RE: please kindly get back to me

RE: please kindly get back to me

[Holzrichter, Bruce]

> 
> ATTN:   
> I STUMBLED IN TO YOUR CONTACT BY STROCK OF LUCK AFRTER 
> A LONG SEARCH FOR AN HONEST AND TRUST WORTHY PERSON WHO
> -

Darn, someone has to show these spammers how to use a spell checker.  How am
I supposed to get my daily dose of morning laughter if I need to spell check
all this coming in?  ;o)

B.

Re: please kindly get back to me

[Matti Aarnio]

On Mon, Jun 03, 2002 at 10:33:05AM -0500, Holzrichter, Bruce wrote:
> > ATTN:   
> > I STUMBLED IN TO YOUR CONTACT BY STROCK OF LUCK AFRTER 
> > A LONG SEARCH FOR AN HONEST AND TRUST WORTHY PERSON WHO
> > -
> 
> Darn, someone has to show these spammers how to use a spell checker.  How am
> I supposed to get my daily dose of morning laughter if I need to spell check
> all this coming in?  ;o)

  Dunno,  I am trying to figure out suitable Perl-RE filters which
  would match only these ALL CAPITALS scam letters, and yet not to
  match any legitimate postings...

  The principal problem is, I think, that Majordomo filtering works
  within the individual lines of the message, not by the entire message,
  and there could be some legitimate email with all-capital lines...

  Traping on keywords fails also when they are (intentionally ?)
  mis-spelled.

  Anti-spam technology really needs constant evolution, as those
  spammers do evolve themselves...

> B.

/Matti Aarnio

Re: please kindly get back to me

[Larry McVoy]

On Mon, Jun 03, 2002 at 10:00:46PM +0300, Matti Aarnio wrote:
>   Anti-spam technology really needs constant evolution, as those
>   spammers do evolve themselves...

If ever there was something which was screaming for an open source project,
it's spam filtering.  It seems like every major mailing list has someone
like Matti, working really hard on a thankless task, but losing out under
the tide of new spam every day.  Seems to me if there was a public repository
(sourceforge, bkbits, whatever) with a collection of procmail filters which
have been shown to work correctly, that would be a win.
-- 
---
Larry McVoy            	 lm at bitmover.com           http://www.bitmover.com/lm 

Re: please kindly get back to me

[Matti Aarnio]

On Mon, Jun 03, 2002 at 12:06:53PM -0700, Larry McVoy wrote:
> On Mon, Jun 03, 2002 at 10:00:46PM +0300, Matti Aarnio wrote:
> >   Anti-spam technology really needs constant evolution, as those
> >   spammers do evolve themselves...
> 
> If ever there was something which was screaming for an open source project,
> it's spam filtering.  It seems like every major mailing list has someone
> like Matti, working really hard on a thankless task, but losing out under
> the tide of new spam every day.  Seems to me if there was a public repository
> (sourceforge, bkbits, whatever) with a collection of procmail filters which
> have been shown to work correctly, that would be a win.

  Larry,

  Best technologies (as I see them, but I am not omniscient, of course)
  are those that do scoring.  E.g. naving some word NN might not alone
  be considered spam-signature, but it might increase score, and once
  the score exceeds arbitrary treshold (lower with short messages?),
  the message is considered spam, and rejected.

  Some recent TEXT/PLAIN spams have been encoded in BASE64 or ingenous
  QUOTED-PRINTABLE to avoid several common Perl-RE pattern using filters.

  I think there are several free codes of this kind available, but my time
  has been chronically over-subscribed to do radical things like taking
  this kind of codes into use.

> -- 
> Larry McVoy     lm at bitmover.com     http://www.bitmover.com/lm 

/Matti Aarnio

Re: please kindly get back to me

[stoffel]

Matti>   Best technologies (as I see them, but I am not omniscient, of
Matti>   course) are those that do scoring.  E.g. naving some word NN
Matti>   might not alone be considered spam-signature, but it might
Matti>   increase score, and once the score exceeds arbitrary treshold
Matti>   (lower with short messages?), the message is considered spam,
Matti>   and rejected.

I've been really really happy with spamassassin (www.spamassissin.org)
for my personal inbox.  It's been blocking about 90+% of the spam
right out of the box, and only three or four false positives.  

It's nice since it pre-filters SPAM out, so you can handle the rejects
at your leisure, and not have to deal with them randomly.  I've been
very happy with it, and only after a week of use.

I've average around 20-40 spam a-day, so it's made a measureable
difference.

John
   John Stoffel - Senior Unix Systems Administrator - Lucent Technologies
	 stoffel@lucent.com - http://www.lucent.com - 978-399-0479

Re: please kindly get back to me

[Alan Cox]

On Mon, 2002-06-03 at 20:23, Matti Aarnio wrote:
>   I think there are several free codes of this kind available, but my time
>   has been chronically over-subscribed to do radical things like taking
>   this kind of codes into use.

Even then you need to do the work to fix the biggest problem, and I'd
hate to hack on majordomo for it - that is to hold spam scored messages,
advise the sender and accept a confirmation email to forward it to the
list.

Mailing list admin is a full time job. Matti is an oft forgotten but
critical cog in the wheels of Linux

Re: please kindly get back to me

[Rik van Riel]

On Mon, 3 Jun 2002, Matti Aarnio wrote:

>   Best technologies (as I see them, but I am not omniscient, of course)
>   are those that do scoring.  E.g. naving some word NN might not alone

>   I think there are several free codes of this kind available, but my time
>   has been chronically over-subscribed to do radical things like taking
>   this kind of codes into use.

1) mv resend resend.mj

2) use this script as resend

--------------
#!/bin/sh

/path/to/spamassassin -L | /path/to/resend.mj $*
--------------

3) add X-Spam-Flag:.*YES to taboo_headers

I'm doing this for the listar setup on nl.linux.org and things
work great. Only took 10 minutes to install, too.

Rik
-- 
Bravely reimplemented by the knights who say "NIH".

http://www.surriel.com/		http://distro.conectiva.com/

Re: please kindly get back to me

[J Sloan]

Yeah - but how many messages/month?

Joe

On Tue, 4 Jun 2002, Rik van Riel wrote:

> On Mon, 3 Jun 2002, Matti Aarnio wrote:
> 
> >   Best technologies (as I see them, but I am not omniscient, of course)
> >   are those that do scoring.  E.g. naving some word NN might not alone
> 
> >   I think there are several free codes of this kind available, but my time
> >   has been chronically over-subscribed to do radical things like taking
> >   this kind of codes into use.
> 
> 1) mv resend resend.mj
> 
> 2) use this script as resend
> 
> --------------
> #!/bin/sh
> 
> /path/to/spamassassin -L | /path/to/resend.mj $*
> --------------
> 
> 3) add X-Spam-Flag:.*YES to taboo_headers
> 
> I'm doing this for the listar setup on nl.linux.org and things
> work great. Only took 10 minutes to install, too.
> 
> Rik
> 

Re: please kindly get back to me

[H. Peter Anvin]

Followup to:  <20020603120653.C4940@work.bitmover.com>
By author:    Larry McVoy <lm@bitmover.com>
In newsgroup: linux.dev.kernel
>
> On Mon, Jun 03, 2002 at 10:00:46PM +0300, Matti Aarnio wrote:
> >   Anti-spam technology really needs constant evolution, as those
> >   spammers do evolve themselves...
> 
> If ever there was something which was screaming for an open source project,
> it's spam filtering.  It seems like every major mailing list has someone
> like Matti, working really hard on a thankless task, but losing out under
> the tide of new spam every day.  Seems to me if there was a public repository
> (sourceforge, bkbits, whatever) with a collection of procmail filters which
> have been shown to work correctly, that would be a win.
> 

The biggest problem is that you're bound to get sued, so you have to
worry about legal defence...

	-hpa
-- 
<hpa@transmeta.com> at work, <hpa@zytor.com> in private!
"Unix gives you enough rope to shoot yourself in the foot."
http://www.zytor.com/~hpa/puzzle.txt	<amsp@zytor.com>

Re: please kindly get back to me

[Davide Libenzi]

On 3 Jun 2002, H. Peter Anvin wrote:

> Followup to:  <20020603120653.C4940@work.bitmover.com>
> By author:    Larry McVoy <lm@bitmover.com>
> In newsgroup: linux.dev.kernel
> >
> > On Mon, Jun 03, 2002 at 10:00:46PM +0300, Matti Aarnio wrote:
> > >   Anti-spam technology really needs constant evolution, as those
> > >   spammers do evolve themselves...
> >
> > If ever there was something which was screaming for an open source project,
> > it's spam filtering.  It seems like every major mailing list has someone
> > like Matti, working really hard on a thankless task, but losing out under
> > the tide of new spam every day.  Seems to me if there was a public repository
> > (sourceforge, bkbits, whatever) with a collection of procmail filters which
> > have been shown to work correctly, that would be a win.
> >
>
> The biggest problem is that you're bound to get sued, so you have to
> worry about legal defence...

... the other problem with this kind of filters is that all emails coming
from marketing/biz ppl inside companies will result as spam ...
( that is actually true :-) )



- Davide

Re: please kindly get back to me

[M. Edward (Ed) Borasky]

On Mon, 3 Jun 2002, Larry McVoy wrote:

> On Mon, Jun 03, 2002 at 10:00:46PM +0300, Matti Aarnio wrote:
> >   Anti-spam technology really needs constant evolution, as those
> >   spammers do evolve themselves...
>
> If ever there was something which was screaming for an open source
> project, it's spam filtering.  It seems like every major mailing list
> has someone like Matti, working really hard on a thankless task, but
> losing out under the tide of new spam every day.  Seems to me if there
> was a public repository (sourceforge, bkbits, whatever) with a
> collection of procmail filters which have been shown to work
> correctly, that would be a win.

Now that there are Linux viruses, maybe we also need an open source
virus scanner.
-- 
M. Edward Borasky
znmeb@borasky-research.net

The COUGAR Project
http://www.borasky-research.com/Cougar.htm

Re: please kindly get back to me

[Gerhard Mack]

On Mon, 3 Jun 2002, M. Edward (Ed) Borasky wrote:
[snip]
> Now that there are Linux viruses, maybe we also need an open source
> virus scanner.
>

http://www.openantivirus.org


--
Gerhard Mack

gmack@innerfire.net

<>< As a computer I find your faith in technology amusing.

Re: please kindly get back to me

[J Sloan]

M. Edward (Ed) Borasky wrote:

>Now that there are Linux viruses, maybe we also need an open source
>virus scanner.
>  
>
Ah yes, the perennial "linux virus" scare -
the anti virus labs are hard at work trying
to drum up new business....

The thing with linux/unix "virii" is, they
are actually for the most part trojans -
they've been in labs for years, the problem
is that there is no suitable transport vector!

You'd have to dupe an unwitting superuser
(now there's a dangerous combination) into
running the "virus" by hand - sort of like
the "honor system" virus....

Joe

Re: please kindly get back to me

[Austin Gonyou]

On Mon, 2002-06-03 at 18:11, J Sloan wrote:
> M. Edward (Ed) Borasky wrote:
> 
> >Now that there are Linux viruses, maybe we also need an open source
> >virus scanner.
> >  
> >
> Ah yes, the perennial "linux virus" scare -
> the anti virus labs are hard at work trying
> to drum up new business....
.....
> You'd have to dupe an unwitting superuser
> (now there's a dangerous combination) into
> running the "virus" by hand - sort of like
> the "honor system" virus....

Bwaaaaaahahahahaha!!!!! 

That's the funniest thing I've ever heard. I've never looked at it like
that! Too damn funny!



> Joe
> 
> 
> 
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at  http://www.tux.org/lkml/

Re: please kindly get back to me

[Michael H. Warfield]

On Mon, Jun 03, 2002 at 04:11:17PM -0700, J Sloan wrote:

> M. Edward (Ed) Borasky wrote:

> >Now that there are Linux viruses, maybe we also need an open source
> >virus scanner.


> Ah yes, the perennial "linux virus" scare -
> the anti virus labs are hard at work trying
> to drum up new business....

> The thing with linux/unix "virii" is, they
> are actually for the most part trojans -
> they've been in labs for years, the problem
> is that there is no suitable transport vector!

	Dude...  Where have you been?

	Remember Ramen and L1on?

	I personally researched a DNS based worm that was infecting
RedHat 6.2 and 7.0 systems by exploiting the TSIG vulnerability to
propagate last year.  It was a mess.  I discovered three variations
on that worm, TSIG-A, TSIG-B and TSIG-C, that were in active propagation
in the wild.  Even with that, I only managed to account for 1/3 of the
DNS probing that got real hot just about a year ago (I think some of the
rest of it was exploiting the earlier INVQ hole).  Fortunately, that one
did largely die off a few months later.  It's still out there, though,
on a few systems and still hasn't been totally eradicated.

	Some of these things are carrying rootkits like Adore that even
include stealth kernel modules.  Some of them are pretty damn nasty.
Then you've got the {Win32,Linux}.simile virus than can infect both
Windows PE binaries and Linux ELF binaries.  It understands both binary
formats and can cross infect between platforms.  So now a constant
noise density of infected Windows machines can provide a host population
which threatens the Linux boxes.  Fortunately, this one has not spred
widely in the wild yet, but think of the cybernetic equivalent of Ebola.
What if Nimda or one of it's progeny get loaded with that virus in
it's payload package?  The sadmind worm was spreding and infecting back
and forth betweeen Windows and Solaris where it was running on two
different HARDWARE platforms and breaking into Solaris boxes through
the sadmind hole (hence the name).  It doesn't take a rocket scientist
to load the payloads with multiple binaries for multiple platforms and
archetectures and these things are being assembled "cookie cutter"
fashion now.

	The E-Mail based "social engineering" worms that have been plaguing
the Windows world may not have a foothold in the Linux world yet, but we
(Linux/Unix/BSD) are certainly NOT immune to viruses or worms (hell, the
first internet worm was the Robert Morris worm that infect Sun systems
and propagated through holes in sendmail and finger).

	These things have been suscessful and we've been successful,
so far, at beating them back.  But they ARE getting better and we are
NOT IMMUNE.  The vectors exist every time a new remote exploit is
revealed.  Recent hybrid threats are all script driven and a new
exploit can be loaded into the warhead of a worm in minutes of it
being published and circulated in the underground.  Rootkits do
exist which subvert binaries, libraries, and even the kernel.  Kits
exist out there right now that will even load a module into a kernel
which has no loadible module support (hint, /dev/kmem) so even that
is of little help.

	It's not theoretical and it's not just in the labs.  It's real
and it's in the wild now.  It just doesn't have the population
density and the monclonal culture to make it go BANG like the Windows
worms go.  Yet...

> You'd have to dupe an unwitting superuser
> (now there's a dangerous combination) into
> running the "virus" by hand - sort of like
> the "honor system" virus....

	You're making the mistake of assuming that all worms and viruses
are E-Mail based.  While it's true that the worst ones in the Windows
world include a "social engineering" E-Mail vector, that's only one
vector.  The real worst ones, like Nimda and its ilk, do not require
E-Mail to propagate even when the CAN use E-Mail to help them propagate.
In the case of Klez, it certainly proves that human stupidity remains are
largest security vulnerability.  But Nimda is out there on its own.  TSIG
is out there on Linux on its own.  Expect more.  Expect worse.

> Joe

	Mike
-- 
 Michael H. Warfield    |  (770) 985-6132   |  mhw@WittsEnd.com
  /\/\|=mhw=|\/\/       |  (678) 463-0932   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!

Re: please kindly get back to me

[Rik van Riel]

On Mon, 3 Jun 2002, Larry McVoy wrote:
> On Mon, Jun 03, 2002 at 10:00:46PM +0300, Matti Aarnio wrote:
> >   Anti-spam technology really needs constant evolution, as those
> >   spammers do evolve themselves...
>
> If ever there was something which was screaming for an open source project,
> it's spam filtering.  It seems like every major mailing list has someone
> like Matti, working really hard on a thankless task, but losing out under
> the tide of new spam every day.  Seems to me if there was a public repository
> (sourceforge, bkbits, whatever) with a collection of procmail filters which
> have been shown to work correctly, that would be a win.

http://spamfilter.nl.linux.org/ ;)

and of course spamassassin and the dnsbl lists...

Rik
-- 
Bravely reimplemented by the knights who say "NIH".

http://www.surriel.com/		http://distro.conectiva.com/

Re: please kindly get back to me

[Herman Oosthuysen]

I have confirmed with the Canadian CRTC, that we have no explicit laws or
regulations for the control of spam and that the CRTC has no plans to get
involved, even though they have the legal authority to do so.  Basically,
they gave me the go ahead to retaliate against spammers, since neither spam
nor anti-spam is regulated.

There are various procmail recipes for the control of spam.  The trick is to
create general purpose recipes that are not tied to specific
spammers/messages.  The Spambouncer is a set of recipes that will generate a
reply message to spam and I am doing something similar on my own site.  If I
receive spam, I send it back.  If everybody would do that, then it might
have some effect.

What we really need however, is active anti-spamming.  We need system that
will subscribe them to each other's mailing lists on an ongoing basis.  If
they like spam so much, then they can send it to each other.  I have started
to do this by collecting the e-mail addresses of spammers.  I then put them
in invisible mailto: links on my web site for spammer spiders to harvest.

A while ago, AOL returned all spam in batches back to the originators,
causing their servers to crash.  A spammer sued, and AOL won.

If anyone is interested in starting Yet Another Procmail Spambouncer, then
you can count me in.

Cheers,
--
Herman Oosthuysen
Herman@WirelessNetworksInc.com
Suite 300, #3016, 5th Ave NE,
Calgary, Alberta, T2A 6K4, Canada
Phone: (403) 569-5687, Fax: (403) 235-3965
----- Original Message -----
From: Larry McVoy <lm@bitmover.com>
To: Matti Aarnio <matti.aarnio@zmailer.org>
Cc: Holzrichter, Bruce <bruce.holzrichter@monster.com>;
<linux-kernel@vger.kernel.org>
Sent: Monday, June 03, 2002 1:06 PM
Subject: Re: please kindly get back to me


> On Mon, Jun 03, 2002 at 10:00:46PM +0300, Matti Aarnio wrote:
> >   Anti-spam technology really needs constant evolution, as those
> >   spammers do evolve themselves...
>
> If ever there was something which was screaming for an open source
project,
> it's spam filtering.  It seems like every major mailing list has someone
> like Matti, working really hard on a thankless task, but losing out under
> the tide of new spam every day.  Seems to me if there was a public
repository
> (sourceforge, bkbits, whatever) with a collection of procmail filters
which
> have been shown to work correctly, that would be a win.
> --
> ---
> Larry McVoy            lm at bitmover.com
http://www.bitmover.com/lm
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at  http://www.tux.org/lkml/

Re: please kindly get back to me

[J Sloan]

Amen -

I've been working antispam detail for some
large clients, and I must say the spammers
get more devious and determined as time
goes by...

It would be great to pool our resources and
brainpower on this -

Joe

Larry McVoy wrote:

>On Mon, Jun 03, 2002 at 10:00:46PM +0300, Matti Aarnio wrote:
>  
>
>>  Anti-spam technology really needs constant evolution, as those
>>  spammers do evolve themselves...
>>    
>>
>
>If ever there was something which was screaming for an open source project,
>it's spam filtering.  It seems like every major mailing list has someone
>like Matti, working really hard on a thankless task, but losing out under
>the tide of new spam every day.  Seems to me if there was a public repository
>(sourceforge, bkbits, whatever) with a collection of procmail filters which
>have been shown to work correctly, that would be a win.
>  
>

Re: please kindly get back to me

[Pavel Machek]

Hi!

> >   Anti-spam technology really needs constant evolution, as those
> >   spammers do evolve themselves...
> 
> If ever there was something which was screaming for an open source project,
> it's spam filtering.  It seems like every major mailing list has someone

spamassassin.sf.net.
								Pavel

-- 
Philips Velo 1: 1"x4"x8", 300gram, 60, 12MB, 40bogomips, linux, mutt,
details at http://atrey.karlin.mff.cuni.cz/~pavel/velo/index.html.

Re: please kindly get back to me

[Jesse Pollard]

"Michael H. Warfield" <mhw@wittsend.com>:
...
> 
> 	It's not theoretical and it's not just in the labs.  It's real
> and it's in the wild now.  It just doesn't have the population
> density and the monclonal culture to make it go BANG like the Windows
> worms go.  Yet...
> 
...

So which do you think is better:

1. buy/write/update virus software to catch/trap the virus

2. Fix the security hole.

I put my money on #2.

There are several ways to trap attacks on daemons that have such
vulnerabilities. And using virus scanners CANNOT keep up.

The obvious solution is:

1. Use one of the high security  patches (SELinux or RSBAC) and use
   compartmentalization to keep the problem under control.
2. Use the detected problem to locate and fix the security problem in
   the daemon.

Virus scanners cannot keep up. The virus that does the damage is the one
the scanner doesn't recognize. This is equivalent to the bug that wasn't
fixed.

Generation and propagation of a patch is nearly as fast if not faster
than generating another virus signature; and is a LOT more effective.

The high security patches allow the system to continue functioning even
in the presence of the virus, as long as the virus itself is compartmented.
At one time, there was some discription of the Ramen/lion worm attempting
to attack a SELinux based system.. and failed. It did get in the daemon,
but was then isolated from the rest of the system.

I do believe that the kernel can be improved - not including daemon services
in the kernel itself is one (tux?,nfs?,... yes they work faster, but is it
worth the security risk?).

-------------------------------------------------------------------------
Jesse I Pollard, II
Email: pollard@navo.hpc.mil

Any opinions expressed are solely my own.

Re: please kindly get back to me

[Hank Leininger]

On 2002-06-03, J Sloan <joe@tmsusa.com> wrote:

> The thing with linux/unix "virii" is, they
> are actually for the most part trojans -
> they've been in labs for years, the problem
> is that there is no suitable transport vector!

> You'd have to dupe an unwitting superuser
> (now there's a dangerous combination) into
> running the "virus" by hand - sort of like
> the "honor system" virus....

...You mean like, get them to run './configure' ?[1][2]
...Or installing an RPM with trojanned binaries or install-time scripts,
without checking a signature?[3]

Unfortunately that's all too easy.  Viruses, no.  Malware, you bet.  We
can't get too complacent while laughing at the virus phenomenon.

[1] http://marc.theaimsgroup.com/?l=bugtraq&m=102233939226053&w=2
    http://marc.theaimsgroup.com/?l=bugtraq&m=102285523803434&w=2
[2] They don't have to do this as root, either.  If they do it from an
    account that can escalate privileges (i.e. is allowed to su or sudo)
    then it's game over anyway, albeit with more steps.
[3] And of course signatures are useless if the signer was owned first.
    Probably major distros are reasonably safe[4], but not Joe Random who
    produces packages and distributes them...
[4] They're not out to get you; they've already got you:
    http://www.acm.org/classics/sep95/

--
Hank Leininger <hlein@progressive-comp.com>
ALL YOUR BASE ARE BELONG TO KEN THOMPSON

RE: please kindly get back to me

[Matt_Domsch]

> On Mon, 2002-06-03 at 20:23, Matti Aarnio wrote:
> I think there are several free codes of this kind 
> available, but my time
> has been chronically over-subscribed to do radical things 
> like taking this kind of codes into use.

I've been using SpamAssassin on lists.us.dell.com for a couple months now.
It's pretty effective, but of course not perfect - maybe one a month gets
through, though I'm dealing with less traffic than vger.  I'm not actually
filtering linux-kernel-digest or -daily-digest, except to verify that the
mail actually was sent from vger and not some spammer.  With procmail
recipies, it works quite well.  Because I'm using mailman, it's a
multi-stage thing.  Procmail does the heavy lifting, and mailman sticks
suspected spam in the moderator queue.

/etc/aliases has:
linux-poweredge:         "|procmail -m /etc/procmailrcs/spamfilter post
linux-poweredge"

/etc/procmailrcs/spamfilter has:
# drop known spam senders in our killfile
:0
* ? formail -x"From" -x"From:" -x"Sender:" -x"X-Envelope-Sender:" | egrep
-is -f
 /home/mailman/SPAMMERS
/dev/null

:0fw
| spamc

# This avoids having to moderate completely obvious spam.
# Send obvious spam to /var/spool/mail/caught-spam
# Eventually we'll just send it to /dev/null instead.
:0
* ? formail -x"X-Spam-Status:" | sed -e 's/hits=//g' | \
    awk '{if ($2 < 10) exit 1}'
caught-spam

:0
|/home/mailman/mail/wrapper $1 $2


Messages that match known spammers are dropped.
Messages with scores < 5 are considered not spam.
Messages with scores 5-10 are caught by Mailman filters and dropped into
moderator queue
Messages with scores > 10 are stored in caught-spam, could be /dev/null - it
hasn't missed yet.
Mailman then has its own list of things to catch for moderation, and I've
mimic'd vger's filters too.

Successful messages give automatic whitelist points to the author, which
cuts down on false positives from people who post regularly.  In all I'm
quite pleased.  A useful addition would be automatic updates of rules as
they get added to CVS, but SpamAssassin isn't mature enough to allow such
quiet yet.

Thanks,
Matt

-- 
Matt Domsch
Sr. Software Engineer
Dell Linux Solutions www.dell.com/linux
Linux on Dell mailing lists @ http://lists.us.dell.com
#1 US Linux Server provider for 2001! (IDC Mar 2002)

Re: please kindly get back to me

[J Sloan]

Matt_Domsch@Dell.com wrote:

>I've been using SpamAssassin on lists.us.dell.com for a couple months now.
>It's pretty effective, but of course not perfect - maybe one a month gets
>through, though I'm dealing with less traffic than vger.  I'm not actually
>filtering linux-kernel-digest or -daily-digest, except to verify that the
>mail actually was sent from vger and not some spammer.  With procmail
>recipies, it works quite well.  
>
I have been honing a set of procmail rules,
but it's a fine balance between thorough
checks and excessive slowdown of the
mail thoughput -

Anybody used spam assasin for a domain
handling say a few million messages and
a few hundred GB of mail every month,
to say 12,000 users?

I'm looking for a  good tradeoff between
fairly good spam rejection, and keeping
the "fast path" from bogging down  -

Will I just have to bite the bullet and use
a pair of quad CPU monsters for mail
to get good throughput?

Joe
 

please kindly get back to me

[JOSEPH EDWARD.]

ATTN:   
I STUMBLED IN TO YOUR CONTACT BY STROCK OF LUCK AFRTER 
A LONG SEARCH FOR AN HONEST AND TRUST WORTHY PERSON WHO
COULD HANDLE ISSUE WITH HIGH CONFIDENTIALITY.
I WAS SO DELIGHTED WHEN I GOT YOUR CONTACT AND I DECIDED 
TO CONTACT YOU AND SOLICITE FOR YOUR KIND ASSISTANCE.
I HOPE YOU WILL LET THIS ISSUE TO REMAIN CONFIDENTIAL EVEN
IF YOU ARE NOT INTERESTED BECAUSE OF MY STATUS.
I PRESUME THIS MAIL WILL NOT BE A SURPRISE TO YOU.
I AM AN ACCOUNTANT WITH THE MINISTRY OF MINERAL
RESOURCES AND ENERGY IN SOUTH AFRICA AND ALSO A MEMBER
OF CONTRACTS AWARDING COMMITTEE OF THIS MINISTRY UNDER
SOUTH AFRICA GOVERNMENT.

MANY YEARS AGO, SOUTH AFRICA GOVERNMENT ASKED THIS
COMMITTEE TO AWARDS CONTRACTS TO FOREIGN FIRMS, WHICH
I AND 2 OF MY PARTNERS ARE THE LEADER OF THIS
COMMITTEE, WITH OUR GOOD POSITION , THIS CONTRACRS
WAS OVER INVOICED TO THE TUNE OF US$25,600,000:00 AS A

DEAL TO BE BENEFIT BY THE THREE TOP MEMBER OF THIS
COMMITTEE.
NOW THE CONTRACTS VALUE HAS BEEN PAID OFF TO THE
ACTUAL CONTRACTORS THAT EXECUTED THIS JOBS, ALL WE
WANT NOW IS A TRUSTED FOREIGN PARTNER LIKE YOU THAT WE

SHALL FRONT WITH HIS BANKING ACCOUNT NUMBER TO CLAIM
THE OVER INFLATED SUM.
UPON OUR AGREEMEENT TO CARRY ON THIS TRANSACTION WITH
YOU, THE SAID FUND WILL BE SHARE AS FOLLOWS.
75% WILL BE FOR US IN SOUTH AFRICA.
20% FOR USING YOUR ACCOUNT AND OTHER CONTRIBUTION
THAT MIGHT REQIURED FROM YOU.
5% IS SET ASIDE FOR THE UP FRONT EXPENCES THAT
WILL BE ENCOUNTER BY BOTH PARTY TO GET ALL NECESSARY
DOCUMENTS AND FORMARLITIES THAT WILL JUSTIFY YOU AS
THE RIGHTFUL OWNER OF THIS FUND.
IF YOU ARE INTERESTED IN THIS TRANSACTION, KINDLY
REPLY THIS MASSEGE WITH ALL YOUR PHONE AND FAX
NUMBERS, TO ENABLE US FURNISH YOU WITH DETAILS AND
PROCEDURES OF THIS TRANSACTION.
GOD BLESS YOU
YOURS FAITHFULLY.

JOSEPH EDWARD.

please kindly get back to me

[JOSEPH EDWARD.]

ATTN:   
I STUMBLED IN TO YOUR CONTACT BY STROCK OF LUCK AFRTER 
A LONG SEARCH FOR AN HONEST AND TRUST WORTHY PERSON WHO
COULD HANDLE ISSUE WITH HIGH CONFIDENTIALITY.
I WAS SO DELIGHTED WHEN I GOT YOUR CONTACT AND I DECIDED 
TO CONTACT YOU AND SOLICITE FOR YOUR KIND ASSISTANCE.
I HOPE YOU WILL LET THIS ISSUE TO REMAIN CONFIDENTIAL EVEN
IF YOU ARE NOT INTERESTED BECAUSE OF MY STATUS.
I PRESUME THIS MAIL WILL NOT BE A SURPRISE TO YOU.
I AM AN ACCOUNTANT WITH THE MINISTRY OF MINERAL
RESOURCES AND ENERGY IN SOUTH AFRICA AND ALSO A MEMBER
OF CONTRACTS AWARDING COMMITTEE OF THIS MINISTRY UNDER
SOUTH AFRICA GOVERNMENT.

MANY YEARS AGO, SOUTH AFRICA GOVERNMENT ASKED THIS
COMMITTEE TO AWARDS CONTRACTS TO FOREIGN FIRMS, WHICH
I AND 2 OF MY PARTNERS ARE THE LEADER OF THIS
COMMITTEE, WITH OUR GOOD POSITION , THIS CONTRACRS
WAS OVER INVOICED TO THE TUNE OF US$25,600,000:00 AS A

DEAL TO BE BENEFIT BY THE THREE TOP MEMBER OF THIS
COMMITTEE.
NOW THE CONTRACTS VALUE HAS BEEN PAID OFF TO THE
ACTUAL CONTRACTORS THAT EXECUTED THIS JOBS, ALL WE
WANT NOW IS A TRUSTED FOREIGN PARTNER LIKE YOU THAT WE

SHALL FRONT WITH HIS BANKING ACCOUNT NUMBER TO CLAIM
THE OVER INFLATED SUM.
UPON OUR AGREEMEENT TO CARRY ON THIS TRANSACTION WITH
YOU, THE SAID FUND WILL BE SHARE AS FOLLOWS.
75% WILL BE FOR US IN SOUTH AFRICA.
20% FOR USING YOUR ACCOUNT AND OTHER CONTRIBUTION
THAT MIGHT REQIURED FROM YOU.
5% IS SET ASIDE FOR THE UP FRONT EXPENCES THAT
WILL BE ENCOUNTER BY BOTH PARTY TO GET ALL NECESSARY
DOCUMENTS AND FORMARLITIES THAT WILL JUSTIFY YOU AS
THE RIGHTFUL OWNER OF THIS FUND.
IF YOU ARE INTERESTED IN THIS TRANSACTION, KINDLY
REPLY THIS MASSEGE WITH ALL YOUR PHONE AND FAX
NUMBERS, TO ENABLE US FURNISH YOU WITH DETAILS AND
PROCEDURES OF THIS TRANSACTION.
GOD BLESS YOU
YOURS FAITHFULLY.

JOSEPH EDWARD.