|
Home > Archive > Unix administration > January 2004 > SpamAssassin
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
|
|
|
| hi,
i want to use SpamAssassin and i just test it. I want to try with
user_prefs file. I use a .procmailrc script and have written a little
..spamassassin/user_prefs file. I have defined some test and everything
looks ok.
But the problem is that spamassassin performs all the tests and not
only that specified in the user_prefs file .Is it a standart procedure
by SpamAssassin.
When someone thinks that he can help me i will send him my
configuration files with pleasure
sorry for the bad english and thanks in advance
| |
| Sebastian Jaenicke 2004-01-23, 5:10 pm |
| * murph <vangelob@in.tum.de> wrote:
[..]quote:
> But the problem is that spamassassin performs all the tests and not
> only that specified in the user_prefs file .Is it a standart procedure
> by SpamAssassin.
SpamAssassin always uses all available tests (except non-local checks
like e.g. DNS blacklists, which can be disabled separately). If you
don't want to use some specific tests, you can adjust their scores
in your ~/.spamassassin/user_prefs file to 0.
See the SpamAssassin home page for further documentation.
- Sebastian
--
Sebastian Jaenicke Disce aut discede!
whois pgpkey-C81115B1 -h whois.ripe.net|perl -ne's-^certif: *--&&print'
| |
|
| Sebastian Jaenicke <sjaenick@techfak.uni-bielefeld.de> wrote in message news:<slrnbsq2q7.8ko.sjaenick@azathoth.jaenicke.org>...quote:
> * murph <vangelob@in.tum.de> wrote:
> [..]
>
> SpamAssassin always uses all available tests (except non-local checks
> like e.g. DNS blacklists, which can be disabled separately). If you
> don't want to use some specific tests, you can adjust their scores
> in your ~/.spamassassin/user_prefs file to 0.
>
> See the SpamAssassin home page for further documentation.
>
> - Sebastian
thank you for the help
now everything looks OK
i have some more questions
1) Why the spamer use invisible fonts in HTML
i thought that is from the generator of the email, something like the
ID of the email .But i saw a spam mail and the words were not without
sense ?
2) I want to add some new tests to Spamassassin
Is it possible and how can i do it ?
Should i change the /usr/share/spamassassin/ files ?
| |
| Lew Pitcher 2004-01-23, 5:10 pm |
| On 4 Dec 2003 07:40:04 -0800, vangelob@in.tum.de (murph) wrote:
quote:
>Sebastian Jaenicke <sjaenick@techfak.uni-bielefeld.de> wrote in message news:<slrnbsq2q7.8ko.sjaenick@azathoth.jaenicke.org>...
>thank you for the help
>now everything looks OK
>i have some more questions
>1) Why the spamer use invisible fonts in HTML
So you can't see the words when you open the message.
quote:
>i thought that is from the generator of the email, something like the
>ID of the email .But i saw a spam mail and the words were not without
>sense ?
Many spamkiller programs compare the email in question to a known database of
spam emails, and grade the sample email according to if it matches or not.
Spammers know this, and try to make their spam email different enough from the
known spam so as to not be caught by this comparison technique. They do this by
adding random words, phrases, or character sequences to the email, in order to
change the contents enough to fail the comparison. Since these words would
intefere with the human reader's ability to comprehend the email, spammers try
to hide them from view by imbedding them as html comments, or as invalid html
tags, or as invisible text within the body of the email.
quote:
>2) I want to add some new tests to Spamassassin
>Is it possible and how can i do it ?
>Should i change the /usr/share/spamassassin/ files ?
It is possible. See 'perldoc Mail::SpamAssassin::Conf' for details on the
configuration file options, and make your own tests up as a seperate file in
/usr/share/spamassassin. You also want to read the spamassassin(1) manpage; it
gives some hints about naming and placement of your local grading file within
the spamassassin file hierarchy.
--
Lew Pitcher
IT Consultant, Enterprise Technology Solutions
Toronto Dominion Bank Financial Group
(Opinions expressed are my own, not my employers')
| |
|
| Lew.Pitcher@td.com (Lew Pitcher) wrote in message news:<3fcf598b.12922972@news21.on.aibn.com>...quote:
> On 4 Dec 2003 07:40:04 -0800, vangelob@in.tum.de (murph) wrote:
>
>
> So you can't see the words when you open the message.
>
>
> Many spamkiller programs compare the email in question to a known database of
> spam emails, and grade the sample email according to if it matches or not.
> Spammers know this, and try to make their spam email different enough from the
> known spam so as to not be caught by this comparison technique. They do this by
> adding random words, phrases, or character sequences to the email, in order to
> change the contents enough to fail the comparison. Since these words would
> intefere with the human reader's ability to comprehend the email, spammers try
> to hide them from view by imbedding them as html comments, or as invalid html
> tags, or as invisible text within the body of the email.
>
>
> It is possible. See 'perldoc Mail::SpamAssassin::Conf' for details on the
> configuration file options, and make your own tests up as a seperate file in
> /usr/share/spamassassin. You also want to read the spamassassin(1) manpage; it
> gives some hints about naming and placement of your local grading file within
> the spamassassin file hierarchy.
thanks for the help .
i will disturb you one more time with questions about Spamassassin
there is one test about the .biz domain (BIZ_TLD) .
what is wrong when there is link to a site from that domain
any ideas ?
| |
| Jay Lessert 2004-01-23, 5:10 pm |
| vangelob@in.tum.de (murph) wrote in message news:<240dc32a.0312090227.5ed11df8@posting.google.com>...
quote:
> i will disturb you one more time with questions about Spamassassin
> there is one test about the .biz domain (BIZ_TLD) .
> what is wrong when there is link to a site from that domain
> any ideas ?
Spamassassin is heuristic by nature.
The maintainers of spamassassin have noticed that e-mail containing
mailto: URLs for .biz domain names is more likely to be spam than,
say, e-mail containing URLs for .org domain names.
The score is fairly low; legit e-mail that happens to contain
a .biz mailto: won't hit 5 points just for that... :-)
-Jay-
|
|
|
|
|