006 23:41 schrieb Bret Miller:
So perhaps SPF should consider removing +all as an option.
Realisticly anyone that has to say my e-mail might come from
anywhere is contributing to the problem and probably deserves to
have e-mail bounced.
sounds like a possible SA
Am Dienstag, 12. Dezember 2006 05:09 schrieb Steve Thomas:
Is anyone else getting tired of this? Forty eight messages on the
SA list today that have nothing to do with SA. What's the point of
having a topical mailing list if nobody cares that the discussion
is off-topic?
if you're so opposed
88 matches
Mail list logo
