Mailing List Archive

Jim Knuth a écrit :
> Am 24.10.2008 1:31 Uhr, schrieb mouss:
>> Jean-Paul Natola a écrit :
>>> Hi all,
>>>
>>> I've been out of the loop for a couple of months do a rollout, so I came back
>>> to my SA today as I have seen A LOT more spam coming in than normal, I
>>> upgraded to 3.2.5 today, and ran sa-update but , i dont seem to see any new
>>> rules, and i;m getting clobbered with spam.
>>>
>>>
>>> Has something cahnged? are the rules still going into
>>> /usr/local/etc/mail/spamassasin
>> no these are your custom rules.
>>
>> sa-update rules go to /var/db/spamassassin/...
>
> But on Debian to /var/lib/spamassassin/.. ;)
>

sure, but I doubt he is running Debian on top of freebsd 6.2 with
/usr/local/etc/mail/spamassassin for the "custom" rules directory :)


>>
>>>
>>> I run site wide config
>>>
>>> freebsd 6.2
>>
>
>

Am 24.10.2008 9:30 Uhr, schrieb mouss:
> Jim Knuth a écrit :
>> Am 24.10.2008 1:31 Uhr, schrieb mouss:
>>> Jean-Paul Natola a écrit :
>>>> Hi all,
>>>>
>>>> I've been out of the loop for a couple of months do a rollout, so I came back
>>>> to my SA today as I have seen A LOT more spam coming in than normal, I
>>>> upgraded to 3.2.5 today, and ran sa-update but , i dont seem to see any new
>>>> rules, and i;m getting clobbered with spam.
>>>>
>>>>
>>>> Has something cahnged? are the rules still going into
>>>> /usr/local/etc/mail/spamassasin
>>> no these are your custom rules.
>>>
>>> sa-update rules go to /var/db/spamassassin/...
>> But on Debian to /var/lib/spamassassin/.. ;)
>>
>
> sure, but I doubt he is running Debian on top of freebsd 6.2 with

Yes, sorry. I do not seen.

> /usr/local/etc/mail/spamassassin for the "custom" rules directory :)
>
>
>>>>
>>>> I run site wide config
>>>>
>>>> freebsd 6.2
>>
>


--
mit freundlichem Gruss - with kind regard
Jim Knuth
#ICQ 277289867

Bitte keine geschaeftliche Anfragen.
Dies ist mein privater Account!
Please ask no business inquiries.
That is only my private account!

On Tue, 2009-04-21 at 10:33 +0430, amir reza rahbaran wrote:
> I ran sa-update and nothing was wrong . After completing its work I
> run "stat /var/lib/spamassassin/3.002004/" and show following results:

Please note that sa-update is silent, unless there are errors --
regardless whether there was an update or not. You can check the exit
code to see if anything has actually been updated.

http://wiki.apache.org/spamassassin/RuleUpdates


> File: `/var/lib/spamassassin/3.002004/'

> Access: 2009-04-21 08:08:36.000000000 +0430
> Modify: 2009-04-16 08:46:46.000000000 +0430
> Change: 2009-04-16 08:46:46.000000000 +0430
>
> The first question is that why Change Date has not changed yet
> (Today`s Date: 2009-04-21) ?

Because there is no update since April 16.

> Second how can I get spamassassin update date ?

The per-channel cf file probably is a good indication about when you
last run sa-update *and* an update actually was available. (It is not
the date of the update being pushed, though.)

$ ls -l /var/lib/spamassassin/3.002005/updates_spamassassin_org.cf

guenther


--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}

Please keep list-posts on list, please Reply to List.

On Tue, 2009-04-21 at 19:27 +0430, amir reza rahbaran wrote:
> yes, you`re right and the sa-update exit with code 1 and this is the
> result of

Yes, an exit code of 1 means there is no update. It does *not* indicate
any error.

> update report with "/usr/bin/sa-update -D --channelfile /etc/spam_channellist"
[ verbose debug stuff snipped ]
> [3449] dbg: channel: metadata version = 759778
> [3449] dbg: dns: 4.2.3.updates.spamassassin.org => 759778, parsed as 759778
> [3449] dbg: channel: current version is 759778, new version is 759778, skipping channel
> [3449] dbg: diag: updates complete, exiting with code 1
>
> what shall I do?
> thanks in advanced.

Do about what? The above clearly shows what I told you before. There is
no newer update, you are already up-to-date with the latest update
available.

Anyway, since you asked what to do: I suggest carefully re-reading my
previous post and the documentation I referenced.

guenther


[ full-quote snipped as well ]

--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}

Thank you very much Katsten :)

2009/4/21 Karsten Bräckelmann <guenther@rudersport.de>

> Please keep list-posts on list, please Reply to List.
>
> On Tue, 2009-04-21 at 19:27 +0430, amir reza rahbaran wrote:
> > yes, you`re right and the sa-update exit with code 1 and this is the
> > result of
>
> Yes, an exit code of 1 means there is no update. It does *not* indicate
> any error.
>
> > update report with "/usr/bin/sa-update -D --channelfile
> /etc/spam_channellist"
> [ verbose debug stuff snipped ]
> > [3449] dbg: channel: metadata version = 759778
> > [3449] dbg: dns: 4.2.3.updates.spamassassin.org => 759778, parsed as
> 759778
> > [3449] dbg: channel: current version is 759778, new version is 759778,
> skipping channel
> > [3449] dbg: diag: updates complete, exiting with code 1
> >
> > what shall I do?
> > thanks in advanced.
>
> Do about what? The above clearly shows what I told you before. There is
> no newer update, you are already up-to-date with the latest update
> available.
>
> Anyway, since you asked what to do: I suggest carefully re-reading my
> previous post and the documentation I referenced.
>
> guenther
>
>
> [ full-quote snipped as well ]
>
> --
> char *t="\10pse\0r\0dtu\0.@ghno
> \x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
> main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8?
> c<<=1:
> (c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0;
> }}}
>
>

hi, I want to set sa-update in a cron job. Do you know how often it takes to
release the updates?

On Wed, Apr 22, 2009 at 9:54 AM, amir reza rahbaran <
amirrezarahbaran@gmail.com> wrote:

> Thank you very much Katsten :)
>
> 2009/4/21 Karsten Bräckelmann <guenther@rudersport.de>
>
>> Please keep list-posts on list, please Reply to List.
>>
>>
>> On Tue, 2009-04-21 at 19:27 +0430, amir reza rahbaran wrote:
>> > yes, you`re right and the sa-update exit with code 1 and this is the
>> > result of
>>
>> Yes, an exit code of 1 means there is no update. It does *not* indicate
>> any error.
>>
>> > update report with "/usr/bin/sa-update -D --channelfile
>> /etc/spam_channellist"
>> [ verbose debug stuff snipped ]
>> > [3449] dbg: channel: metadata version = 759778
>> > [3449] dbg: dns: 4.2.3.updates.spamassassin.org => 759778, parsed as
>> 759778
>> > [3449] dbg: channel: current version is 759778, new version is 759778,
>> skipping channel
>> > [3449] dbg: diag: updates complete, exiting with code 1
>> >
>> > what shall I do?
>> > thanks in advanced.
>>
>> Do about what? The above clearly shows what I told you before. There is
>> no newer update, you are already up-to-date with the latest update
>> available.
>>
>> Anyway, since you asked what to do: I suggest carefully re-reading my
>> previous post and the documentation I referenced.
>>
>> guenther
>>
>>
>> [ full-quote snipped as well ]
>>
>> --
>> char *t="\10pse\0r\0dtu\0.@ghno
>> \x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
>> main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8?
>> c<<=1:
>> (c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0;
>> }}}
>>
>>
>

On 22.04.09 15:10, amir reza rahbaran wrote:
> hi, I want to set sa-update in a cron job. Do you know how often it takes to
> release the updates?

depends on what. Ordinary rules get updated once per few weeks/months, but
checking daily should not be a problem.

Sought rules are ~uprated every 4 hours. I don't know about other rules,
SARE rules were reported not to be updated at all for some time, checking
daily should not do any harm again imho.

--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"Two words: Windows survives." - Craig Mundie, Microsoft senior strategist
"So does syphillis. Good thing we have penicillin." - Matthew Alton

Sorry. I dont understand what you mean?



Jean-Yves Avenard-2 wrote:
>
> 2010/1/14 brodos <gtorleif@start.no>:
>>
>> Ok. Thanks!
>> Is there any security risks when running SA-update as root?
>
> According to the SA doc: then don't enable user rules.. (they are
> disabled by default)
>
>

--
View this message in context: http://old.nabble.com/SA-update-tp27158542p27161927.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.

Kaleb Hosie wrote:
> I've just finished updating my production server to SpamAssassin 3.3.0 and I immediately ran sa-update to get the latest rule set for SpamAssassin. Is there a way to tell whether sa-update downloaded the latest definitions correctly?
>
> A user has just emailed me with some SPAM that was sent about an hour after I upgraded. I looked at the message and it was a "Casino promotional offer"; I've posted the spam headers below:
>
> X-Spam-Status: No, score=2.2 required=5.0 tests=BAYES_00,HTML_IMAGE_ONLY_28,
> HTML_MESSAGE,RCVD_IN_BRBL_LASTEXT,T_RP_MATCHES_RCVD,URIBL_JP_SURBL
> autolearn=no version=3.3.0
>
> The only configuration I've changed since the install was the "report_safe" and "trusted_networks" option. Is there something else I need to configure to fine tune SA?
>

The main problem is the BAYES_00 rule. Apparently, your bayes db thinks
this email is definitely not spam. Are you sure it is being trained
properly?

Without any bayes hit, this would have scored 4.8. If you can get bayes
to score it as spam, you'll have it.

--
Bowie

Bowie Bailey wrote:
>The main problem is the BAYES_00 rule. Apparently, your bayes db thinks this email is definitely not spam. Are you sure it is being trained properly?
>
>Without any bayes hit, this would have scored 4.8. If you can get bayes to score it as spam, you'll have it.
>
>--
>Bowie

I have to be honest, bayes is oen of the things I'm not too sure with. Would you have a good link that would explain how to properly train it? Or how to work with bayes?

In my environment, postfix passes the message onto the exchange server so once it releases the message, I don't have anything to train bayes with since it's deleted. Thanks again

Kaleb

On Friday 19 March 2010 16:17:21 Kaleb Hosie wrote:
> Is there a way to tell whether sa-update downloaded the latest definitions
> correctly?

Yes:
sa-update -v


Mark

Hi,

See this link for a way to train bayes, when using exchange.

mvh

On Fri, Mar 19, 2010 at 4:58 PM, Kaleb Hosie <khosie@spectraaluminum.com> wrote:
> Bowie Bailey wrote:
>>The main problem is the BAYES_00 rule.  Apparently, your bayes db thinks this email is definitely not spam.  Are you sure it is being trained properly?
>>
>>Without any bayes hit, this would have scored 4.8.  If you can get bayes to score it as spam, you'll have it.
>>
>>--
>>Bowie
>
> I have to be honest, bayes is oen of the things I'm not too sure with. Would you have a good link that would explain how to properly train it? Or how to work with bayes?
>
> In my environment, postfix passes the message onto the exchange server so once it releases the message, I don't have anything to train bayes with since it's deleted. Thanks again
>
> Kaleb
>

On Fri, 19 Mar 2010 11:17:21 -0400
Kaleb Hosie <khosie@spectraaluminum.com> wrote:


> The only configuration I've changed since the install was the
> "report_safe" and "trusted_networks" option. Is there something else
> I need to configure to fine tune SA?

You need to set internal_networks.

You can set only internal_networks if you like, but otherwise set both
and include the internal in trusted.

On Fri, 2010-03-19 at 11:58 -0400, Kaleb Hosie wrote:

> In my environment, postfix passes the message onto the exchange server
> so once it releases the message, I don't have anything to train bayes
> with since it's deleted.
>
Add an 'always_bcc' directive to your Postfix configuration to grab a
copy of all mail passing through it and send it to a capture mailbox.
Use a procmail recipe to classify mail arriving in the capture mailbox
as ham, spam or indeterminate and file it appropriately for input to
sa_learn.

Martin

>> In my environment, postfix passes the message onto the exchange server
>> so once it releases the message, I don't have anything to train bayes
>> with since it's deleted.
>>
>Add an 'always_bcc' directive to your Postfix configuration to grab a copy of all mail passing through it and send it to a capture mailbox.
>Use a procmail recipe to classify mail arriving in the capture mailbox as ham, spam or indeterminate and file it appropriately for input to sa_learn.
>
>Martin

That is perfect! I've done that and it saves the mail locallly. The only problem is that when I open the file for the users mailbox, it makes all of the email as one large text file with one email after the next. Is that normal?

I wouldn't have to go through it and separate each mail would I?

Kaleb

>>> On 3/26/2012 at 10:48 PM, Jeremy McSpadden <jeremy@fluxlabs.net> wrote:
> Sa-update should reload SA, therefore reloading rules. What error are you
> getting ?
>
>
> --
> Jeremy McSpadden

Running "/usr/sbin/spamassassin reload" produces

"warn: archive-iterator: unable to open reload: No such file or directory"

This is SUSE SLES10, there is no "/etc/init.d/spamassassin" (the example sited in docs), which is why I attempted the above.

On Tue, 27 Mar 2012 06:08:02 -0400
joea@j4computers.com wrote:

> >>> On 3/26/2012 at 10:48 PM, Jeremy McSpadden <jeremy@fluxlabs.net>
> >>> wrote:
> > Sa-update should reload SA, therefore reloading rules. What error
> > are you getting ?
> >
> >
> > --
> > Jeremy McSpadden
>
> Running "/usr/sbin/spamassassin reload" produces
>
> "warn: archive-iterator: unable to open reload: No such file or
> directory"
>
> This is SUSE SLES10, there is no "/etc/init.d/spamassassin" (the
> example sited in docs), which is why I attempted the above.


Just restart spamd or send it SIGHUP (which is, I presume, what reload
does).

27.3.2012 13:08, joea@j4computers.com kirjoitti:
>>>> On 3/26/2012 at 10:48 PM, Jeremy McSpadden <jeremy@fluxlabs.net> wrote:
>> Sa-update should reload SA, therefore reloading rules. What error are you
>> getting ?
>>
>>
>> --
>> Jeremy McSpadden
>
> Running "/usr/sbin/spamassassin reload" produces
>
> "warn: archive-iterator: unable to open reload: No such file or directory"
>
> This is SUSE SLES10, there is no "/etc/init.d/spamassassin" (the example sited in docs), which is why I attempted the above.
>

It may be named differently, maybe /etc/init.d/spamd

However running spamassassin is no help. It is not spamd.

On Tue, 2012-03-27 at 21:47 +0300, Jari Fredriksson wrote:
> 27.3.2012 13:08, joea@j4computers.com kirjoitti:
> >>>> On 3/26/2012 at 10:48 PM, Jeremy McSpadden <jeremy@fluxlabs.net> wrote:
> >> Sa-update should reload SA, therefore reloading rules. What error are you
> >> getting ?
> >>
> >>
> >> --
> >> Jeremy McSpadden
> >
> > Running "/usr/sbin/spamassassin reload" produces
> >
> > "warn: archive-iterator: unable to open reload: No such file or directory"
> >
> > This is SUSE SLES10, there is no "/etc/init.d/spamassassin" (the example sited in docs), which is why I attempted the above.
> >
>
> It may be named differently, maybe /etc/init.d/spamd
>
> However running spamassassin is no help. It is not spamd.
>
Fedora 14 and earlier, which use the Sys V init service management
system, called the spamd daemon management
script /etc/init.d/spamassassin so its a reasonable guess that
equivalent RHEL releases as well as other RedHat related distros will do
the same.

Since Fedora 15 RH has changed over to using the systemd service
management system and the relevant command is now

systemctl start|stop|restart|status spamassassin.service

though SA itself is, of course, still /usr/bin/spamassassin as always.

Martin

On Sat, 5 Apr 2014, Amir Reza Rahbaran wrote:

> I want to know how long it takes custom signatures updated by sa-update.

Daily, if the corpora are sufficient for masscheck scoring to run.

At the moment the masscheck corpus is ham-starved. There's not quite
enough ham available for reliable scores to be generated and published.

Once again, participation as a mass-checker, especially if you can provide
a non-English ham corpus, is solicited. If you have access to thousands of
reliably-categorized messages and can set up a box to run SpamAssassin to
scan them to test the performance of the base rules, please consider
becoming a masscheck contributor. The content of private messages is not
exposed by this process, only the rule hits are public.

If you can do this, see the wiki for the process and contact Kevin McGrail
for upload credentials. Thanks!

--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
The difference is that Unix has had thirty years of technical
types demanding basic functionality of it. And the Macintosh has
had fifteen years of interface fascist users shaping its progress.
Windows has the hairpin turns of the Microsoft marketing machine
and that's all. -- Red Drag Diva
-----------------------------------------------------------------------
8 days until Thomas Jefferson's 271st Birthday

On 2014-04-05 09:14, John Hardin wrote:
> On Sat, 5 Apr 2014, Amir Reza Rahbaran wrote:
>
>> I want to know how long it takes custom signatures updated by sa-update.
>
> Daily, if the corpora are sufficient for masscheck scoring to run.
>
> At the moment the masscheck corpus is ham-starved. There's not quite
> enough ham available for reliable scores to be generated and published.
>
> Once again, participation as a mass-checker, especially if you can
> provide a non-English ham corpus, is solicited. If you have access to
> thousands of reliably-categorized messages and can set up a box to run
> SpamAssassin to scan them to test the performance of the base rules,
> please consider becoming a masscheck contributor. The content of
> private messages is not exposed by this process, only the rule hits
> are public.
>
> If you can do this, see the wiki for the process and contact Kevin
> McGrail for upload credentials. Thanks!

I've been idly debating figuring out how to contribute, but having read
the wiki articles, I have a few questions:

Is older ham useful? It specifically mentions that older spam isn't
useful, and why, but I'm thinking older ham is probably useful since old
mail clients and legitimately sent mail never dies. But I could filter
based on date.

Is mail "Sent" folder mail of any use? I suspect not, since there's not
necessarily a Received header yet (although there might be, it depends
on how the user sent the message), so direct-to-MX and similar rules
will skew.

Is a ham-only corpus submission useful? Our ham is well cleaned, but we
don't archive spam on an ongoing basis, and users primarily just delete
spam. But most of our users archive ham and retain it, so depending on
what the results look like, it might be useful data source.

--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren

On Sun, 6 Apr 2014, Dave Warren wrote:

> On 2014-04-05 09:14, John Hardin wrote:
>> On Sat, 5 Apr 2014, Amir Reza Rahbaran wrote:
>>
>> > I want to know how long it takes custom signatures updated by sa-update.
>>
>> Daily, if the corpora are sufficient for masscheck scoring to run.
>>
>> At the moment the masscheck corpus is ham-starved. There's not quite
>> enough ham available for reliable scores to be generated and published.
>>
>> Once again, participation as a mass-checker, especially if you can provide
>> a non-English ham corpus, is solicited. If you have access to thousands of
>> reliably-categorized messages and can set up a box to run SpamAssassin to
>> scan them to test the performance of the base rules, please consider
>> becoming a masscheck contributor. The content of private messages is not
>> exposed by this process, only the rule hits are public.
>>
>> If you can do this, see the wiki for the process and contact Kevin McGrail
>> for upload credentials. Thanks!
>
> I've been idly debating figuring out how to contribute, but having read the
> wiki articles, I have a few questions:
>
> Is older ham useful? It specifically mentions that older spam isn't useful,
> and why, but I'm thinking older ham is probably useful since old mail clients
> and legitimately sent mail never dies. But I could filter based on date.

There's some debate about that. :)

I personally agree with you. Others disagree.

> Is mail "Sent" folder mail of any use? I suspect not, since there's not
> necessarily a Received header yet (although there might be, it depends on how
> the user sent the message), so direct-to-MX and similar rules will skew.
>
> Is a ham-only corpus submission useful? Our ham is well cleaned, but we don't
> archive spam on an ongoing basis, and users primarily just delete spam. But
> most of our users archive ham and retain it, so depending on what the results
> look like, it might be useful data source.

Yes, ham-only masscheck submissions would be very welcome.

--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Men by their constitutions are naturally divided in to two parties:
1. Those who fear and distrust the people and wish to draw all
powers from them into the hands of the higher classes. 2. Those who
identify themselves with the people, have confidence in them,
cherish and consider them as the most honest and safe, although not
the most wise, depository of the public interests.
-- Thomas Jefferson
-----------------------------------------------------------------------
7 days until Thomas Jefferson's 271st Birthday

On Sat, 5 Apr 2014 09:14:56 -0700 (PDT)
John Hardin <jhardin@impsec.org> wrote:

> On Sat, 5 Apr 2014, Amir Reza Rahbaran wrote:
>
> > I want to know how long it takes custom signatures updated by
> > sa-update.
>
> Daily, if the corpora are sufficient for masscheck scoring to run.
>
> At the moment the masscheck corpus is ham-starved. There's not quite
> enough ham available for reliable scores to be generated and
> published.

This explains why SA is not catching any spam here? After updating
to updates 1584283 and then 1585021, all spam is being passed. Nothing
else was done. No other changes made.

jd

On 2014-04-06 17:21, John Hardin wrote:
> On Sun, 6 Apr 2014, Dave Warren wrote:
>
>> Is older ham useful? It specifically mentions that older spam isn't
>> useful, and why, but I'm thinking older ham is probably useful since
>> old mail clients and legitimately sent mail never dies. But I could
>> filter based on date.
>
> There's some debate about that. :)
>
> I personally agree with you. Others disagree.

I've been giving it some thought and I think that perhaps limiting it to
the last few months will make it easier to get a sane set of
TRUSTED_NETWORKS and INTERNAL_NETWORKS; I've got mail going back to
~2002 but no real recollection of how things were set up or named prior
to 2007 or so.

Initially I'll limit it to mail within the last couple of months, but
perhaps expand that up to 24-36 months for non-spam and 6 months for
spam, is that sane/reasonable?


> Yes, ham-only masscheck submissions would be very welcome.

Perfect, glad to hear it. At this point I've built a dedicated box to
run the masscheck scripts, so now it's just a matter of putting together
a corpus and doing some sanity checking and testing.

My current thought is to take user-fed spam and non-spam folders and
place copies of messages into a staging path which will then be reviewed
before being added to the corpus for learning. Hopefully I'll be ready
to go live within a day or two.


--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren

On 4/7/2014 3:17 AM, Dave Warren wrote:
> On 2014-04-06 17:21, John Hardin wrote:
>> On Sun, 6 Apr 2014, Dave Warren wrote:
>>
>>> Is older ham useful? It specifically mentions that older spam isn't
>>> useful, and why, but I'm thinking older ham is probably useful since
>>> old mail clients and legitimately sent mail never dies. But I could
>>> filter based on date.
>>
>> There's some debate about that. :)
>>
>> I personally agree with you. Others disagree.
>
> I've been giving it some thought and I think that perhaps limiting it
> to the last few months will make it easier to get a sane set of
> TRUSTED_NETWORKS and INTERNAL_NETWORKS; I've got mail going back to
> ~2002 but no real recollection of how things were set up or named
> prior to 2007 or so.
>
> Initially I'll limit it to mail within the last couple of months, but
> perhaps expand that up to 24-36 months for non-spam and 6 months for
> spam, is that sane/reasonable?
I think 3 years makes a lot of sense for reasons I'd rather not discuss
on-list for fear the spammers will learn more than I will be able to
usefully convey.

Regards,
KAM