--On Monday, June 22, 2009 5:59 PM -0700 John Hardin jhar...@impsec.org
wrote:
On Mon, 22 Jun 2009, Cerebus wrote:
The zip file contains a file with the name:
document.pdf .exe
(note the long run of spaces)
My security sanitizer would
On Thursday, July 30, 2009 2:01 PM -0700 ktn j_engl...@kawasaki-tn.com
wrote:
Actually I think Nabble is great for those of us who can't handle the
traffic of the whole mailing list.
Or you could use a news reader pointed at Gmane's news server and subscribe
to the SA newsgroups. A web
--On Tuesday, August 04, 2009 2:17 PM +1200 Jason Haar
jason.h...@trimble.co.nz wrote:
strace shows spamd running around looking for unicore/lib/gc_sc files -
which is related to unicode stuff. I don't know if that's the problem -
but that's all I could find.
This looks like a good candidate
This just seems like another good way to sneak spam through:
http://myemailpets.com/
I love to share photos of my cat, but I don't want to choke up the email
system with them, esp. if it enables spammers one more avenue to piggyback
their crap on.
A recent thread on spam detection suggested that geographical distance from
sender to recipient correlates with spam, and that spammers tend to cluster
geographically. Are there any plugins that can calculate these distances? I
suppose the output would be two rules (or two sets of rules, with
--On Thursday, August 06, 2009 2:53 PM -0400 Michael Scheidell
scheid...@secnap.net wrote:
enable the ASN plugin.. it will create bayes tokens.
then train your system, any ASN that sends you mostly spam will hit
bayes_50%?
Is there a way to get the ASN plugin to report on other than the
Is there a plugin that can read a text file of keywords, one per line, and
build the equivalent Perl regex rule for keywords in the Subject line?
From http://wiki.apache.org/spamassassin/:
SpamAssassin is a mature, widely-deployed open source project that serves
as a mail filter to identify Spam. SpamAssassin uses a variety of
mechanisms including header and text analysis, Bayesian filtering, DNS
blocklists, and collaborative filtering
I've been seeing pill spam with lots of identical URIs pointing at
feedproxy.google.com over the last week or two. All the URI's seem to be
this (leading http slash slash removed):
feedproxy.google.com/~r/CraigslistHoustonAllForSale/WantedSearchquothealthquot/~3/3yX2enlGlyE/
I've no idea
--On Monday, November 16, 2009 10:27 AM -0800 John Hardin
jhar...@impsec.org wrote:
meta MANY_GOOG_PROXY __FEEDPROXY 5
Got one with exactly 5 today. Looks like they're learning.
On Tuesday, September 11, 2007 12:30 PM -0700 Marc Perkel [EMAIL PROTECTED]
wrote:
The details are a little to complex for this forum but the new trick is
mostly based on the fact that spam bots general don't issue the QUIT
command and when combined with other factors allows me to catch spam
--On Wednesday, September 19, 2007 12:16 PM +0100 Randal, Phil
[EMAIL PROTECTED] wrote:
If you don't want to annoy a lot of people your spamming (oops,
newsletter sending) software needs to deal with NDRs back from
recipient's domains and either put their subscription on hold after a
small
--On Thursday, September 27, 2007 7:05 PM +0200 Giampaolo Tomassoni
[EMAIL PROTECTED] wrote:
The only problem is that a spammer could query it days before it will
bulk send, thereby impairing the effectiveness of such approach.
I think we need some official data like the domain's creation
Is there a new PayPal phish going about? This almost looks legitimate, and
I imagine it would have a lot of appeal to the survey-lovers. (I had no
communication with PayPal this week, so I know this is bogus.)---BeginMessage---
Dear Kenneth Porter,
On 09/26/2007, I sent you an email regarding
On Friday, October 26, 2007 11:55 PM +0200 KarstenBräckelmann
[EMAIL PROTECTED] wrote:
NOTE: I only did a very brief investigation of Date: headers sent by
The Bat! users on this list. If anyone can assure this, or got any
inside knowledge whether The Bat! can or can not generate such headers
--On Tuesday, October 30, 2007 3:43 PM -0700 Loren Wilton
[EMAIL PROTECTED] wrote:
FWFW, I ran masschecks on the original posted rules and got zero hits in
any corpus. That rather surprised me. But it may indicate that this is
either a very recent thing or isn't all that universal.
Did you
I'm seeing a lot of these spammed to my Mailman mailing lists. They
generally consist of a single line with an obfuscated URL and a couple of
blank lines. The URL looks like abcde . com (ie. a space on either side
of the dot).
Does anyone have a rule to score these? I don't have Bayes at the
--On Friday, November 23, 2007 9:57 PM -0800 Loren Wilton
[EMAIL PROTECTED] wrote:
If you post one or two somewhere I can write you a simple rule. I could
write something from just what you described, but I'd be real concerned
about the FP rate. If I see a couple messages I can probably do a
--On Friday, November 23, 2007 10:27 PM -0800 Loren Wilton
[EMAIL PROTECTED] wrote:
header __THE_BAT X-Mailer /^The Bat/
body__BROKEN_LINK/^[\w\.\-]{1,25}\s\.com\s*$/
meta SMALL_MIND__THE_BAT __BROKEN_LINK
score SMALL_MIND3.5
Linting showed the header needs this:
header
Anyone seen these? text/plain and HTML parts, seem to have same content,
saying there's a virus, please delete, and some gibberish. I'm guessing
it's some kind of probe.
I'm seeing a lot of these today, and Bayes seems to be letting a lot of
them leak through. Any good rule for stopping them? The links are always to
a Geocities page.
--On Tuesday, December 18, 2007 8:16 PM -0500 Matt Kettler
[EMAIL PROTECTED] wrote:
Do you have network checks enabled? I just grabbed one and it seemed to
hit XBL, SpamCop and Razor2 pretty nicely:
I'm not using Razor, and I have SpamCop disabled (since October 1). Alas I
didn't put a
--On Monday, January 07, 2008 6:57 PM + UxBoD [EMAIL PROTECTED]
wrote:
Is a RPM available for Centos5 yet ?
Enable the RPMForge repository to get the latest SA. I just did a
check-update and it's got 3.2.4 available.
RPMForge also carries a number of related packages, such as
I just found my MSDN renewal in my spam folder, and rightly so. It has all
kinds of spam-sign in it. I'm pasting the offending headers below.
Apparently these are being sent from some non-MS server with a long
delivery delay, all-HTML. Any comments?
(My company name replaced with mycompany.)
--On Thursday, June 01, 2006 1:41 PM -0400 DAve [EMAIL PROTECTED]
wrote:
Currently 3.0.4 on the toasters, 3.0.2 on the MailScanner boxes. These
may or may not get updates this month. I've never been fond of update
as a solution to a problem unless I know the change in version will
directly
On Friday, June 02, 2006 9:47 PM -0400 JamesDR [EMAIL PROTECTED]
wrote:
How many messages have you trained? You'll need 200 each to get it going,
and I recommend at least a thousand of each to really get it going.
I use procmail to distribute my mail to over a hundred folders in a large
On Friday, June 02, 2006 10:51 PM -0400 Gary D. Margiotta [EMAIL PROTECTED]
wrote:
# !/bin/sh
cd mail/Lists
for x in `ls`
do
sa-learn --ham --mbox $x
done
Thanks, that handles the top level. ;)
I figure I'll need to do something like:
find mail/Lists -type f -exec sa-learn --ham
--On Friday, June 02, 2006 11:28 PM -0400 Gary D. Margiotta
[EMAIL PROTECTED] wrote:
Yep, but his original e-mail said mail/Lists was for ham training,
nothing about spam, so that's why I put that in there. It really was a
quick and dirty answer, and in his other reply, there's more folders
, Kenneth Porter wrote:
On Saturday, June 10, 2006 10:07 AM -0400 Charles Marcus
[EMAIL PROTECTED] wrote:
A reference to DBMail was among the first responses, and there have been
others.
Has anyone compiled a comparison of Dovecot to DBMail? Why would I chose
one over the other?
I think their goals
--On Tuesday, June 27, 2006 5:10 PM -0400 Dave Koontz [EMAIL PROTECTED]
wrote:
Unfortunately, in our environment, inline images do get extensive use
from our users (College Students, Faculty). Much of their email is for
entertainment value, and many email jokes make use of Inline images of a
--On Wednesday, August 02, 2006 11:09 AM -0400 Rob McEwen
[EMAIL PROTECTED] wrote:
Honestly, I haven't been following this thread much... but I do want to
add that the UN is full of thugs who are power hungry and would like very
much to control the Internet and implement a world tax and
--On Tuesday, August 01, 2006 2:06 PM -0700 John Rudd [EMAIL PROTECTED]
wrote:
1) Require Virus Scanning on all SMTP transactions
Compare to requiring standards-compliance throughout the process, and
particularly in message content. If you're allowed to discard all MIME
content that fails
--On Wednesday, August 02, 2006 8:23 AM -0700 John D. Hardin
[EMAIL PROTECTED] wrote:
I think that a default level of filtering - SMTP and the Microsoft
protocols that were only intended for use on a LAN - should be in
place to deal with the default level of end-user administrative skill
- low
--On Wednesday, August 02, 2006 3:03 PM +0100 Graham Murray
[EMAIL PROTECTED] wrote:
Personally I would solve the problem by going the other way. Get rid
of dynamic IP addresses
Interesting idea. It's my understanding that dynamic addresses are used due
to the IPv4 shortage, so if we can
--On Wednesday, August 02, 2006 5:37 AM -0700 Marc Perkel [EMAIL PROTECTED]
wrote:
Why not just eliminate the SMTP protocol for end users and keep SMTP as a
server to server protocol and have users send theit email to the server
by extending POP/IMAP to send email.
What's your objection to
--On Wednesday, August 02, 2006 10:38 AM -0700 MennovB [EMAIL PROTECTED]
wrote:
Don't think that's needed, if ISP's only allow outgoing SMTP to the ISP's
SMTP servers and not directly then most (current) bots and most spam will
be dealt with. I wouldn't be surprised to see the amount of spam
--On Wednesday, August 02, 2006 12:02 PM -0700 MennovB [EMAIL PROTECTED]
wrote:
Anyway, IMHO with SYN throttle you would only be rate-limiting the
zombies, I would rather they stopped sending spam completely..
What I don't understand is how making them use the ISP server stops them
from
--On Wednesday, August 02, 2006 2:03 PM -0500 Logan Shaw
[EMAIL PROTECTED] wrote:
What might really be nice is some sort of language that could
be used to write up a document to configure a mail client for a
given ISP and user. It could configure all necessary settings
and would work with any
--On Wednesday, August 02, 2006 3:25 PM -0700 jdow [EMAIL PROTECTED]
wrote:
I keep several gigabytes of email data around. With POP3 it is easy
to store locally. With IMAP it's a pain in the censored.
My boss logs in from several computers, including a laptop he takes
everywhere. I got
--On Wednesday, August 02, 2006 2:47 PM -0700 jdow [EMAIL PROTECTED]
wrote:
That slightly more than a year I spent as perhaps one of
the VERY first online stalking victims ever (1985-1987) was a hell
I'd rather not repeat.
Is this written up somewhere? I'd be interested in understanding the
--On Thursday, August 03, 2006 6:43 AM +0100 Graham Murray
[EMAIL PROTECTED] wrote:
ADSL is both always on and a 'fixed' (ie your phone line is physically
connected to a DSLAM port) so the ISPs must have sufficient IP addresses
for all their ADSL customers.
Not necessarily. A lot of
--On Thursday, August 03, 2006 8:47 AM -0700 MennovB [EMAIL PROTECTED]
wrote:
I don't want to make the zombies use the ISP's SMTP server, I want to stop
them from spamming.
Right now they can only connect directly to the Internet so if the ISP
blocks direct SMTP outgoing the zombies stop
I just received a message with runs of lines full of hyphens and the
following line repeated twice, in both text and HTML part:
(This safeguard is not inserted when using the registered version)
My rule:
body KP_UNREGISTERED_SAFEGUARD /This safeguard is not inserted when using
the registered
--On Tuesday, August 08, 2006 10:27 AM +0200 Patrick Sneyers
[EMAIL PROTECTED] wrote:
Received in my .mac (basically a spam bin) account.
http://www.triksys.be/docspam.jpg = screenshot of word doc attached.
Neer seen this before
Is this new, or old news?
211.16.219.135 is in all kinds of
--On Tuesday, August 08, 2006 11:51 AM +0200 decoder [EMAIL PROTECTED]
wrote:
as I recently mentioned in the FuzzyOcr Thread, I found quite a lot
mails that contain broken or corrupted gifs.
Until we have a better answer, I'd reject anything with an unrecognizable
format. It might be an
--On Wednesday, August 09, 2006 1:01 AM +0200 Mark Martinec
[EMAIL PROTECTED] wrote:
In the FreeBSD ports collection it comes under: textproc/antiword
or fetch it from its home site: http://www.winfield.demon.nl/
Cool. What's involved in integrating this into SA? Can the image plugin
--On Wednesday, August 09, 2006 12:18 AM +0200 decoder
[EMAIL PROTECTED] wrote:
I am also thinking about scanning all attachments, no matter if the
content type specifies image or not (in the current version 2.0, only
attachments that have image in their content type are scanned with
format
--On Wednesday, August 09, 2006 3:54 PM -0500 Logan Shaw
[EMAIL PROTECTED] wrote:
This is purely a philosophical argument, but something seems
wrong about the idea of using a package manager to manage
volatile data files in /var.
The problem is not the use of the package manager but the
--On Wednesday, August 09, 2006 7:33 PM -0700 jdow [EMAIL PROTECTED]
wrote:
For about a femto-second, perhaps. There is too much YMMV
involved with the SARE rule sets to make it practical as
an rpm solution.
True, this is the real problem with packaging SARE: There's no clear
separation of
--On Friday, August 18, 2006 11:17 AM -0400 Sanford Whiteman
[EMAIL PROTECTED] wrote:
Three out of your four objectives are markedly off-topic: there's no
reason for SA to ever see mail for unknown local recipients. Those
messages should be rejected by the MTA, using either your text
--On Tuesday, August 22, 2006 1:07 AM -0500 Chip M.
[EMAIL PROTECTED] wrote:
For interlaced ... I have no idea. Depends a lot on how the interlaced
images are stored, I guess.
Yes, exactly. Until there's samples, I'm not going to worry about it.
There's also progressive JPEG.
--On Friday, August 25, 2006 12:05 AM -0700 Plenz [EMAIL PROTECTED]
wrote:
I disagree. To check out what happens I converted a JPG picture into a GIF
file
and sent it to myself. One time I converted it with IrfanView and the
second time with PaintShop Pro. Both GIF files had the result
--On Tuesday, August 29, 2006 9:41 AM +0100 Anthony Peacock
[EMAIL PROTECTED] wrote:
This issue is currently being discussed on the MailScanner users list,
under the Subject Max SpamAssassin Size problems.
Which can be found here:
http://lists.mailscanner.info/pipermail/mailscanner/
--On Tuesday, August 29, 2006 9:58 AM +0100 Justin Mason [EMAIL PROTECTED]
wrote:
I'm sure they know this -- but there are dangers there too. It's pretty
trivial in HTML to craft a MIME part that contains 100 KB of
innocent-looking HTML, followed by 4 KB of spam payload, where the payload
is
http://developers.slashdot.org/comments.pl?sid=195752cid=16041870
Theo just mentioned this on the -devel list:
http://article.gmane.org/gmane.mail.spam.spamassassin.devel/45374
--On Friday, September 01, 2006 9:25 AM -0400 Gino Cerullo
[EMAIL PROTECTED] wrote:
And he's signed his work this time.
Hail 'The Fat Bastard Controller' :P Whooop!
I tried to post direct links to other hacked sites but didn't see it go to
the list. So here's the google term I used to find
--On Wednesday, September 06, 2006 9:53 PM -0400 Theo Van Dinter
[EMAIL PROTECTED] wrote:
If you modify the spec file it can, but generally speaking you can just
grab the tools out of the tarball. IMO, the tools should end up in
contrib since we don't actually support them.
How about adding
--On Wednesday, September 06, 2006 1:46 PM -0400 Joey [EMAIL PROTECTED]
wrote:
is there any real advantage to using cpan or source code over rpms, if I
don't really do any code modifications etc to spamassasin?
RPM and CPAN are packaging systems, and each uses its own database to
remember
--On Thursday, September 07, 2006 11:38 AM -0400 Theo Van Dinter
[EMAIL PROTECTED] wrote:
To be honest, I'd be more partial to removing tools and contrib (and
masses and ...) from the tarball and make them available separately.
It'd be pretty easy IMO.
I believe that the vast majority of
Ah, I see you opened an issue against this:
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5091
--On Monday, September 11, 2006 8:12 AM -0700 John D. Hardin
[EMAIL PROTECTED] wrote:
Maybe we need a base rule for URL links directly to executable
content...
MIMEDefang rejects content with executable extensions. The list of
extensions is configurable. (.com is a pain because it also
On Thursday, September 14, 2006 9:06 AM + Michele Petrazzo
[EMAIL PROTECTED] wrote:
always, when I install spamassassin to my custumers, I create them a imap
account (called normally spam), that has two folders, spam and no-spam,
where the users move the not signed has spam, or signed has
I just signed up for the UltraVNC support forum and its activation email
got bounced by SA 3.1.4 with a pretty high spam score. I added a whitelist
entry to my config and re-applied under a second email address and filed a
report in the forum:
http://forum.ultravnc.info/viewtopic.php?t=7736
On Friday, September 15, 2006 1:39 PM -0700 Evan Platt
[EMAIL PROTECTED] wrote:
At 01:29 PM 9/15/2006, you wrote:
I just signed up for the UltraVNC support forum and its activation
email got bounced by SA 3.1.4 with a pretty high spam score. I added
a whitelist entry to my config and
On Friday, September 15, 2006 4:38 PM -0400 Theo Van Dinter
[EMAIL PROTECTED] wrote:
Without seeing the rules that hit it's hard to tell you what's up.
Sorry about that. I'd pasted them into the linked forum thread so the forum
operator could see the hits.
Content analysis details: (8.0
2.2 RCVD_IN_WHOIS_INVALID RBL: CompleteWhois: sender on invalid IP block
[65.119.30.206 listed in
combined-HIB.dnsiplists.completewhois.com]
I just got an order confirmation from Newegg and it got a big score boost
of 2.2 from this rule. What does this rule mean? I ran the address
--On Friday, October 06, 2006 10:37 AM -0500 Bookworm [EMAIL PROTECTED]
wrote:
When I build SpamAssassin using the CPAN method, it installs the test
files (20_anti_ratware.cf and similar) in /usr/share/spamassassin.
However, sa-update shoves updates into
I noticed today an unusually high incidence of spam subject lines of Re:
Hi, and I don't see a rule for this in the distribution. Do others see
this much in legitimate mail? Or could it make a good rule?
--On Friday, October 13, 2006 9:23 AM +0100 Justin Mason [EMAIL PROTECTED]
wrote:
Please bear in mind, also, that there are 5 different rules that
use RFCI data, and they have wildly varying accuracies and scores:
SPAM%HAM%S/ORANKSCORE NAME
3.7247 0.0540 0.986 0.85
--On Monday, October 16, 2006 7:53 AM -0700 R Lists06
[EMAIL PROTECTED] wrote:
Make another and use it for all lists. When you get spammed on it, change
it slightly, unsub the other and sub the new to all the lists you are on.
Plussed addressing helps here. I hate web forms that refuse to
I've been getting regular spam that advertises a percentage discount for ED
in the subject line, and names the ED in the From line. It consistently
fails to breach the 5.0 score line and keeps showing up in my regular
Inbox. I think I have the latest code and rules. Am I suffering from the
--On Tuesday, May 04, 2010 4:22 AM +0100 RW rwmailli...@googlemail.com
wrote:
Are you training BAYES? A lot of these are hitting BAYES_50 or even
BAYES_00.
I've been copying them into my Uncaught folder which is run with
sa-learn --spam --mbox each night.
I just noticed that my Uncaught
--On Wednesday, May 05, 2010 11:29 AM +0200 Matus UHLAR - fantomas
uh...@fantomas.sk wrote:
do you wipe bayes database often? If not, it's not needed to retrain on
all messages, since they are not forgotten.
I don't recall ever deleting the DB. It's my understanding that sa-learn
remembers
--On Tuesday, May 18, 2010 10:59 AM -0400 Charles Gregory
cgreg...@hwcn.org wrote:
I agree that full smaples are needed.
The % Subject alone is not enough.
But I would expect there is something 'common' to the body
that would combine in a meta rule for decent score with minimal fp...
So throw
I'm getting some nonsense spams that contain a big block of text/plain and
matching HTML part, and the text/plain part has an interesting indentation
pattern: The first line is indented with a single space, and all subsequent
lines start with 3 spaces:
Debate Over Vaccines And Autism/ADD
--On Tuesday, June 29, 2010 11:17 AM +0200 Mark Martinec
mark.martinec...@ijs.si wrote:
What I want:
1) Message from blizzard that has no dkim gets scored +10
adsp_override blizzard.com custom_high
I just checked some recent messages and found that auto-replies from the
--On Tuesday, June 29, 2010 2:37 PM -0700 John Hardin jhar...@impsec.org
wrote:
So it sounds like they're not sending everything through the same
system. Time to post a report about that in one of their game forums.
(Which one? Suggestions? Bug Reports? Customer Support? I think the last
one,
I'm noticing the following header in recent romance spam that looks like
it might be an easy pattern to match. It's an unsubscribe link with a
mailto link with a hex digit username of up to 20 digits. This is from a
grep of my Uncaught folder.
List-Unsubscribe:
--On Wednesday, March 06, 2013 3:35 PM +0100 Axb axb.li...@gmail.com
wrote:
aren't these the ones with the @yandex.ru dropbox in the body?
Good catch. I just checked for that in my Uncaught folder (which I feed to
Bayes each night) and the List-Id appears in most but not all that have
that
--On Wednesday, March 06, 2013 9:27 AM -0500 Kevin A. McGrail
kmcgr...@pccc.com wrote:
I haven't seen any of this at all. Do you have an example on pastebin
and I can look through my logs? Might be getting hammered by another
rule/rbl/etc.
Here's an example:
--On Thursday, March 07, 2013 11:26 PM +0100 Benny Pedersen m...@junc.eu
wrote:
only bayes hitting ?, and it autolearns ham ?
Presumably the autolearn=ham applies to anything that doesn't get marked as
spam. Once I move it to my Uncaught folder, it gets retrained that night as
spam.
But
I'm trying to use this set of rules to spot Chinese or Russian characters
in the subject line:
http://www.timk.de/it-blog/howto-find-chinese-or-russian-spam-encoded-in-utf-8-with-spamassassin/
To debug the rules, I've replaced the leading __ in sub-rules with T_.
The rules don't seem to match
--On Friday, October 27, 2006 6:29 AM -0700 Jeff Chan [EMAIL PROTECTED]
wrote:
Does anyone have any recent feedback about the performance of
ImageInfo versus FuzzyOCR about detecting stock image spams (or
any others)? Does FuzzyOCR catch significantly more spams than
ImageInfo?
The last I
--On Tuesday, October 31, 2006 8:28 AM +0100 Giampaolo Tomassoni
[EMAIL PROTECTED] wrote:
Ok. Why not combine an age check with Hardin's spam-friendly registar
plugin?
Where can I find out more about this plugin? I searched the wiki for
registrar and it doesn't turn up.
On Tuesday, November 07, 2006 3:21 PM +1300 Simon [EMAIL PROTECTED] wrote:
We are running debian sarge, with postfix and SpamAssassin 3.1.3. We
have setup sa as a filter in postfix and it is now working and
'tag'ing spam correctly. What do i do to have sa delete the message
above a certain
--On Friday, November 03, 2006 5:43 PM + Justin Mason [EMAIL PROTECTED]
wrote:
there's a rule that matches them in 3.1.x sa-update, fwiw.
I don't see it either. What's the name of the rule?
Dates on files in /var/lib/spamassassin are 20061024.
I ran sa-update -D and got this at the
--On Thursday, November 09, 2006 1:21 AM + [EMAIL PROTECTED] wrote:
I really dislike html in mails - whether in the right mime part or not -
but I have seen many legitimate mails that get mime stuff wrong. Of
course these are not normal mail clients, but server generated mails like
order
--On Wednesday, November 08, 2006 8:52 PM -0800 R Lists06
[EMAIL PROTECTED] wrote:
[7317] dbg: diag: module not installed: Mail::SPF::Query ('require'
failed) [7317] dbg: diag: module not installed: IP::Country::Fast
('require' failed) [7317] dbg: diag: module not installed:
--On Saturday, November 11, 2006 3:20 PM -0500 Theo Van Dinter
[EMAIL PROTECTED] wrote:
spamassassin --lint -D will show what rule files are being used.
Weekly is probably a good choice, daily is as frequent as I would suggest
at the moment.
It uses DNS to detect new updates, doesn't it? So
--On Tuesday, November 14, 2006 12:44 PM -0500 Michel R Vaillancourt
[EMAIL PROTECTED] wrote:
LOL ... stupid spammer tricks... check the message ID:
mid=%RNDDIGIT715.%RNDLCCHAR13%
[EMAIL PROTECTED]
DDIGIT2yahoo.com
Hehe, quoted for those who lost it in the noise.
I get notifications of new Zogby political polls that head straight to my
spam folder. I've tried emailing Zogby about it but have been ignored.
Perhaps they don't want the opinions of people who use SA. Here's a typical
report:
Content analysis details: (5.3 points, 5.0 required)
pts rule
--On Friday, March 10, 2006 5:08 PM -0800 Kenneth Porter
[EMAIL PROTECTED] wrote:
Anyone know of a good validator that can be run over a MIME part to
report on the quality of the HTML? This might be used as a go/no-go
filter at milter level, or it could be used as an SA plugin to assign
--On Wednesday, November 29, 2006 5:17 PM -0600 Richard Frovarp
[EMAIL PROTECTED] wrote:
I have a few legit messages that are scoring over 5.0 due to SARE_STOCKS
and the TVD rules to catch stocks, and this is after ALL_TRUSTED has done
its work to reduce the score. These messages of course
On Thursday, November 30, 2006 5:01 PM -0600 Richard Frovarp
[EMAIL PROTECTED] wrote:
Kenneth Porter wrote:
--On Wednesday, November 29, 2006 5:17 PM -0600 Richard Frovarp
[EMAIL PROTECTED] wrote:
I have a few legit messages that are scoring over 5.0 due to
SARE_STOCKS and the TVD rules
See http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4771
There's now a wiki page that creates a prototype documentation page for a
rule:
http://wiki.apache.org/spamassassin/RulesList
Plug in a rule name and start documenting!
A little investigation reveals another path:
Go to the Tests page from the main web page:
http://spamassassin.apache.org/tests.html
Select the latest SA version to see its list of tests. For a given test
(AKA rule) click its Wiki link on the right. Either a descriptive page
already exists,
--On Wednesday, December 06, 2006 1:26 PM +0100 Matthias Leisi
[EMAIL PROTECTED] wrote:
As such, DNS could be used as a transport mechanism with reasonably chosen
TTLs.
sa-update already uses DNS to check for new updates. The record provides
the latest version of the update rule set. The
--On Wednesday, December 06, 2006 7:07 PM + Duane Hill
[EMAIL PROTECTED] wrote:
I would assume sa-update wouldn't overwrite the default distribution
rules that are initially installed. That would mean they would have to be
placed somewhere else. This would be based on the fact that a new
--On Friday, December 08, 2006 12:20 AM -0500 Duncan Findlay
[EMAIL PROTECTED] wrote:
That's a good point. Those of us packaging SpamAssassin for
distributions should think about this. :-) Will it be okay if all
Debian users start running sa-update on the same minute of the hour?
Are those
--On Tuesday, December 12, 2006 10:01 AM -0800 Ken A [EMAIL PROTECTED] wrote:
Some people on this list have to pay per kb of bandwidth used.
You might want to read the list with a newsreader, through gmane. Then you
just download the headers and pick and choose the bodies you want.
My
1 - 100 of 342 matches
Mail list logo
