Marc Perkel wrote:
OK - it's interesting that of all of you who responded this is the only
person who is doing it right. I have to say that I'm somewhat surprised
that so few people are preprocessing their email to reduce the SA load.
As we all know SA is very processor and memory expensive.
Theo Van Dinter wrote:
On Thu, Aug 16, 2007 at 09:47:06AM -0700, Jo Rhett wrote:
(dropping "__TVT_MIME_" for ease of typing)
You just don't like typing my initials... ;)
Honestly not. I just skip common prefixes when typing ;-)
ATT is a meta of ATT_AP *or* ATT_AOPDF.
But the PDF_FINGER01
I have a FreeBSD machine running qmail, SpamAssassin and ClamAV. The machine
is receiving 200,000 e-mail messages per day, courtesy of Rumpelstiltskin
attacks from thousands of different IP addresses each day, and SpamAssassin
appears to be overwhelmed. I have about 50,000 e-mail messages in
On Sat, 2007-08-18 at 19:26 -0700, Jo Rhett wrote:
> Loren Wilton wrote:
> > From: "Jo Rhett" <[EMAIL PROTECTED]>
> >
> >> So the only thing which is actually working to catch these is bayes
> >> and bayes-based systems. Not rules, and not AV.
> >
> > Is that a statement about your own system?
Loren Wilton wrote:
From: "Jo Rhett" <[EMAIL PROTECTED]>
So the only thing which is actually working to catch these is bayes
and bayes-based systems. Not rules, and not AV.
Is that a statement about your own system? MANY people have responded
that quite a number of other things like pdfinf
In my version 3.2.3 SA; File: 50_scores.cf sets the
score for EXTRA_MPART_TYPE fixed to a value of "1"
(per Bug 5110).
Sounds like a bad upgrade or platform package
build as the libraries don't appear to be matching
the version of SA?
I suspect that other stuff is not working right also.
J
>
> I've read this list for a long time. I've seen some really, truly STUPID
> questions come through...and seen them be answered, civilly, helpfully.
> The
> only difference is I don't have a masculine username. I truly hate coming
> off as a cranky feminist who complains I am being treated unf
I am seeing e-mail getting points for being 3-6 hrs in future While it
looks like this is a result of improperly set system time on the sending
MTA, I wanted to bounce this off someone to make sure this is not a
spamassassin issue.
With respect to a recent e-mail (headers below):
Time actua
Robert - elists-2 wrote:
>
>
>>
>> I have *always* run SA through MailScanner. This configuration is not
>> new,
>> I
>> have run it this way for *years*. The only thing that's new is the
>> version
>> of SA. As soon as I upgraded to v3.2.3, the problems started.
>>
>> If you can't be helpfu
Nix wrote:
> On 17 Aug 2007, Jerry Durand told this:
>> Why do they need a "personal mail server"?
>
> Well, I use my own MTA because I've had repeated problems with ISP MTAs
> losing my mail, corrupting it, going down at inconvenient moments (like
> Friday evening to come back up only on Monday)
>
> I have *always* run SA through MailScanner. This configuration is not new,
> I
> have run it this way for *years*. The only thing that's new is the version
> of SA. As soon as I upgraded to v3.2.3, the problems started.
>
> If you can't be helpful, I can certainly understand. But I don't nee
MaraBlue wrote on Sat, 18 Aug 2007 12:46:34 -0700 (PDT):
> If you can't be helpful, I can certainly understand. But I don't need an
> argument, nor your attitude.
Thank you. It's not my fault that you don't understand the reasoning behind my
hints. You could have just done what I proposed instea
Just take away the scores for the individual RBLs, and your yellow
list as another RBL, and use metarules to score.
-Aaron
On 8/18/07, Marc Perkel <[EMAIL PROTECTED]> wrote:
> I have what I call a yellow list which is a list of IP addresses of
> hosts like yahoo, google, hotmail, aol, etc tha
Kai Schaetzl wrote:
>
> MaraBlue wrote on Sat, 18 Aug 2007 09:43:55 -0700 (PDT):
>
>> I know it's ignoring the rules in local.cf because of the spam that's
>> getting through. Some time back I changed EXTRA_MPART_TYPE to 4.0. Since
>> upgrading to v3.2.3 spam is getting tagged at the default 2
Kai Schätzl wrote:
>>
>> You don't understand at all. What gets put in the comment is up to the
>> sender.
>> They can put *everything* there and it's legit. You do not control it at all
>> and you do not send them a reply "please change my name in your addressbook
>> to
>> xyz". It can be t
>> I have a few blacklists that I trust but one thing I do is that I have
>> a big white list of good hosts that let me route more than half og my
>> good email around SA which reduces load and increases accuracy.
Hi Mark,
would a good host be one that uses egress spam filtering?
Even companies w
Alberto, your reasoning is correct, based on my experience of actually
implementing and using such a system, albeit in a small scale environment.
As "sm" points out, it is particularly useful as a "pass" rule for exact
matches to your users' actual email client "real name"s.
I've implemented this
Nix wrote on Sat, 18 Aug 2007 17:35:20 +0100:
> Competent ISPs give you rDNS. (Really good ones delegate your rDNS to
> you.)
So, your ISP is not competent? How would they give specific rDNS to
dynamic IP addresses, anyway?
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Interne
MaraBlue wrote on Sat, 18 Aug 2007 09:43:55 -0700 (PDT):
> I know it's ignoring the rules in local.cf because of the spam that's
> getting through. Some time back I changed EXTRA_MPART_TYPE to 4.0. Since
> upgrading to v3.2.3 spam is getting tagged at the default 2.0 for that rule.
> Nothing has c
Aag_uk wrote on Sat, 18 Aug 2007 03:33:49 -0700 (PDT):
> it´s quite unlikely that somebody tags any of
> my users
as I said it may work for you, it will not work for the majority of SA
users. The whole effort and the FPs would not be worth it. If you don't
believe that, start coding.
Kai
-
Nix wrote on Sat, 18 Aug 2007 15:14:53 +0100:
> > Worms and spam have made it impossible for users to use their own
> > personal mail servers.
>
> Really? Fascinating, I'm doing the impossible. I had no idea.
You should not read that literally. You can, of course do that. But many
providers wil
I have what I call a yellow list which is a list of IP addresses of
hosts like yahoo, google, hotmail, aol, etc that send a mix of spam and
nonspam. The idea being that if you are yellow listed then don't check
any other list because if it was listed it would be a false positive.
So - the ques
Eric A. Hall wrote:
On 8/16/2007 12:39 PM, Marc Perkel wrote:
OK - it's interesting that of all of you who responded this is the only
person who is doing it right. I have to say that I'm somewhat surprised
that so few people are preprocessing their email to reduce the SA load.
As we all k
spamd: bad protocol: header error: (closed before headers) at
/usr/bin/spamd line 1985.
What would cause this? Thanks in advance.
At 08:11 AM 8/18/2007, Robert Fitzpatrick wrote:
Botnet is designed to
combat you.
Along with several black lists. Two of the lists we use do there
best to block dynamic servers.
Note, we are on a dynamic address, but send through our ISPs server
with AUTH. If we had any trouble with thei
Daryl C. W. O'Shea wrote:
>
> Please provide the complete output of spamassassin --lint -D
>
Happy to:
<<< Log from 72.9.251.53 started August 17, 2007, 23:22:08 >>>
spamassassin --lint -D
[24276] dbg: logger: adding facilities: all
[24276] dbg: logger: logging level is D
Kai Schaetzl wrote:
>
> MaraBlue wrote on Sat, 18 Aug 2007 00:02:16 -0700 (PDT):
>
>> there several versions back.
>>
>> I've run --lint -D, and SA is reading local.cf (I can post the log if
>> needed). The only other thing I changed a few days before this started
>> was
>> switching from usi
On 18 Aug 2007, Robert Fitzpatrick spake thusly:
> On Sat, 2007-08-18 at 15:14 +0100, Nix wrote:
>> On 17 Aug 2007, Robert Fitzpatrick verbalised:
>> > Worms and spam have made it impossible for users to use their own
>> > personal mail servers.
>>
>> Really? Fascinating, I'm doing the impossible
Chickenpox is one of the custom rulesets referenced on the SA WIKI:
http://wiki.apache.org/spamassassin/CustomRulesets
BTW, does anyone know if the chickenpox ruleset still has problems with
"accented" text?
I haven't been using chickenpox.cf due to our large mail inflow for our
EU He
On Sat, 2007-08-18 at 15:14 +0100, Nix wrote:
> On 17 Aug 2007, Robert Fitzpatrick verbalised:
> > Worms and spam have made it impossible for users to use their own
> > personal mail servers.
>
> Really? Fascinating, I'm doing the impossible. I had no idea.
Correction, normal novice users that do
At 23:58 17-08-2007, aag_uk wrote:
>a) is probably going to be quite resource-intensive;
I don´t really know, according to
Compared to all the checks performed on a message, it isn't.
My idea was that you could have a list that links each recipient to possible
names that could be used (basi
On Saturday 18 August 2007 16:14, Nix wrote:
> On 17 Aug 2007, Robert Fitzpatrick verbalised:
> > ISP's are blocking port 25 from anything but their own stuff, especially
> > dial-up.
>
> Mine blocks until you prove you're competent (or post a bond: I did the
> former) and gets really pissed if you
On 17 Aug 2007, Jerry Durand told this:
> Why do they need a "personal mail server"?
Well, I use my own MTA because I've had repeated problems with ISP MTAs
losing my mail, corrupting it, going down at inconvenient moments (like
Friday evening to come back up only on Monday). It's a single point o
On 17 Aug 2007, Robert Fitzpatrick verbalised:
> Worms and spam have made it impossible for users to use their own
> personal mail servers.
Really? Fascinating, I'm doing the impossible. I had no idea.
> More and more
> ISP's are blocking p
>What gets put in the comment is up to the sender.
>They can put *everything* there and it's legit. You do not control it at
all
>
I know it depends on the sender and everything is legit, but it is also
legit if I send an email to somebody talking about the stock market or
certain medicine and i
Ciuly wrote on Sat, 18 Aug 2007 00:59:09 -0700 (PDT):
> I had some problems with my email server and seems my email was rejected so
> here I go posting again, hopefully the problem is now solved and people will
> receive this message.
This message didn't originate on your mail server.
Kai
--
K
Michael Scheidell wrote on Fri, 17 Aug 2007 17:04:38 -0400:
> If you installed newer ::SPF and ::DKIM, you don't need ::SPF::Query or
> Mail::DomainKeys
My point was rather that if the both are installed then the output of
"perl makefile.PL" should probably avoid to list the other two as
"optio
Aag_uk wrote on Fri, 17 Aug 2007 23:58:05 -0700 (PDT):
> >b) requires LDAP, NIS, etc., so that SpamAssassin can have a clue
> >about your accounts;
> >c) requires competent fuzzy matching so that, when a user sends mail
> >to "Chris St. Pierre <[EMAIL PROTECTED]>", it doesn't flag it
> >as spam be
MaraBlue wrote on Sat, 18 Aug 2007 00:02:16 -0700 (PDT):
> there several versions back.
>
> I've run --lint -D, and SA is reading local.cf (I can post the log if
> needed). The only other thing I changed a few days before this started was
> switching from using openprotect.com's SARE channels to
Quoting Jason Haar <[EMAIL PROTECTED]>:
> I've spotted the fault - they've blacklisted the *ENTIRE* ".org"
> domain!!! (I just tested some made-up .org domains - they are all on it)
>
> I'll see if I can find an email address to notify them
Arghhh, that would do it. I'm writing to Rick Wesson ab
On 8/18/2007 2:58 AM, ram wrote:
Can rules like whitelist_from_spf and def_whitelist_from_spf be
shortcircuited
How do I set priorities for such rules
http://wiki.apache.org/spamassassin/ShortcircuitingRuleset
Please provide the complete output of spamassassin --lint -D
On 8/18/2007 3:02 AM, MaraBlue wrote:
I've used custom rules in /etc/mail/spamassassin/local.cf since v3.1.7 with
never a problem. Since upgrading to v3.2.3, it's as if SpamAssassin isn't
seeing/registering the same rules that have a
Jeff Chan wrote:
> Quoting Jason Haar <[EMAIL PROTECTED]>:
>
>> Can someone explain what that means? I guess it means "seen by DOB
>> within the last five days" more than a domain that was registered within
>> the last five days?
>>
>
> It means the domain was registered within the past 5 d
I had some problems with my email server and seems my email was rejected so
here I go posting again, hopefully the problem is now solved and people will
receive this message.
--
View this message in context:
http://www.nabble.com/Spamassassin-with-xmail-and-custom-filter-tf4280372.html#a12211423
Quoting Jason Haar <[EMAIL PROTECTED]>:
> ..that seems new. I see it's an RBL that "contains domains registered
> within the last five days".
>
> Can someone explain what that means? I guess it means "seen by DOB
> within the last five days" more than a domain that was registered within
> the last
I've used custom rules in /etc/mail/spamassassin/local.cf since v3.1.7 with
never a problem. Since upgrading to v3.2.3, it's as if SpamAssassin isn't
seeing/registering the same rules that have always worked.
I'm running SpamAssassin on CentOS 4.5, with cPanel and through a
MailScanner package, s
46 matches
Mail list logo
