You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Jack Gostl <go...@argoscomp.com> on 2006/07/12 15:07:14 UTC
Image only spam
I'm running SpamAssassin version 3.0.3 running on Perl version 5.8.2 under
AIX 5.3. Starting a few months ago, I have been absolutely inundated with
"image only spam". I've gone from catching 99% of the spam with almost no
false positives to less than 85%. I asked about this awhile ago, and tried
to upgrade to SpamAssassin version 3.1.1 running on Perl version 5.8.0,
and didn't see much improvement, so I left the prod machine alone.
I'm sure I'm not the only one with this problem. Has anyone had any success
with it?
Thanks...
Jack
Re: Image only spam
Posted by Loren Wilton <lw...@earthlink.net>.
> I'm running SpamAssassin version 3.0.3 running on Perl version 5.8.2
> under AIX 5.3. Starting a few months ago, I have been absolutely inundated
> with "image only spam". I've gone from catching 99% of the spam with
> almost no
Have you tried any of the SARE rules? A number of them will help with the
image-only spams, especially the stock spams.
Loren
Re: Image only spam
Posted by JamesDR <ja...@trusswood.net>.
Jack Gostl wrote:
> I'm running SpamAssassin version 3.0.3 running on Perl version 5.8.2
> under AIX 5.3. Starting a few months ago, I have been absolutely
> inundated with "image only spam". I've gone from catching 99% of the
> spam with almost no false positives to less than 85%. I asked about this
> awhile ago, and tried to upgrade to SpamAssassin version 3.1.1 running
> on Perl version 5.8.0, and didn't see much improvement, so I left the
> prod machine alone.
>
> I'm sure I'm not the only one with this problem. Has anyone had any
> success with it?
>
> Thanks...
>
> Jack
>
>
>
They get caught here all the time, do you have some headers from an
example that gets through? This info will help further with your
problem. Also what is your configuration? (Bayes, awl, net tests, etc, etc.)
--
Thanks,
James
Re: Image only spam
Posted by Dimitri Yioulos <dy...@firstbhph.com>.
On Thursday July 13 2006 9:28 am, Jack Gostl wrote:
> ----- Original Message -----
> From: "Steven Stern" <su...@sterndata.com>
> To: "Spamass" <us...@spamassassin.apache.org>
> Sent: Wednesday, July 12, 2006 4:31 PM
> Subject: Re: Image only spam
>
> > Jack Gostl wrote:
> >> Thanks for the response.
> >>
> >> Take it slow with me, spamassassin has been running so well for
> >> so long that I haven't had to fiddle with it in ages and I don't
> >> remember the details. Do I add these rules to my user_prefs? Or
> >> to my /etc/mail/local.cf files?
> >>
> >> ----- Original Message ----- From: "Steven Stern"
> >> <su...@sterndata.com>
> >> To: "Spamass" <us...@spamassassin.apache.org>
> >> Sent: Wednesday, July 12, 2006 9:13 AM
> >> Subject: Re: Image only spam
> >>
> >>> Jack Gostl wrote:
> >>>> I'm running SpamAssassin version 3.0.3 running on Perl
> >>>> version 5.8.2 under AIX 5.3. Starting a few months ago, I have
> >>>> been absolutely inundated with "image only spam". I've gone
> >>>> from catching 99% of the spam with almost no false positives
> >>>> to less than 85%. I asked about this
> >>>> awhile ago, and tried to upgrade to SpamAssassin version 3.1.1
> >>>> running
> >>>> on Perl version 5.8.0, and didn't see much improvement, so I
> >>>> left the prod machine alone.
> >>>>
> >>>> I'm sure I'm not the only one with this problem. Has anyone
> >>>> had any success with it?
> >>>>
> >>>> Thanks...
> >>>>
> >>>> Jack
> >>>
> >>> Are you using the SARE_STOCK rules from RulesDuJour at
> >>> rulesemporium.com? We catch more than 99% of the image only
> >>> stuff with the standard RBLs and 70_sare_stock.cf.
> >>>
> >>> In case you ask, these are the SARE rules we're using:
> >>>
> >>> TRUSTED_RULESETS="SARE_GENLSUBJ0 SARE_OBFU
> >>> SARE_REDIRECT_POST300 SARE_ADULT SARE_HEADER0 SARE_CODING
> >>> SARE_SPECIFIC SARE_SPOOF SARE_FRAUD SARE_WHITELIST_SPF
> >>> SARE_WHITELIST_RCVD SARE_URI0 SARE_OEM SARE_STOCKS";
> >>>
> >>> --
> >>>
> >>> Steve
> >
> > Hop over to the Rules Emporium (http://rulesemporium.com) and
> > read about RulesDuJour. Install that and set up cron job to look
> > for updates once a day. That's about it. It's about 30 minutes
> > of think work up front to understand the documentation and
> > install it. After that, set it and forget it.
> >
> > http://www.exit0.us/index.php?pagename=RulesDuJour
> >
> > I think you'll be happy with the trusted ruleset line above.
>
> wanted to tell you how this all turned out.
>
> I installed the new rules, incorrectly as Dimitri observed, and
> then restarted spamassassin. (spamd actually). The spam capture
> rate has zoomed from 85% into the high 90s. Looking back I see that
> we replaced our processor about a year ago, and have been
> exceptionally stable since then. We haven't IPLed in almost a year,
> which also means that spamassassin probably hasn't been started in
> almost as long.
>
> Obviously the new rules weren't the reason for the improvement,
> since they were installed wrong. So it must have been the restart.
> This makes me wonder, was it a "corruption", or is there a
> cumulative effect. I wonder if anyone has any thoughts on that.
It appears that you were using only the SA default rules. Now, these
are pretty good, but I think most would agree that you want to
supplement these with SARE rulesets, and prehaps bayes, DCC, razor,
and pyzor (or some combination thereof). Then, you've got a pretty
tight system.
Dimitri
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
Re: Image only spam
Posted by Jack Gostl <go...@argoscomp.com>.
Converting to 3.1 is beginning to look better and better.
Thanks
----- Original Message -----
From: "Steven Stern" <su...@sterndata.com>
To: "Spamass" <us...@spamassassin.apache.org>
Sent: Friday, July 14, 2006 8:11 AM
Subject: Re: Image only spam
> Jack Gostl wrote:
>>
>> ----- Original Message -----
>> *From:* Steven Stern <ma...@sterndata.com>
>> *Cc:* Spamass <ma...@spamassassin.apache.org>
>> *Sent:* Thursday, July 13, 2006 6:52 PM
>> *Subject:* Re: Image only spam
>>
>> Jack Gostl wrote:
>>>
>>> ----- Original Message ----- From: "Steven Stern"
>>> <subscribed-lists@sterndata.com <ma...@sterndata.com>>
>>> To: "Spamass" <users@spamassassin.apache.org
>> <ma...@spamassassin.apache.org>>
>>> Sent: Wednesday, July 12, 2006 4:31 PM
>>> Subject: Re: Image only spam
>>>
>>>
>>>> Jack Gostl wrote:
>>>>> Thanks for the response.
>>>>>
>>>>> Take it slow with me, spamassassin has been running so well for so
>>>>> long that I haven't had to fiddle with it in ages and I don't
>>>>> remember the details. Do I add these rules to my user_prefs? Or to my
>>>>> /etc/mail/local.cf files?
>>>>>
>>>>> ----- Original Message ----- From: "Steven Stern"
>>>>> <subscribed-lists@sterndata.com
>>>>> <ma...@sterndata.com>>
>>>>> To: "Spamass" <users@spamassassin.apache.org
>> <ma...@spamassassin.apache.org>>
>>>>> Sent: Wednesday, July 12, 2006 9:13 AM
>>>>> Subject: Re: Image only spam
>>>>>
>>>>>
>>>>>> Jack Gostl wrote:
>>>>>>> I'm running SpamAssassin version 3.0.3 running on Perl version
>>>>>>> 5.8.2
>>>>>>> under AIX 5.3. Starting a few months ago, I have been absolutely
>>>>>>> inundated with "image only spam". I've gone from catching 99% of
>>>>>>> the
>>>>>>> spam with almost no false positives to less than 85%. I asked about
>>>>>>> this
>>>>>>> awhile ago, and tried to upgrade to SpamAssassin version 3.1.1
>>>>>>> running
>>>>>>> on Perl version 5.8.0, and didn't see much improvement, so I left
>>>>>>> the
>>>>>>> prod machine alone.
>>>>>>>
>>>>>>> I'm sure I'm not the only one with this problem. Has anyone had any
>>>>>>> success with it?
>>>>>>>
>>>>>>> Thanks...
>>>>>>>
>>>>>>> Jack
>>>>>>>
>>>>>>
>>>>>> Are you using the SARE_STOCK rules from RulesDuJour at
>>>>>> rulesemporium.com? We catch more than 99% of the image only stuff
>>>>>> with
>>>>>> the standard RBLs and 70_sare_stock.cf.
>>>>>>
>>>>>> In case you ask, these are the SARE rules we're using:
>>>>>>
>>>>>> TRUSTED_RULESETS="SARE_GENLSUBJ0 SARE_OBFU SARE_REDIRECT_POST300
>>>>>> SARE_ADULT SARE_HEADER0 SARE_CODING SARE_SPECIFIC SARE_SPOOF
>>>>>> SARE_FRAUD
>>>>>> SARE_WHITELIST_SPF SARE_WHITELIST_RCVD SARE_URI0 SARE_OEM
>>>>>> SARE_STOCKS";
>>>>>>
>>>>>> --
>>>>>>
>>>>>> Steve
>>>>>>
>>>> Hop over to the Rules Emporium (http://rulesemporium.com) and read
>>>> about RulesDuJour. Install that and set up cron job to look for
>>>> updates once a day. That's about it. It's about 30 minutes of think
>>>> work up front to understand the documentation and install it. After
>>>> that, set it and forget it.
>>>>
>>>> http://www.exit0.us/index.php?pagename=RulesDuJour
>>>>
>>>> I think you'll be happy with the trusted ruleset line above.
>>>
>>> wanted to tell you how this all turned out.
>>>
>>> I installed the new rules, incorrectly as Dimitri observed, and then
>>> restarted spamassassin. (spamd actually). The spam capture rate has
>>> zoomed from 85% into the high 90s. Looking back I see that we replaced
>>> our processor about a year ago, and have been exceptionally stable since
>>> then. We haven't IPLed in almost a year, which also means that
>>> spamassassin probably hasn't been started in almost as long.
>>>
>>> Obviously the new rules weren't the reason for the improvement, since
>>> they were installed wrong. So it must have been the restart. This makes
>>> me wonder, was it a "corruption", or is there a cumulative effect. I
>>> wonder if anyone has any thoughts on that.
>>>
>>>
>>
>>> I have a cron job scheduled for every Sunday
>>>
>> > sa-update && spamassassin --lint && /etc/init.d/spamassassin restart
>>>
>>> This will pick up updates to the basic SA rules if they update them.
>> Is sa-update a script you wrote? And why run the --lint on a regular
>> basis?
>>
>
> sa-update is part of the SpamAssassin 3.1 package. See "man sa-update".
>
> The string of commands executes sa-update. If it returns a non-error
> result, indicating it downloaded something, then the new rules are
> linted. I do this to make sure that there's nothing broken in any of
> the dozens of rules in my ruleset. If the ruleset is OK, then
> spamassassin is restarted to pick up the new rules from sa-update.
> --
>
> Steve
>
Re: Image only spam
Posted by Steven Stern <su...@sterndata.com>.
Jack Gostl wrote:
>
> ----- Original Message -----
> *From:* Steven Stern <ma...@sterndata.com>
> *Cc:* Spamass <ma...@spamassassin.apache.org>
> *Sent:* Thursday, July 13, 2006 6:52 PM
> *Subject:* Re: Image only spam
>
> Jack Gostl wrote:
>>
>> ----- Original Message ----- From: "Steven Stern"
>> <subscribed-lists@sterndata.com <ma...@sterndata.com>>
>> To: "Spamass" <users@spamassassin.apache.org
> <ma...@spamassassin.apache.org>>
>> Sent: Wednesday, July 12, 2006 4:31 PM
>> Subject: Re: Image only spam
>>
>>
>>> Jack Gostl wrote:
>>>> Thanks for the response.
>>>>
>>>> Take it slow with me, spamassassin has been running so well for so
>>>> long that I haven't had to fiddle with it in ages and I don't
>>>> remember the details. Do I add these rules to my user_prefs? Or to my
>>>> /etc/mail/local.cf files?
>>>>
>>>> ----- Original Message ----- From: "Steven Stern"
>>>> <subscribed-lists@sterndata.com <ma...@sterndata.com>>
>>>> To: "Spamass" <users@spamassassin.apache.org
> <ma...@spamassassin.apache.org>>
>>>> Sent: Wednesday, July 12, 2006 9:13 AM
>>>> Subject: Re: Image only spam
>>>>
>>>>
>>>>> Jack Gostl wrote:
>>>>>> I'm running SpamAssassin version 3.0.3 running on Perl version 5.8.2
>>>>>> under AIX 5.3. Starting a few months ago, I have been absolutely
>>>>>> inundated with "image only spam". I've gone from catching 99% of the
>>>>>> spam with almost no false positives to less than 85%. I asked about
>>>>>> this
>>>>>> awhile ago, and tried to upgrade to SpamAssassin version 3.1.1 running
>>>>>> on Perl version 5.8.0, and didn't see much improvement, so I left the
>>>>>> prod machine alone.
>>>>>>
>>>>>> I'm sure I'm not the only one with this problem. Has anyone had any
>>>>>> success with it?
>>>>>>
>>>>>> Thanks...
>>>>>>
>>>>>> Jack
>>>>>>
>>>>>
>>>>> Are you using the SARE_STOCK rules from RulesDuJour at
>>>>> rulesemporium.com? We catch more than 99% of the image only stuff with
>>>>> the standard RBLs and 70_sare_stock.cf.
>>>>>
>>>>> In case you ask, these are the SARE rules we're using:
>>>>>
>>>>> TRUSTED_RULESETS="SARE_GENLSUBJ0 SARE_OBFU SARE_REDIRECT_POST300
>>>>> SARE_ADULT SARE_HEADER0 SARE_CODING SARE_SPECIFIC SARE_SPOOF SARE_FRAUD
>>>>> SARE_WHITELIST_SPF SARE_WHITELIST_RCVD SARE_URI0 SARE_OEM SARE_STOCKS";
>>>>>
>>>>> --
>>>>>
>>>>> Steve
>>>>>
>>> Hop over to the Rules Emporium (http://rulesemporium.com) and read
>>> about RulesDuJour. Install that and set up cron job to look for
>>> updates once a day. That's about it. It's about 30 minutes of think
>>> work up front to understand the documentation and install it. After
>>> that, set it and forget it.
>>>
>>> http://www.exit0.us/index.php?pagename=RulesDuJour
>>>
>>> I think you'll be happy with the trusted ruleset line above.
>>
>> wanted to tell you how this all turned out.
>>
>> I installed the new rules, incorrectly as Dimitri observed, and then
>> restarted spamassassin. (spamd actually). The spam capture rate has
>> zoomed from 85% into the high 90s. Looking back I see that we replaced
>> our processor about a year ago, and have been exceptionally stable since
>> then. We haven't IPLed in almost a year, which also means that
>> spamassassin probably hasn't been started in almost as long.
>>
>> Obviously the new rules weren't the reason for the improvement, since
>> they were installed wrong. So it must have been the restart. This makes
>> me wonder, was it a "corruption", or is there a cumulative effect. I
>> wonder if anyone has any thoughts on that.
>>
>>
>
>> I have a cron job scheduled for every Sunday
>>
> > sa-update && spamassassin --lint && /etc/init.d/spamassassin restart
>>
>> This will pick up updates to the basic SA rules if they update them.
> Is sa-update a script you wrote? And why run the --lint on a regular basis?
>
sa-update is part of the SpamAssassin 3.1 package. See "man sa-update".
The string of commands executes sa-update. If it returns a non-error
result, indicating it downloaded something, then the new rules are
linted. I do this to make sure that there's nothing broken in any of
the dozens of rules in my ruleset. If the ruleset is OK, then
spamassassin is restarted to pick up the new rules from sa-update.
--
Steve
Re: Image only spam
Posted by Steven Stern <su...@sterndata.com>.
Jack Gostl wrote:
>
> ----- Original Message ----- From: "Steven Stern"
> <su...@sterndata.com>
> To: "Spamass" <us...@spamassassin.apache.org>
> Sent: Wednesday, July 12, 2006 4:31 PM
> Subject: Re: Image only spam
>
>
>> Jack Gostl wrote:
>>> Thanks for the response.
>>>
>>> Take it slow with me, spamassassin has been running so well for so
>>> long that I haven't had to fiddle with it in ages and I don't
>>> remember the details. Do I add these rules to my user_prefs? Or to my
>>> /etc/mail/local.cf files?
>>>
>>> ----- Original Message ----- From: "Steven Stern"
>>> <su...@sterndata.com>
>>> To: "Spamass" <us...@spamassassin.apache.org>
>>> Sent: Wednesday, July 12, 2006 9:13 AM
>>> Subject: Re: Image only spam
>>>
>>>
>>>> Jack Gostl wrote:
>>>>> I'm running SpamAssassin version 3.0.3 running on Perl version 5.8.2
>>>>> under AIX 5.3. Starting a few months ago, I have been absolutely
>>>>> inundated with "image only spam". I've gone from catching 99% of the
>>>>> spam with almost no false positives to less than 85%. I asked about
>>>>> this
>>>>> awhile ago, and tried to upgrade to SpamAssassin version 3.1.1 running
>>>>> on Perl version 5.8.0, and didn't see much improvement, so I left the
>>>>> prod machine alone.
>>>>>
>>>>> I'm sure I'm not the only one with this problem. Has anyone had any
>>>>> success with it?
>>>>>
>>>>> Thanks...
>>>>>
>>>>> Jack
>>>>>
>>>>
>>>> Are you using the SARE_STOCK rules from RulesDuJour at
>>>> rulesemporium.com? We catch more than 99% of the image only stuff with
>>>> the standard RBLs and 70_sare_stock.cf.
>>>>
>>>> In case you ask, these are the SARE rules we're using:
>>>>
>>>> TRUSTED_RULESETS="SARE_GENLSUBJ0 SARE_OBFU SARE_REDIRECT_POST300
>>>> SARE_ADULT SARE_HEADER0 SARE_CODING SARE_SPECIFIC SARE_SPOOF SARE_FRAUD
>>>> SARE_WHITELIST_SPF SARE_WHITELIST_RCVD SARE_URI0 SARE_OEM SARE_STOCKS";
>>>>
>>>> --
>>>>
>>>> Steve
>>>>
>> Hop over to the Rules Emporium (http://rulesemporium.com) and read
>> about RulesDuJour. Install that and set up cron job to look for
>> updates once a day. That's about it. It's about 30 minutes of think
>> work up front to understand the documentation and install it. After
>> that, set it and forget it.
>>
>> http://www.exit0.us/index.php?pagename=RulesDuJour
>>
>> I think you'll be happy with the trusted ruleset line above.
>
> wanted to tell you how this all turned out.
>
> I installed the new rules, incorrectly as Dimitri observed, and then
> restarted spamassassin. (spamd actually). The spam capture rate has
> zoomed from 85% into the high 90s. Looking back I see that we replaced
> our processor about a year ago, and have been exceptionally stable since
> then. We haven't IPLed in almost a year, which also means that
> spamassassin probably hasn't been started in almost as long.
>
> Obviously the new rules weren't the reason for the improvement, since
> they were installed wrong. So it must have been the restart. This makes
> me wonder, was it a "corruption", or is there a cumulative effect. I
> wonder if anyone has any thoughts on that.
>
>
I have a cron job scheduled for every Sunday
sa-update && spamassassin --lint && /etc/init.d/spamassassin restart
This will pick up updates to the basic SA rules if they update them.
--
Steve
Re: Image only spam
Posted by Jack Gostl <go...@argoscomp.com>.
----- Original Message -----
From: "Steven Stern" <su...@sterndata.com>
To: "Spamass" <us...@spamassassin.apache.org>
Sent: Wednesday, July 12, 2006 4:31 PM
Subject: Re: Image only spam
> Jack Gostl wrote:
>> Thanks for the response.
>>
>> Take it slow with me, spamassassin has been running so well for so long
>> that I haven't had to fiddle with it in ages and I don't remember the
>> details. Do I add these rules to my user_prefs? Or to my
>> /etc/mail/local.cf files?
>>
>> ----- Original Message ----- From: "Steven Stern"
>> <su...@sterndata.com>
>> To: "Spamass" <us...@spamassassin.apache.org>
>> Sent: Wednesday, July 12, 2006 9:13 AM
>> Subject: Re: Image only spam
>>
>>
>>> Jack Gostl wrote:
>>>> I'm running SpamAssassin version 3.0.3 running on Perl version 5.8.2
>>>> under AIX 5.3. Starting a few months ago, I have been absolutely
>>>> inundated with "image only spam". I've gone from catching 99% of the
>>>> spam with almost no false positives to less than 85%. I asked about
>>>> this
>>>> awhile ago, and tried to upgrade to SpamAssassin version 3.1.1
>>>> running
>>>> on Perl version 5.8.0, and didn't see much improvement, so I left the
>>>> prod machine alone.
>>>>
>>>> I'm sure I'm not the only one with this problem. Has anyone had any
>>>> success with it?
>>>>
>>>> Thanks...
>>>>
>>>> Jack
>>>>
>>>
>>> Are you using the SARE_STOCK rules from RulesDuJour at
>>> rulesemporium.com? We catch more than 99% of the image only stuff with
>>> the standard RBLs and 70_sare_stock.cf.
>>>
>>> In case you ask, these are the SARE rules we're using:
>>>
>>> TRUSTED_RULESETS="SARE_GENLSUBJ0 SARE_OBFU SARE_REDIRECT_POST300
>>> SARE_ADULT SARE_HEADER0 SARE_CODING SARE_SPECIFIC SARE_SPOOF SARE_FRAUD
>>> SARE_WHITELIST_SPF SARE_WHITELIST_RCVD SARE_URI0 SARE_OEM SARE_STOCKS";
>>>
>>> --
>>>
>>> Steve
>>>
> Hop over to the Rules Emporium (http://rulesemporium.com) and read about
> RulesDuJour. Install that and set up cron job to look for updates once a
> day. That's about it. It's about 30 minutes of think work up front to
> understand the documentation and install it. After that, set it and forget
> it.
>
> http://www.exit0.us/index.php?pagename=RulesDuJour
>
> I think you'll be happy with the trusted ruleset line above.
wanted to tell you how this all turned out.
I installed the new rules, incorrectly as Dimitri observed, and then
restarted spamassassin. (spamd actually). The spam capture rate has zoomed
from 85% into the high 90s. Looking back I see that we replaced our
processor about a year ago, and have been exceptionally stable since then.
We haven't IPLed in almost a year, which also means that spamassassin
probably hasn't been started in almost as long.
Obviously the new rules weren't the reason for the improvement, since they
were installed wrong. So it must have been the restart. This makes me
wonder, was it a "corruption", or is there a cumulative effect. I wonder if
anyone has any thoughts on that.
Re: Image only spam
Posted by Jack Gostl <go...@argoscomp.com>.
----- Original Message -----
From: Steven Stern
To: Spamass
Sent: Wednesday, July 12, 2006 4:31 PM
Subject: Re: Image only spam
Jack Gostl wrote:
> Thanks for the response.
>
> Take it slow with me, spamassassin has been running so well for so
> long that I haven't had to fiddle with it in ages and I don't remember
> the details. Do I add these rules to my user_prefs? Or to my
> /etc/mail/local.cf files?
>
> ----- Original Message ----- From: "Steven Stern"
> <su...@sterndata.com>
> To: "Spamass" <us...@spamassassin.apache.org>
> Sent: Wednesday, July 12, 2006 9:13 AM
> Subject: Re: Image only spam
>
>
>> Jack Gostl wrote:
>>> I'm running SpamAssassin version 3.0.3 running on Perl version 5.8.2
>>> under AIX 5.3. Starting a few months ago, I have been absolutely
>>> inundated with "image only spam". I've gone from catching 99% of the
>>> spam with almost no false positives to less than 85%. I asked about
>>> this
>>> awhile ago, and tried to upgrade to SpamAssassin version 3.1.1
>>> running
>>> on Perl version 5.8.0, and didn't see much improvement, so I left the
>>> prod machine alone.
>>>
>>> I'm sure I'm not the only one with this problem. Has anyone had any
>>> success with it?
>>>
>>> Thanks...
>>>
>>> Jack
>>>
>>
>> Are you using the SARE_STOCK rules from RulesDuJour at
>> rulesemporium.com? We catch more than 99% of the image only stuff with
>> the standard RBLs and 70_sare_stock.cf.
>>
>> In case you ask, these are the SARE rules we're using:
>>
>> TRUSTED_RULESETS="SARE_GENLSUBJ0 SARE_OBFU SARE_REDIRECT_POST300
>> SARE_ADULT SARE_HEADER0 SARE_CODING SARE_SPECIFIC SARE_SPOOF SARE_FRAUD
>> SARE_WHITELIST_SPF SARE_WHITELIST_RCVD SARE_URI0 SARE_OEM SARE_STOCKS";
>>
>> --
>>
>> Steve
>>
> Hop over to the Rules Emporium (http://rulesemporium.com) and read about
> RulesDuJour. Install that and set up cron job to look for updates once
> a day. That's about it. It's about 30 minutes of think work up front
> to understand the documentation and install it. After that, set it and
> forget it.
> http://www.exit0.us/index.php?pagename=RulesDuJour
> I think you'll be happy with the trusted ruleset line above.
Thanks... I'll look at it tonight.
Re: Image only spam
Posted by Steven Stern <su...@sterndata.com>.
Jack Gostl wrote:
> Thanks for the response.
>
> Take it slow with me, spamassassin has been running so well for so
> long that I haven't had to fiddle with it in ages and I don't remember
> the details. Do I add these rules to my user_prefs? Or to my
> /etc/mail/local.cf files?
>
> ----- Original Message ----- From: "Steven Stern"
> <su...@sterndata.com>
> To: "Spamass" <us...@spamassassin.apache.org>
> Sent: Wednesday, July 12, 2006 9:13 AM
> Subject: Re: Image only spam
>
>
>> Jack Gostl wrote:
>>> I'm running SpamAssassin version 3.0.3 running on Perl version 5.8.2
>>> under AIX 5.3. Starting a few months ago, I have been absolutely
>>> inundated with "image only spam". I've gone from catching 99% of the
>>> spam with almost no false positives to less than 85%. I asked about
>>> this
>>> awhile ago, and tried to upgrade to SpamAssassin version 3.1.1
>>> running
>>> on Perl version 5.8.0, and didn't see much improvement, so I left the
>>> prod machine alone.
>>>
>>> I'm sure I'm not the only one with this problem. Has anyone had any
>>> success with it?
>>>
>>> Thanks...
>>>
>>> Jack
>>>
>>
>> Are you using the SARE_STOCK rules from RulesDuJour at
>> rulesemporium.com? We catch more than 99% of the image only stuff with
>> the standard RBLs and 70_sare_stock.cf.
>>
>> In case you ask, these are the SARE rules we're using:
>>
>> TRUSTED_RULESETS="SARE_GENLSUBJ0 SARE_OBFU SARE_REDIRECT_POST300
>> SARE_ADULT SARE_HEADER0 SARE_CODING SARE_SPECIFIC SARE_SPOOF SARE_FRAUD
>> SARE_WHITELIST_SPF SARE_WHITELIST_RCVD SARE_URI0 SARE_OEM SARE_STOCKS";
>>
>> --
>>
>> Steve
>>
Hop over to the Rules Emporium (http://rulesemporium.com) and read about
RulesDuJour. Install that and set up cron job to look for updates once
a day. That's about it. It's about 30 minutes of think work up front
to understand the documentation and install it. After that, set it and
forget it.
http://www.exit0.us/index.php?pagename=RulesDuJour
I think you'll be happy with the trusted ruleset line above.
Re: Image only spam
Posted by Jack Gostl <go...@argoscomp.com>.
Thanks for the response.
Take it slow with me, spamassassin has been running so well for so long that
I haven't had to fiddle with it in ages and I don't remember the details. Do
I add these rules to my user_prefs? Or to my /etc/mail/local.cf files?
----- Original Message -----
From: "Steven Stern" <su...@sterndata.com>
To: "Spamass" <us...@spamassassin.apache.org>
Sent: Wednesday, July 12, 2006 9:13 AM
Subject: Re: Image only spam
> Jack Gostl wrote:
>> I'm running SpamAssassin version 3.0.3 running on Perl version 5.8.2
>> under AIX 5.3. Starting a few months ago, I have been absolutely
>> inundated with "image only spam". I've gone from catching 99% of the
>> spam with almost no false positives to less than 85%. I asked about this
>> awhile ago, and tried to upgrade to SpamAssassin version 3.1.1 running
>> on Perl version 5.8.0, and didn't see much improvement, so I left the
>> prod machine alone.
>>
>> I'm sure I'm not the only one with this problem. Has anyone had any
>> success with it?
>>
>> Thanks...
>>
>> Jack
>>
>
> Are you using the SARE_STOCK rules from RulesDuJour at
> rulesemporium.com? We catch more than 99% of the image only stuff with
> the standard RBLs and 70_sare_stock.cf.
>
> In case you ask, these are the SARE rules we're using:
>
> TRUSTED_RULESETS="SARE_GENLSUBJ0 SARE_OBFU SARE_REDIRECT_POST300
> SARE_ADULT SARE_HEADER0 SARE_CODING SARE_SPECIFIC SARE_SPOOF SARE_FRAUD
> SARE_WHITELIST_SPF SARE_WHITELIST_RCVD SARE_URI0 SARE_OEM SARE_STOCKS";
>
> --
>
> Steve
>
Re: Image only spam
Posted by Steven Stern <su...@sterndata.com>.
Jack Gostl wrote:
> I'm running SpamAssassin version 3.0.3 running on Perl version 5.8.2
> under AIX 5.3. Starting a few months ago, I have been absolutely
> inundated with "image only spam". I've gone from catching 99% of the
> spam with almost no false positives to less than 85%. I asked about this
> awhile ago, and tried to upgrade to SpamAssassin version 3.1.1 running
> on Perl version 5.8.0, and didn't see much improvement, so I left the
> prod machine alone.
>
> I'm sure I'm not the only one with this problem. Has anyone had any
> success with it?
>
> Thanks...
>
> Jack
>
Are you using the SARE_STOCK rules from RulesDuJour at
rulesemporium.com? We catch more than 99% of the image only stuff with
the standard RBLs and 70_sare_stock.cf.
In case you ask, these are the SARE rules we're using:
TRUSTED_RULESETS="SARE_GENLSUBJ0 SARE_OBFU SARE_REDIRECT_POST300
SARE_ADULT SARE_HEADER0 SARE_CODING SARE_SPECIFIC SARE_SPOOF SARE_FRAUD
SARE_WHITELIST_SPF SARE_WHITELIST_RCVD SARE_URI0 SARE_OEM SARE_STOCKS";
--
Steve