hi,
i want to use SpamAssassin and i just test it. I want to try with
user_prefs file. I use a .procmailrc script and have written a little
.spamassassin/user_prefs file. I have defined some test and everything
looks ok.
But the problem is that spamassassin performs all the tests and not
only that specified in the user_prefs file .Is it a standart procedure
by SpamAssassin.
When someone thinks that he can help me i will send him my
configuration files with pleasure

sorry for the bad english and thanks in advance

[ Post a follow-up to this message ]

* murph <vangelob@in.tum.de> wrote:
[..]
quote:

>  But the problem is that spamassassin performs all the tests and not
>  only that specified in the user_prefs file .Is it a standart procedure
>  by SpamAssassin.


SpamAssassin always uses all available tests (except non-local checks
like e.g. DNS blacklists, which can be disabled separately). If you
don't want to use some specific tests, you can adjust their scores
in your ~/.spamassassin/user_prefs file to 0.

See the SpamAssassin home page for further documentation.

- Sebastian

--
Sebastian Jaenicke                                   Disce aut discede!
whois pgpkey-C81115B1 -h whois.ripe.net|perl -ne's-^certif: *--&&print'

[ Post a follow-up to this message ]

Sebastian Jaenicke <sjaenick@techfak.uni-bielefeld.de> wrote in message news:<slrnbsq2q7.8ko.sjaen
ick@azathoth.jaenicke.org>...
quote:

> * murph <vangelob@in.tum.de> wrote:
> [..] 
>
> SpamAssassin always uses all available tests (except non-local checks
> like e.g. DNS blacklists, which can be disabled separately). If you
> don't want to use some specific tests, you can adjust their scores
> in your ~/.spamassassin/user_prefs file to 0.
>
> See the SpamAssassin home page for further documentation.
>
> - Sebastian

thank you for the help
now everything looks OK
i have some more questions
1) Why the spamer use invisible fonts in HTML
i thought that is from the generator of the email, something like the
ID of the email .But i saw a spam mail and the words were  not without
sense ?
2) I want to add some new tests to Spamassassin
Is it possible and how can i do it ?
Should i change the /usr/share/spamassassin/  files ?

[ Post a follow-up to this message ]

On 4 Dec 2003 07:40:04 -0800, vangelob@in.tum.de (murph) wrote:
quote:

>Sebastian Jaenicke <sjaenick@techfak.uni-bielefeld.de> wrote in message new
s:<slrnbsq2q7.8ko.sjaenick@azathoth.jaenicke.org>... 
>thank you for the help
>now everything looks OK
>i have some more questions
>1) Why the spamer use invisible fonts in HTML


So you can't see the words when you open the message.
quote:

>i thought that is from the generator of the email, something like the
>ID of the email .But i saw a spam mail and the words were  not without
>sense ?


Many spamkiller programs compare the email in question to a known database o
f
spam emails, and grade the sample email according to if it matches or not.
Spammers know this, and try to make their spam email different enough from t
he
known spam so as to not be caught by this comparison technique. They do this
 by
adding random words, phrases, or character sequences to the email, in order 
to
change the contents enough to fail the comparison. Since these words would
intefere with the human reader's ability to comprehend the email, spammers t
ry
to hide them from view by imbedding them as html comments, or as invalid htm
l
tags, or as invisible text within the body of the email.
quote:

>2) I want to add some new tests to Spamassassin
>Is it possible and how can i do it ?
>Should i change the /usr/share/spamassassin/  files ?


It is possible. See 'perldoc Mail::SpamAssassin::Conf' for details on the
configuration file options, and make your own tests up as a seperate file in
/usr/share/spamassassin. You also want to read the spamassassin(1) manpage; 
it
gives some hints about naming and placement of your local grading file withi
n
the spamassassin file hierarchy.

--
Lew Pitcher
IT Consultant, Enterprise Technology Solutions
Toronto Dominion Bank Financial Group

(Opinions expressed are my own, not my employers')

[ Post a follow-up to this message ]

Lew.Pitcher@td.com (Lew Pitcher) wrote in message news:<3fcf598b.12922972@news21.on.aibn.com>...[Q
UOTE]
> On 4 Dec 2003 07:40:04 -0800, vangelob@in.tum.de (murph) wrote:
> 
>
> So you can't see the words when you open the message.
> 
>
> Many spamkiller programs compare the email in question to a known database
 of
> spam emails, and grade the sample email according to if it matches or not.
> Spammers know this, and try to make their spam email different enough from
 the
> known spam so as to not be caught by this comparison technique. They do th
is by
> adding random words, phrases, or character sequences to the email, in orde
r to
> change the contents enough to fail the comparison. Since these words would
> intefere with the human reader's ability to comprehend the email, spammers
 try
> to hide them from view by imbedding them as html comments, or as invalid h
tml
> tags, or as invisible text within the body of the email.
> 
>
> It is possible. See 'perldoc Mail::SpamAssassin::Conf' for details on the
> configuration file options, and make your own tests up as a seperate file 
in
> /usr/share/spamassassin. You also want to read the spamassassin(1) manpage
; it
> gives some hints about naming and placement of your local grading file wit
hin
> the spamassassin file hierarchy.[/QUOTE]

thanks for the help .
i will disturb you one more time with questions about Spamassassin
there is one test about the .biz  domain (BIZ_TLD) .
what is wrong when there is link to a site from that domain
any ideas ?

[ Post a follow-up to this message ]

vangelob@in.tum.de (murph) wrote in message news:<240dc32a.0312090227.5ed11d
f8@posting.google.com>...
quote:

> i will disturb you one more time with questions about Spamassassin
> there is one test about the .biz  domain (BIZ_TLD) .
> what is wrong when there is link to a site from that domain
> any ideas ?


Spamassassin is heuristic by nature.

The maintainers of spamassassin have noticed that e-mail containing
mailto: URLs for .biz domain names is more likely to be spam than,
say, e-mail containing URLs for .org domain names.

The score is fairly low; legit e-mail that happens to contain
a .biz mailto: won't hit 5 points just for that... :-)

-Jay-

[ Post a follow-up to this message ]