ip.guy wrote:
> hi all
> is anyone using qmailmrtg7 to graph spamassassin stats ?
> i'm having problem with the logs spamassassin is trying to parse...
> does qmailmrtg7 looking for syslog style spamassassin logs or spmad
> specific logs?
>
> if it's looking for spamd logs, where are they kept ?
>
hi all
is anyone using qmailmrtg7 to graph spamassassin stats ?
i'm having problem with the logs spamassassin is trying to parse... does
qmailmrtg7 looking for syslog style spamassassin logs or spmad specific
logs?
if it's looking for spamd logs, where are they kept ?
my installation (with qmail
>...
>From: David B Funk <[EMAIL PROTECTED]>
>To: [EMAIL PROTECTED], users@spamassassin.apache.org
>Subject: New redirector: www.nate.com
>...
>
>Ugg, just ran across another open redirector abused in spam
>
> www.nate.com/r/XY12/target.domain
>
>where XY12 seems to be any combination of 4 letters
David Brodbeck wrote:
> lister lynch wrote:
>> I checked the PDC of the domain (W2003), and it was running DNS for
>> forward and reverse lookup zones, as well as caching lookup. There
>> shouldn't be any problem installing caching-nameserver on the FC box
>> as well, should there?
>
> No, but wh
lister lynch wrote:
I checked the PDC of the domain (W2003), and it was running DNS for
forward and reverse lookup zones, as well as caching lookup. There
shouldn't be any problem installing caching-nameserver on the FC box as
well, should there?
No, but why not just make the FC box use the PDC as
On Tue, 2005-03-22 at 17:25, Kelson wrote:
> Bob McClure Jr wrote:
> > On Tue, Mar 22, 2005 at 04:49:24PM -0500, David Brodbeck wrote:
> >>I can't give you specific instructions for FC1, but I know older versions of
> >>RedHat had a package specifically for this, all preconfigured.
> >
> > I think
Kelson wrote:
Bob McClure Jr wrote:
On Tue, Mar 22, 2005 at 04:49:24PM -0500, David Brodbeck wrote:
I can't give you specific instructions for FC1, but I know older
versions of
RedHat had a package specifically for this, all preconfigured.
I think it was pdnsd, but it appears not to be in the FC
Matt Kettler wrote:
Check out the technique used to bypass scanning mail from 127.0.0.1 on
this page:
http://qmail-scanner.sourceforge.net/
So all you need to do is add a tweak to your tcpserver/smtp.rules to
directly deliver messages from the list server's IP directly to
qmail-queue.pl, instead o
Jim Maul wrote:
>
> Ok, so if the autolearner ignores the -100 from the
> whitelist_from_rcvd and uses the score without the -100 to determine
> whether or not it should be autolearned, what is the point of adding
> the whitelist_from_rcvd entry at all? I understand that it will
> pretty much pre
On Tue, 22 Mar 2005, Matt Kettler wrote:
> Sunny Forro wrote:
>
> >Hello,
> > I've got a problem. I've got a lot of phishing attacks making it
> >through my mailscanner setup. I do have phishing fraud detection turned
> >on, and I have not modifed the phishing safe sites list. Most(if not
> >a
Bob McClure Jr wrote:
On Tue, Mar 22, 2005 at 04:49:24PM -0500, David Brodbeck wrote:
I can't give you specific instructions for FC1, but I know older versions of
RedHat had a package specifically for this, all preconfigured.
I think it was pdnsd, but it appears not to be in the FC sets. Google
fo
Matt Kettler wrote:
Jim Maul wrote:
This will not work as all it does is assign -100 points to the
message. This could cause an autolearn=ham on every message, even the
spam that people post to the list!
Sorry Jim, but that's 100% pure fallacy.. The autolearner explicitly
ignores whitelist and b
Bob McClure Jr wrote:
On Tue, Mar 22, 2005 at 07:20:32AM -0800, Robert Markin wrote:
Hey everybody,
RH9
SA 3.0.0 (invoked by procmail spamc/spamd)
Sendmail 8
Procmail
I tried to search for this on GMANE but was unsuccessful.
I would like to know how some of you guys are whitelisiting this actual
Jim Maul wrote:
>
> This will not work as all it does is assign -100 points to the
> message. This could cause an autolearn=ham on every message, even the
> spam that people post to the list!
Sorry Jim, but that's 100% pure fallacy.. The autolearner explicitly
ignores whitelist and blacklist sco
lister lynch wrote:
Our ISP, Covad, is periodically claiming that we have excessive DNS
requests and is threatening to turn off our service. It's primarily due
to SA, I think. Looked around for answers, and already set a bunch of
the BL checks to 0.0 to turn off the rules. Any idea how to furthe
On Tue, Mar 22, 2005 at 04:49:24PM -0500, David Brodbeck wrote:
> On Tue, 22 Mar 2005 15:49:01 -0500, lister lynch wrote
> > Our ISP, Covad, is periodically claiming that we have excessive DNS
> > requests and is threatening to turn off our service. It's primarily
> > due to SA, I think. Looked
On Tue, 22 Mar 2005 15:49:01 -0500, lister lynch wrote
> Our ISP, Covad, is periodically claiming that we have excessive DNS
> requests and is threatening to turn off our service. It's primarily
> due to SA, I think. Looked around for answers, and already set a
> bunch of the BL checks to 0.0 t
whitelist_from [EMAIL PROTECTED]
whitelist_from [EMAIL PROTECTED]
whitelist_from mail.apache.org
whitelist_from_rcvd [EMAIL PROTECTED]
whitelist_from_rcvd [EMAIL PROTECTED]
whitelist_from_rcvd mail.apache.org
This will not work as all it does is assign -100 points to the message.
This could caus
Quoting Matt Kettler <[EMAIL PROTECTED]>:
> lister lynch wrote:
>
> >Our ISP, Covad, is periodically claiming that we have excessive DNS
> >requests and is threatening to turn off our service. It's primarily due
> >to SA, I think. Looked around for answers, and already set a bunch of
> >the BL c
lister lynch wrote:
>Our ISP, Covad, is periodically claiming that we have excessive DNS
>requests and is threatening to turn off our service. It's primarily due
>to SA, I think. Looked around for answers, and already set a bunch of
>the BL checks to 0.0 to turn off the rules. Any idea how to f
lister lynch wrote:
Our ISP, Covad, is periodically claiming that we have excessive DNS
requests and is threatening to turn off our service. It's primarily due
to SA, I think. Looked around for answers, and already set a bunch of
the BL checks to 0.0 to turn off the rules. Any idea how to furthe
lister lynch wrote:
Our ISP, Covad, is periodically claiming that we have excessive DNS
requests and is threatening to turn off our service. It's primarily due
to SA, I think. Looked around for answers, and already set a bunch of
the BL checks to 0.0 to turn off the rules. Any idea how to furthe
Andy Norris wrote:
>
> Sorry about the oversite. I saw this email this morning after a
> not-very-good night's sleep at a motel. Struck close to my heart, as I
> just could not get the whitelist_from_rcvd to work on my box. Very
> frustrating, and a lot of time spent
If you can't get whitelist_fr
Our ISP, Covad, is periodically claiming that we have excessive DNS
requests and is threatening to turn off our service. It's primarily due
to SA, I think. Looked around for answers, and already set a bunch of
the BL checks to 0.0 to turn off the rules. Any idea how to further
prevent the excess
Jim Maul wrote:
> While the above works great for people using procmail, does anyone have
> a solution that works without procmail?
"whitelist_from_rcvd [EMAIL PROTECTED] apache.org" worked when I used static
whitelists.
I had a bunch of similar entries for various mailing lists in a big
whit
And this has what to do with Spamassassin?
Sunny Forro wrote:
Hello,
I've got a problem. I've got a lot of phishing attacks making it
through my mailscanner setup. I do have phishing fraud detection turned
on, and I have not modifed the phishing safe sites list. Most(if not
all) of the phi
Sunny Forro wrote:
>Hello,
> I've got a problem. I've got a lot of phishing attacks making it
>through my mailscanner setup. I do have phishing fraud detection turned
>on, and I have not modifed the phishing safe sites list. Most(if not
>all) of the phishing emails are ebay account notices w
Hello,
I've got a problem. I've got a lot of phishing attacks making it
through my mailscanner setup. I do have phishing fraud detection turned
on, and I have not modifed the phishing safe sites list. Most(if not
all) of the phishing emails are ebay account notices with forged IP
addresses.
Joe Polk wrote:
>If you setup a mailbox specifically for Bayes to learn and forwarded emails to
>it, will Bayes sniff them out in a forwarded form? I assume you couldn't bulk
>forward, but would this work otherwise?
>
No. If you feed sa-learn a forwarded mail, it will learn that forwarded
messages
If you setup a mailbox specifically for Bayes to learn and forwarded emails to
it, will Bayes sniff them out in a forwarded form? I assume you couldn't bulk
forward, but would this work otherwise?
--
<>
Shelley Waltz wrote:
>
>When I spamassassin -D --lint I get the following ...
>
>
>Failed to parse line in SpamAssassin configuration, skipping: body
>PT_WORDLIST_10
>Failed to parse line in SpamAssassin configuration, skipping:
>/(?:\b(?!(?:from|that|have|this|were|with)\b)[a_z]{4,12}\s+){10}/
>
Robert Markin wrote:
> Hello,
>
> Can I simply SIGHUP my spamd process after making changes to local.cf,
> or do I have to kill the pid then /usr/bin/spamd -c -d
>
> Simply put, does SIGHUP keep any flags that I may be using after my
> executable?
It should.
>
> Also, do I need to use these
On Tue, Mar 22, 2005 at 12:22:14PM -0500, Shelley Waltz wrote:
> body PT_WORDLIST_10
> /(?:\b(?!(?:from|that|have|this|were|with)\b)[a-z]{4,12}\s+){10}/
> describe PT_WORDLIST_10 string of 10+ random words
> score PT_WORDLIST_10 1.0
>
> Failed to parse line in SpamAssassin configuration, skipp
Sorry about the oversite. I saw this email this morning after a
not-very-good night's sleep at a motel. Struck close to my heart, as I just
could not get the whitelist_from_rcvd to work on my box. Very frustrating,
and a lot of time spent. I finally resorted to the MailScanner way. But I'm
tune
Robert Markin wrote:
Hello,
Can I simply SIGHUP my spamd process after making changes to local.cf,
or do I have to kill the pid then /usr/bin/spamd -c -d
Simply put, does SIGHUP keep any flags that I may be using after my
executable?
Also, do I need to use these flags at all? The man page
I am trying to use the following from a posting on Mar 2 2004
RHES3/spamassassin-2.63-1 ...
# match Bayes-poison lists of lowercase words without articles or common
#prepositions
body PT_WORDLIST_10
/(?:\b(?!(?:from|that|have|this|were|with)\b)[a-z]{4,12}\s+){10}/
describe PT_WORDLIST_10 string
wrote:
Is anybody else receiving a large amount of these?
Here is a sample:
The Oi| and Gas Advisory
Now that Oi| and Gas has entered a long-term bu|l market,
our specialty in pinpointing the hottest companies of the few remaining
undervalued energy p|ays has produced soaring returns.
Emerson
Robert Markin wrote:
Hey everybody,
RH9
SA 3.0.0 (invoked by procmail spamc/spamd)
Sendmail 8
Procmail
I tried to search for this on GMANE but was unsuccessful.
I would like to know how some of you guys are whitelisiting this
actual mailing list. I have the following in my local.cf, but I still
Andy
Robert uses procmail and spamd/spamc so your MailScanner setup (and
mine!) won't work.
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
Andy Norris wrote:
Hi Robert,
I put this in the (on my machine)
/etc/MailScanner/rules/spam.whitelist.rules:
From:
Hello,
Can I simply SIGHUP my spamd process after making changes to local.cf,
or do I have to kill the pid then /usr/bin/spamd -c -d
Simply put, does SIGHUP keep any flags that I may be using after my
executable?
Also, do I need to use these flags at all? The man page shows -c as
"create
Hi Robert,
I put this in the (on my machine) /etc/MailScanner/rules/spam.whitelist.rules:
From: jiscmail.ac.uk yes # MailScanner mailing list
From: spamassassin.apache.org yes # SpamAssassin mailing list
Those are tabs, and not spaces.
I tried a bunch of other things... but thi
I'll mention this again since i have yet to come up with a solution.
While the above works great for people using procmail, does anyone have
a solution that works without procmail? Im stuck passing all list
traffic through SA because of this. Just this morning someone on this
list posted a sp
Bob McClure Jr wrote:
On Tue, Mar 22, 2005 at 07:20:32AM -0800, Robert Markin wrote:
Hey everybody,
RH9
SA 3.0.0 (invoked by procmail spamc/spamd)
Sendmail 8
Procmail
I tried to search for this on GMANE but was unsuccessful.
I would like to know how some of you guys are whitelisiting this actual
m
Bob McClure Jr wrote:
On Tue, Mar 22, 2005 at 07:20:32AM -0800, Robert Markin wrote:
Hey everybody,
RH9
SA 3.0.0 (invoked by procmail spamc/spamd)
Sendmail 8
Procmail
I tried to search for this on GMANE but was unsuccessful.
I would like to know how some of you guys are whitelis
On Tue, Mar 22, 2005 at 07:20:32AM -0800, Robert Markin wrote:
> Hey everybody,
>
> RH9
> SA 3.0.0 (invoked by procmail spamc/spamd)
> Sendmail 8
> Procmail
>
> I tried to search for this on GMANE but was unsuccessful.
>
> I would like to know how some of you guys are whitelisiting this actual
Hey everybody,
RH9
SA 3.0.0 (invoked by procmail spamc/spamd)
Sendmail 8
Procmail
I tried to search for this on GMANE but was unsuccessful.
I would like to know how some of you guys are whitelisiting this actual
mailing list. I have the following in my local.cf, but I still get
quite a few email
Same problem here. I have written a script to cycle spamd when the CPU hits
a load average of 8 for now.
- Original Message -
From: <[EMAIL PROTECTED]>
To: "Justin Mason" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Tuesday, March 22, 2005 5:53 AM
Subject: Re: Re: SA 3.0.2 MASS
>-Original Message-
>From: Jeff Chan [mailto:[EMAIL PROTECTED]
>Sent: Tuesday, March 22, 2005 7:23 AM
>To: users@spamassassin.apache.org; SURBL Discuss
>Subject: Re: ZDNET redirecting to spammer websites?
>
>
>On Tuesday, March 22, 2005, 4:13:33 AM, Bobby Rose wrote:
>> Even though zdnet.
> Hello List, I am running SA 2.63, Posfix 2 & Amavisd-new. I have many updated
> rule sets, any rules out there to "see" letters spelled as below?
> Anyone else doing this?
>
> TIA
> Eric
>
Yes, I got a very nice one lately with all the meds in it, with pricing. It
got marked as spam because of th
Hello List, I am running SA 2.63, Posfix 2 & Amavisd-new. I have many updated
rule sets, any rules out there to "see" letters spelled as below?
The following spam got in, just thought I'd share with the list, I have never
seen this technique. My tagged above is set to -100 so I can see the tests
Greetings Pat:
Check the following:
1. /tmp is not full.
2. The directory where the spamd socket is created has the correct
ownership (uid, guid) and permissions; if it is not in the /tmp area, then
also make sure the area the socket is created is not full.
Thank you.
At 07:46 AM 3/22/
please help! still no solution for that!
still massive CPU and Mem problems
[EMAIL PROTECTED] schrieb am 16.03.2005 19:56:54:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> I would suggest running with -D and monitoring spamd memory size
> as it starts up. Something is causing it to bal
Last night, I had to do a minor hardware upgrade on my server. Later
that night when I checked my mail, I had about 20 spams, when I'd
normally get one or two during that time. Overnight, I got about
another 30. From the headers, I can see that spamd *is* running and
generating scores, but LOTS
On Tuesday, March 22, 2005, 4:13:33 AM, Bobby Rose wrote:
> Even though zdnet.com shouldn't be in SURBL, wouldn't having
> chkpt.zdnet.com (the actually site doing the redirect) be in SURBL?
Good thought, but there are two problems with that:
1. SURBLs usually list only registered domains like z
Even though zdnet.com shouldn't be in SURBL, wouldn't having
chkpt.zdnet.com (the actually site doing the redirect) be in SURBL?
-Original Message-
From: Jeff Chan [mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 22, 2005 12:38 AM
To: users@spamassassin.apache.org
Cc: SURBL Discuss
Subject:
Hi
according to Dr Google I'm not the first one to encounter this error
below.
SpamAssassin: invoked with 'spamd -D -q -u filter'
failed to load user (filter) scores from SQL database: SQL Error:
Can't connect to local MySQL server through socket
'/var/lib/mysql/mysql.sock' (13)
Thus, I canno
> I've used a different approach,
> IN MX 10 primary.domain.com (4 machines)
> IN MX 20 primary1.domain.com (2 of those 4)
> IN MX 30 primary1.domain.com (the other 2 of those 4)
> IN MX 20 backup.domain.com
> IN MX 30 primary.domain.com
> Seems to force most of the spam through the primary. Very
Chris Santerre wrote:
-Original Message-
From: Jeff Chan [mailto:[EMAIL PROTECTED]
Sent: Friday, March 18, 2005 2:21 AM
To: users@spamassassin.apache.org
Subject: Re: OT: SURBL usage for content-filters like SquidGuard?
On Thursday, March 17, 2005, 7:13:32 PM, Jason Haar wrote:
I was wonder
On Monday, March 21, 2005, 9:43:02 PM, Jeff Chan wrote:
> On Monday, March 21, 2005, 7:34:56 AM, Larry Rosenbaum wrote:
>> We received a drug spam containing the following URL:
>> http://chkpt.zdnet.com/chkpt/supposedtoallow/fdl%2ev%69%61%67%73.co%6d/p/b/kmioa
>> This URL will actually take you t
On Monday, March 21, 2005, 7:34:56 AM, Larry Rosenbaum wrote:
> We received a drug spam containing the following URL:
> http://chkpt.zdnet.com/chkpt/supposedtoallow/fdl%2ev%69%61%67%73.co%6d/p/b/kmioa
> This URL will actually take you to fdl.viags.com (which then goes to
> www.simply-rx.net). As
On Monday, March 21, 2005, 8:55:17 PM, David Funk wrote:
> Ugg, just ran across another open redirector abused in spam
> www.nate.com/r/XY12/target.domain
> where XY12 seems to be any combination of 4 letters and digits.
> Looks like some Korean ISP thingie.
Yes, we spotted it earlier. It's b
On Monday, March 21, 2005, 11:32:45 AM, Bobby Rose wrote:
> Wouldn't this just be something that SURBL should take care of? If this
> URL is the source of spam then it should be in SURBL regardless if it's
> in the zdnet.com domain. Right!?
Which domain are you referring to?
zdnet.com should no
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Eric, I think you've found another bug ;) could you open a BZ
entry on this?
- --j.
Eric A. Hall writes:
> Eric A. Hall wrote:
>
> > I'm storing the session variables (such as login status) as part of $self,
> > and storing message variables with
In that case I'd have a few REALLY choice words for them. They are
serving as an open spam redirector. Of course, I never get anything
legitimate from them so zdnet.com can simply be black listed locally
for the entire domain.
{^_^}
- Original Message -
From: <[EMAIL PROTECTED]>
> Let's
Ugg, just ran across another open redirector abused in spam
www.nate.com/r/XY12/target.domain
where XY12 seems to be any combination of 4 letters and digits.
Looks like some Korean ISP thingie.
--
Dave Funk University of Iowa
College of Engineering
319
Matt Kettler wrote:
> Second, converting to spamc/spamd would be SLOWER for a MimeDefang
> setup, not faster.
eh... depends on what else MIMEDefang is doing...
> MimeDefang calls the SpamAssassin perl API's directly, a method that
> is faster than using spamc/spamd, but is only usable by tools w
I've used a different approach,
IN MX 10 primary.domain.com (4 machines)
IN MX 20 primary1.domain.com (2 of those 4)
IN MX 30 primary1.domain.com (the other 2 of those 4)
IN MX 20 backup.domain.com
IN MX 30 primary.domain.com
Seems to force most of the spam through the primary. Very little goe
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Stuart Johnston writes:
> I have been receiving pill spams lately that have an ampersand encoded
> in the URL. This seems to confuse URIDNSBL and results in the message
> passing through. A debug output shows this:
>
> debug: uri found:
> http:/
I have been receiving pill spams lately that have an ampersand encoded
in the URL. This seems to confuse URIDNSBL and results in the message
passing through. A debug output shows this:
debug: uri found:
http://www.awt&fdaojj.com.easysimpleRx-munged.com/b/S0gyR2twMGpWbjkxQkQxQThihxqq
debug: ur
Is anybody else receiving a large amount of these?
Here is a sample:
The Oi| and Gas Advisory
Now that Oi| and Gas has entered a long-term bu|l market,
our specialty in pinpointing the hottest companies of the few remaining
undervalued energy p|ays has produced soaring returns.
Emerson Oil and Ga
Vicki Brown wrote:
>At 10:55 -0500 03/19/2005, Matt Kettler wrote:
>
>
>>And be sure to spamassassin --lint it (should run without any messages),
>>and restart spamd after adding the rules.
>>
>>
>
>
>I realize that this is standard canonical advice and I will make the
>necessary assumption
>>From [EMAIL PROTECTED] Mon Mar 21 12:58:20 2005
>Date: 21 Mar 2005 21:03:22 -
>Subject: RE: ZDNET redirecting to spammer websites?
>To: List Mail User <[EMAIL PROTECTED]>
>From: [EMAIL PROTECTED]
>...
>
>>>
>>> P.S. The address, if it does exist, would seem to be in the center of the
>>> w
72 matches
Mail list logo