Hello forum,
Recently i have upgraded SA from 2.64 to 3.1.1 and everything was working great except to the following:
1. I am getting from time to time errors in the maillog via MailScanner "spamassassin time out". I once had that problem with the previous version of SA and resolve that by addin
> time to try them again. SpamCop, I won't go there, we have issues with
> the people at SpamCop. I neither use them nor trust them.
You REALLY need to try URIBL, and probably uriblack, and a few more of the
URI based lists. These get feeds from SpamCop and the like. But they work.
Lore
> > Sure is a stock spam rule set.
> >
> > http://www.rulesemporium.com/rules/70_sare_stocks.cf
> >
>
> Had it running 10 minutes after it was announced. My problem is worse
> than that. Possibly I could create a meta rule in my local.cf that says
> a sare_stock hit plus any other rule, add 5 point
Just a quick note that 70_sare_html0.cf has been updated. A few
obsolete rules (no longer hit any ham) have been removed, and one rule
added.
It'll take a little while longer for me to update the rest of the
70_sare_html*.cf files, and therefore 70_sare_html.cf ... if you don't
want to wait for th
I'm thinking about using MyDNS to create my own DNS blacklist. I'm
thinking I'll make it available to everyone to list IPs that are not on
other lists. Mostly virus infected zombies and such.
So - has anyone else done this? Looking for some pointers. I'm running
Exim and wanting to have Exim a
On Thursday June 1 2006 20:53, DAve wrote:
> Bayes, arrgg!! More than once I've been given examples of bayes being
> the solution I need. I really really really want bayes to work. But each
> time I set it up, the db gets huge, scan times go through the roof, and
> I end up disappointed.
> I curre
From: "Chris Santerre" <[EMAIL PROTECTED]>
From: Dallas L. Engelken [mailto:[EMAIL PROTECTED]
> From: John D. Hardin [mailto:[EMAIL PROTECTED]
> On Thu, 1 Jun 2006, Justin Mason wrote:
>
> > Dallas L. Engelken writes:
> > > for those that didn't see it, http://slashdot.org/
read "Google,
> >
From: "Dallas L. Engelken" <[EMAIL PROTECTED]>
From: John D. Hardin [mailto:[EMAIL PROTECTED]
On Thu, 1 Jun 2006, Justin Mason wrote:
> Dallas L. Engelken writes:
> > for those that didn't see it, http://slashdot.org/ read "Google,
> > Submission AdSense and NoFollow Letdown". figured I'd
On Thu, Jun 01, 2006 at 02:53:56PM -0400, DAve wrote:
> Theo, I appreciate the results, that means more to me than "upgrade".
> Results speak louder than anything else. Could you tell me the scores
> for each test? If you are as busy as I am, I understand if you can not
Not off hand, but they'r
Theo Van Dinter wrote:
On Thu, Jun 01, 2006 at 01:41:36PM -0400, DAve wrote:
Currently 3.0.4 on the toasters, 3.0.2 on the MailScanner boxes. These
[...]
http://pixelhammer.com/spam/spam1.txt
http://pixelhammer.com/spam/spam2.txt
http://pixelhammer.com/spam/spam3.txt
http://pixelhammer.com/spa
Bowie,
> > it is imperative than MSA hosts are excluded from
> > internal_networks.
> What do you do if SA is running on your MSA host?
I believe this is the only exception to the rule,
because the following probably takes precedence:
The machine you're scanning on should be internal & truste
Bayes is a stalwart here, that and the more recent versions of SA.
Best I can suggest is upgrade to 3.1.1 and run in some rules, I'm
happy to let you know which ones we use.
That being said, bayes is the only realistic way of training in spam -
adding it makes life a lot easier.
HTH
Kind regards
On Thu, Jun 01, 2006 at 01:41:36PM -0400, DAve wrote:
> Currently 3.0.4 on the toasters, 3.0.2 on the MailScanner boxes. These
[...]
> http://pixelhammer.com/spam/spam1.txt
> http://pixelhammer.com/spam/spam2.txt
> http://pixelhammer.com/spam/spam3.txt
> http://pixelhammer.com/spam/spam4.txt
> htt
DAve wrote:
Nigel Frankcom wrote:
This may be a daft question, if so, apologies in advance; but, do you
train these spam into sa?
Nope, been down the Bayes road a few times and the load on the server
never justified the spam it caught. When using bayes we always end up
babysitting it too muc
Nigel Frankcom wrote:
This may be a daft question, if so, apologies in advance; but, do you
train these spam into sa?
Nope, been down the Bayes road a few times and the load on the server
never justified the spam it caught. When using bayes we always end up
babysitting it too much. This could
> I got distracted by this AWESOME article! It was linked from /.
>
> http://www.usatoday.com/tech/news/2006-05-29-fight-club_x.htm
>
> Oh I so want to partake in that! A little bit of the ultra-violence.
> West Coast gets all the cool stuff :(
>
> Lets see Justin involved in that story!
This may be a daft question, if so, apologies in advance; but, do you
train these spam into sa?
We receive a large number of these daily and, to date, very, very few
get through.
What version of SA are you running?
KR
Nigel
On Thu, 01 Jun 2006 12:48:50 -0400, DAve <[EMAIL PROTECTED]>
wrote:
>
Title: RE: OT justin on slashdot
> -Original Message-
> From: Dallas L. Engelken [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, June 01, 2006 11:22 AM
> To: SpamAssassin Users
> Subject: RE: OT justin on slashdot
>
>
> > -Original Message-
> > From: John D. Hardin [mailto:[
Doc Schneider wrote:
DAve wrote:
Howdy,
My users are just about tired of the stock spams, we are getting many
now that are barely hitting any stock rules at all. The funny thing is
they are pretty much a legit email. No obfuscation, no funky headers,
no URL.
I am nearly ready to just stomp
On Thu, 1 Jun 2006 12:23:23 -0400, Theo Van Dinter
<[EMAIL PROTECTED]> wrote:
>On Thu, Jun 01, 2006 at 05:07:26PM +0100, Nigel Frankcom wrote:
>> If you find way of load balancing the MySQL db's I'd be very
>> interested in hearing how.
>
>I'm not a DBA, but doesn't MySQL support clustering which
DAve wrote:
Howdy,
My users are just about tired of the stock spams, we are getting many
now that are barely hitting any stock rules at all. The funny thing is
they are pretty much a legit email. No obfuscation, no funky headers, no
URL.
I am nearly ready to just stomp any and all stock mes
On Thu, Jun 01, 2006 at 05:07:26PM +0100, Nigel Frankcom wrote:
> If you find way of load balancing the MySQL db's I'd be very
> interested in hearing how.
I'm not a DBA, but doesn't MySQL support clustering which would solve
failure and load-balancing issues?
--
Randomly Generated Tagline:
"Do
Howdy,
My users are just about tired of the stock spams, we are getting many
now that are barely hitting any stock rules at all. The funny thing is
they are pretty much a legit email. No obfuscation, no funky headers, no
URL.
I am nearly ready to just stomp any and all stock messages and for
On Thu, 1 Jun 2006 11:24:00 -0400, Theo Van Dinter
<[EMAIL PROTECTED]> wrote:
>On Thu, Jun 01, 2006 at 11:16:13AM -0400, Patrick Sherrill wrote:
>> We run three sendmail servers all w/spamassassin amavis-new, clamav and
>> mcaffee. We've been using sa-learn to add to the Bayesian database. Is
>
On Thu, Jun 01, 2006 at 11:16:13AM -0400, Patrick Sherrill wrote:
> We run three sendmail servers all w/spamassassin amavis-new, clamav and
> mcaffee. We've been using sa-learn to add to the Bayesian database. Is
> there a preferred method of synchronizing the Bayesian db among the three
> serv
> -Original Message-
> From: John D. Hardin [mailto:[EMAIL PROTECTED]
> Sent: Thursday, June 01, 2006 10:17
> To: Justin Mason
> Cc: Dallas L. Engelken; SpamAssassin Users
> Subject: Re: OT justin on slashdot
>
> On Thu, 1 Jun 2006, Justin Mason wrote:
>
> > Dallas L. Engelken writes:
>
On Thu, 1 Jun 2006, Justin Mason wrote:
> Dallas L. Engelken writes:
> > for those that didn't see it, http://slashdot.org/ read "Google,
> > Submission AdSense and NoFollow Letdown". figured I'd toot his horn for
> > him. :)
> >
> > was taint.org slashdotted for a bit? I couldn't seem to acce
We run three sendmail servers all w/spamassassin amavis-new, clamav and
mcaffee. We've been using sa-learn to add to the Bayesian database. Is
there a preferred method of synchronizing the Bayesian db among the three
servers?
Apologies up front if this is a newbie RTFM question.
Pat...
Kai Schaetzl writes:
> wrote on Wed, 31 May 2006 19:37:54 -0400 (EDT):
>
> > some
> > under the 5.6.1 site_perl, some under 5.005.
>
> Did you notice that you didn't say anything about this earlier? ;-) It
> seems this is the cause of your problem.
Yeah -- I would strongly advised making sur
I've seen this before. In that case, it was a newbie "accidental
spammer", who'd been fooled into buying a scraped list which they imported
into a normal Mailman system -- they *intended* to operate a clean
mass-mailing system.
Generally they clean up once you point out the error of their ways;
Dallas L. Engelken writes:
> for those that didn't see it, http://slashdot.org/ read "Google,
> Submission AdSense and NoFollow Letdown". figured I'd toot his horn for
> him. :)
>
> was taint.org slashdotted for a bit? I couldn't seem to access it when
> the article first appeared. Seems to c
I definitely did not see an approval request. And I can now confirm
that there are some people who are trying to opt out of the list saying
they did not subscribe. I already have sent postmaster but I am not
optimistic.
Tom
Benny Pedersen wrote:
I have included the mailing in it
Kai Schaetzl wrote:
> Nels Lindquist wrote on Wed, 31 May 2006 10:04:54 -0600:
>
> > I removed the /var/lib/spamassassin/3.001002
> > directory which was blank
>
> It shouldn't exist after an install and if you ran sa-update it should
> have content. Maybe an sa-update that got interrupted?
I ha
Mark Martinec wrote:
> On Thursday June 1 2006 04:05, Matt Kettler wrote:
> > Simple rule:
> > trusted_networks - set to cover all machines that might generate a
> > Received: header that you control.
> > internal_networks - Will default to match trusted_networks if not
> > declared.
> >
> > 99%
>> I have included the mailing in it's entirety below. Is this an old trick
>> I just have not seen or is this something new using mailman to send
>> spam. I assure you I neither signed up nor confirmed a submission for this
>> mailing list. Is this just a
>> poorly configured mailman install? To
Crespillo, Matias wrote:
> I apologize in advance for making a lazy question, but is there a quick
> guide somewhere as to how to integrate Spam Assassin with an exchange
> server? Or maybe some way to set it in a way it will get the mails before,
> filter and then forward them to exchange unchange
I use a dedicated SMTP gateway running RH EL3 sendmail + SpamAssassin + ClamAV
to virus and spam check my e-mail before it goes into Exchange.
This should be fairly easy to set up as spamassassin is run without user
preferences and only uses local configuration. You might need to change MX
rec
I apologize in advance for making a lazy question, but is there a quick
guide somewhere as to how to integrate Spam Assassin with an exchange
server? Or maybe some way to set it in a way it will get the mails before,
filter and then forward them to exchange unchanged?.
Thanks a lot in advance.
wrote on Wed, 31 May 2006 19:37:54 -0400 (EDT):
> some
> under the 5.6.1 site_perl, some under 5.005.
Did you notice that you didn't say anything about this earlier? ;-) It
seems this is the cause of your problem.
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Servic
Nels Lindquist wrote on Wed, 31 May 2006 10:04:54 -0600:
> I removed the /var/lib/spamassassin/3.001002
> directory which was blank
It shouldn't exist after an install and if you ran sa-update it should
have content. Maybe an sa-update that got interrupted?
Kai
--
Kai Schätzl, Berlin, German
On Thursday June 1 2006 04:05, Matt Kettler wrote:
> Simple rule:
> trusted_networks - set to cover all machines that might generate a
> Received: header that you control.
> internal_networks - Will default to match trusted_networks if not declared.
>
> 99% of the time, you just set trusted_network
41 matches
Mail list logo
