Chris wrote:
> It appears as though I don't understand how this is supposed to work. I
> have a file in /etc/mail/spamassassin called my-whitelist.cf. In it I
> have entries such as:
>
>
>
> whitelist_from_rcvd harley-requ...@the-hed.net the-hed.net
>
>
> however, a message from the 2nd add
Johnson, S wrote:
> I’ve done really good with blocking spam up until this one…
>
> It looks like a “legitimate” e-mailer from both the system perspective
> and the system perspective.
>
> When I look at my logs, the servers are reporting their domains
> correctly so their mailserver looks ok whe
It appears as though I don't understand how this is supposed to work. I
have a file in /etc/mail/spamassassin called my-whitelist.cf. In it I
have entries such as:
whitelist_from_rcvd serv...@freenet.de freenet.de
whitelist_from_rcvd harley-requ...@the-hed.net the-hed.net
In my local.cf I have:
On Thu, 13 Aug 2009 11:38:19 -0500
Chris Owen wrote:
>
> I'm sure I'm not the first to see them but I hadn't seen a post
> here. The pharma image spams are back after a long break:
>
> http://pastebin.com/mb1876f6
>
> Like the others they are fairly easily blocked but just thought I'd
> pass
Johnson, S wrote:
The question is… Since everything is configured on their servers ok and
the messages don’t contain words I can really create a rule on..
This is one of the few cases where I might well create a local rule for
something short:
body BAD_SURVEYS/\bGiftCardSurveys\b/
I
Johnson, S wrote:
It looks like a “legitimate” e-mailer from both the system perspective
and the system perspective.
Er..? Think you meant something other than "system perspective"
somewhere there.
When I look at my logs, the servers are reporting their domains
correctly so their mailser
Benny Pedersen wrote:
On Thu, 13 Aug 2009 21:36:28 +0200, Mark Martinec
wrote:
Does perl complain?
$ perl effectiveTLDs.pm
no errors
so
'bar' => {},
foo' => {},
'bar' => {},
is valid for perl ?
example in line around 2106
but perl accept it, imho this does not mean that ther
On Thu, 13 Aug 2009 21:36:28 +0200, Mark Martinec
wrote:
> Does perl complain?
> $ perl effectiveTLDs.pm
no errors
so
'bar' => {},
foo' => {},
'bar' => {},
is valid for perl ?
example in line around 2106
but perl accept it, imho this does not mean that there is no errors
--
Benny Peder
I've done really good with blocking spam up until this one...
It looks like a "legitimate" e-mailer from both the system perspective
and the system perspective.
When I look at my logs, the servers are reporting their domains
correctly so their mailserver looks ok when attacking to my server
Benny,
> > http://www.ijs.si/software/amavisd/effectiveTLDs.pm
>
> this file seams buggy, not all lines begins with a ' and others dont end
> with } but }}
>
> hope its just me that cant read perl :)
???
Does perl complain?
$ perl effectiveTLDs.pm
Mark
On Thu, 13 Aug 2009 20:06:01 +0200, Mark Martinec
wrote:
> I've place it on the web page:
> http://www.ijs.si/software/amavisd/DKIMrep.pm
> http://www.ijs.si/software/amavisd/effectiveTLDs.pm
this file seams buggy, not all lines begins with a ' and others dont end
with } but }}
hope its jus
Charles Gregory wrote:
On Thu, 13 Aug 2009, Benny Pedersen wrote:
you belive that email sent from webmail is harder to spam scan then
submitted email from remote ?
No, my statement was that I believe spammers, like the rest of us,
follow the 20/80 rule, and hack the 80 percent of vulnerabilit
> Tobias, Giampaolo, Bill, and others
>
> > I'm interested too, thanks in advance
>
> I've place it on the web page:
> http://www.ijs.si/software/amavisd/DKIMrep.pm
> http://www.ijs.si/software/amavisd/effectiveTLDs.pm
Aaaah! Surfing time!
>
> ...omissis... (albeit interesting)
>
>
> I
Tobias, Giampaolo, Bill, and others
> I'm interested too, thanks in advance
I've place it on the web page:
http://www.ijs.si/software/amavisd/DKIMrep.pm
http://www.ijs.si/software/amavisd/effectiveTLDs.pm
(the effectiveTLDs.pm is exactly the same as in the
Florian's package, the DKIMrep.pm i
LuKreme wrote:
On 12-Aug-2009, at 21:09, Ted Mittelstaedt wrote:
Furthermore, since you may want to munge more than 2 pieces
of dissimilar data in a spam, your going to rapidly runout
of "example.*". Further, example.com is only good for alpha
data munging and is useless for numeric data mungin
LuKreme,
> I'm considering 3.3, and am currently trying to overcome my aversion
> to things labeled 'alpha'.
Understood. It is mainly labeled as alpha because some new things are
not finished (like the new bayesbdb backend to Bayes), and it would
be nice to close some stale problem reports (almos
Have noticed these errors in the log today:
warn: spf: lookup failed: Can't locate object method "new_from_string"
via package "Mail::SPF::Mech::IP4" at /usr/local/lib/perl5/site_perl/
5.10.0/Mail/SPF/Record.pm line 225.
Googled for: Can't locate object method "new_from_string" via package
On 13-Aug-2009, at 06:43, Mark Martinec wrote:
On Thursday 13 August 2009 14:13:33 LuKreme wrote:
I am starting spamd (/usr/local/etc/rc.d/sa-spamd start or spamd -d -
r /var/run/spamd.pid -c -s /var/log/spamd) and then a few seconds
later it is dying without an error.
[Never mind, spamassassin
On 13-Aug-2009, at 06:15, Matus UHLAR - fantomas wrote:
7 days is imho not enough. IF users forget to look at it, I'd give
them at
leaast a month...
7 days seems to work pretty well. If users are desperate and willing
to contact an admin, the entire mailspool is duplicated and stored for
On Thu, 13 Aug 2009 18:13:31 +0200
Mark Martinec wrote:
> > > Don't know how/if the project has progressed meanwhile.
> > > If anyone is interested, I can send him the DKIMrep.pm.
> >
> > i like to try it
>
> Sent off-list.
>
> Mark
I'm interested too, thanks in advance
--
Tobias Lott
I'm sure I'm not the first to see them but I hadn't seen a post here.
The pharma image spams are back after a long break:
http://pastebin.com/mb1876f6
Like the others they are fairly easily blocked but just thought I'd
pass on what I'd seen.
Chris
--
Good Day
Im having problems with Spamassassin Bayes using Postgresql as Backend.
SA perfectly learns Ham&Spam as you can see:
bayesstore=# select count(*) from bayes_seen;
count
---
2669
Debugging output seems fine too:
spamassassin -D < ~/some_allready_learned.eml Returns:
[91874] dbg:
> -Original Message-
> From: Mark Martinec [mailto:mark.martinec...@ijs.si]
> Sent: Thursday, August 13, 2009 6:04 PM
> To: users@spamassassin.apache.org
> Subject: Re: DKIM-Reputation list
>
> Giampaolo,
>
> >
> > ...omissis...
> >
>
> Back in April (2009) I send to Florian Sager my ver
> > Don't know how/if the project has progressed meanwhile.
> > If anyone is interested, I can send him the DKIMrep.pm.
>
> i like to try it
Sent off-list.
Mark
On Thu, 13 Aug 2009 18:04:04 +0200, Mark Martinec
wrote:
> Don't know how/if the project has progressed meanwhile.
> If anyone is interested, I can send him the DKIMrep.pm.
i like to try it
--
Benny Pedersen
Giampaolo,
> I was looking at some kind of open-source DKIM-signing piece of code, and
> fall into this site:
> http://www.dkim-reputation.org/
>
> It has nothing to do with what I'm looking for, nevertheless it seemed
> interesting to me and I wanted to give it a try.
>
> Unfortunately, the
Hi,
I was looking at some kind of open-source DKIM-signing piece of code, and
fall into this site:
http://www.dkim-reputation.org/
It has nothing to do with what I'm looking for, nevertheless it seemed
interesting to me and I wanted to give it a try.
Unfortunately, the software they pro
Mark Martinec wrote:
> Per Jessen,
>> Per Jessen wrote:
>> > I was just wondering -
>> >
>> > RCVD_NUMERIC_HELO will match "helo=2xx4.2.2xx.62.fix.example.com" -
>> > but is that intentional? It's not exactly a numeric helo?
>>
>> That should have read "helo=2xx.2.2xx.62.fix.example.com".
>
> Bu
Per Jessen,
> Per Jessen wrote:
> > I was just wondering -
> >
> > RCVD_NUMERIC_HELO will match "helo=2xx4.2.2xx.62.fix.example.com" -
> > but is that intentional? It's not exactly a numeric helo?
>
> That should have read "helo=2xx.2.2xx.62.fix.example.com".
Bug 5878
https://issues.apache.org/Sp
Per Jessen wrote:
> I was just wondering -
>
> RCVD_NUMERIC_HELO will match "helo=2xx4.2.2xx.62.fix.example.com" -
> but is that intentional? It's not exactly a numeric helo?
That should have read "helo=2xx.2.2xx.62.fix.example.com".
/Per Jessen, Zürich
I was just wondering -
RCVD_NUMERIC_HELO will match "helo=2xx4.2.2xx.62.fix.example.com" - but
is that intentional? It's not exactly a numeric helo?
/Per Jessen, Zürich
On Aug 13, 2009, at 12:40 AM, rich...@buzzhost.co.uk wrote:
I noticed this morning that Hampshire County Council use it, and I
expect it is part of a 'solution' that many County Councils and
Government Bodies use in the UK:
X-Mailer: MIME::Lite 3.021 (F2.74; T1.21; A1.77; B3.07; Q3.07)
Date: Th
On Thu, 13 Aug 2009 12:01:09 +0200, Per Jessen wrote:
> http://jessen.ch/files/sa-lint-debug.txt
old Mail::DKIM (0.32) (0.36 latest)
and warn on netset
Mail::Domainkeys is not needed, check that you dont load it in pre files
--
Benny Pedersen
On Thu, 13 Aug 2009, Benny Pedersen wrote:
you belive that email sent from webmail is harder to spam scan then
submitted email from remote ?
No, my statement was that I believe spammers, like the rest of us, follow
the 20/80 rule, and hack the 80 percent of vulnerabilities that require
only 2
On Wed, 12 Aug 2009, LuKreme wrote:
Is it a custom webmail interface you wrote yourself?
The front end is custom, wrapping a standard client.
Any spammer who personally visited my site would be able to hack
it in seconds (with a stolen password, of course). But any existing
"canned" scripts wou
Per Jessen wrote:
> http://jessen.ch/files/belo-news-dkim-testmsg.output3
> Notice:
>
> # grep cond_clause.*DKIM /tmp/belo-news-dkim-testmsg.output3
> dbg: cond_clause_plugin_loaded: Mail::SpamAssassin::Plugin::DKIM=1
> dbg: cond_clause_plugin_loaded: Mail::SpamAssassin::Plugin::DKIM=1
> dbg: con
On Thursday 13 August 2009 14:13:33 LuKreme wrote:
> I am starting spamd (/usr/local/etc/rc.d/sa-spamd start or spamd -d -
> r /var/run/spamd.pid -c -s /var/log/spamd) and then a few seconds
> later it is dying without an error.
>
> [Never mind, spamassassin --lint was dying with a core dump. I rem
> On 12-Aug-2009, at 23:30, rich...@buzzhost.co.uk wrote:
>> On Wed, 2009-08-12 at 20:36 -0600, LuKreme wrote:
>>> I find my users almost never look at the SPAM
>>> mailbox
>> There is an easy fix for that - take that facility away :-)
On 13.08.09 05:18, LuKreme wrote:
> I am tempted. the various
I am starting spamd (/usr/local/etc/rc.d/sa-spamd start or spamd -d -
r /var/run/spamd.pid -c -s /var/log/spamd) and then a few seconds
later it is dying without an error.
[Never mind, spamassassin --lint was dying with a core dump. I removed
the spear-fishing rules and all is back right wit
I am starting spamd (/usr/local/etc/rc.d/sa-spamd start or spamd -d -
r /var/run/spamd.pid -c -s /var/log/spamd) and then a few seconds
later it is dying without an error.
all I get in /var/log/spamd is:
--
A ship should not ride on a single anchor,
nor life on a single hope
Per Jessen wrote:
> Per Jessen wrote:
>
>> One very suspicious line is:
>>
>> "dkim: no wl entries match author pen...@belo-news.com, no need to
>> verify sigs"
>>
>> Despite my config:
>>
>> ifplugin Mail::Spamassassin::Plugin::DKIM
>> whitelist_from_dkim *...@belo-news.com
>> endif
>
> I've
Per Jessen wrote:
> One very suspicious line is:
>
> "dkim: no wl entries match author pen...@belo-news.com, no need to
> verify sigs"
>
> Despite my config:
>
> ifplugin Mail::Spamassassin::Plugin::DKIM
> whitelist_from_dkim *...@belo-news.com
> endif
I've done a few more tests - AFAICT, the
On 12-Aug-2009, at 23:40, rich...@buzzhost.co.uk wrote:
The other day I recall someone mentioning they routinely block
anything
where the mailer is MIME::Lite. I don't do this myself as any self
respecting spammer with more than a quarter of a brain cell is not
going
to make a slip like that
On 12-Aug-2009, at 21:09, Ted Mittelstaedt wrote:
Furthermore, since you may want to munge more than 2 pieces
of dissimilar data in a spam, your going to rapidly runout
of "example.*". Further, example.com is only good for alpha
data munging and is useless for numeric data munging, ie:
IP addres
Mark Martinec wrote:
> Per,
>
>> The lint test-message presumably wouldn't cause DKIM_VERIFIED to hit
>> anyway, but DNS is most definitely enabled.
>
> Please send the debug output on a real signed message run, e.g.:
> spamassassin -D -t test.log 2>&1
>
Just ran a test like that -
http://
On 12-Aug-2009, at 23:30, rich...@buzzhost.co.uk wrote:
On Wed, 2009-08-12 at 20:36 -0600, LuKreme wrote:
I find my users almost never look at the SPAM
mailbox
There is an easy fix for that - take that facility away :-)
I am tempted. the various SPAM folders are more than half the mail
stor
Per,
> The lint test-message presumably wouldn't cause DKIM_VERIFIED to hit
> anyway, but DNS is most definitely enabled.
Please send the debug output on a real signed message run, e.g.:
spamassassin -D -t test.log 2>&1
Mark
Mark Martinec wrote:
> Per,
>
>> >> I see DKIM_VERIFIED hit in mails from example.com, but the
>> >> whitelisting doesn't happen for some reason. What am I doing
>> >> wrong?
>> >
>> > this should not happend, check spamassassin --lint
>>
>> Yep, I always do before loading a new ruleset, shows
Per,
> >> I see DKIM_VERIFIED hit in mails from example.com, but the
> >> whitelisting
> >> doesn't happen for some reason. What am I doing wrong?
> >
> > this should not happend, check spamassassin --lint
>
> Yep, I always do before loading a new ruleset, shows no problems.
>
> > output from spa
Benny Pedersen wrote:
>> I see DKIM_VERIFIED hit in mails from example.com, but the
>> whitelisting
>> doesn't happen for some reason. What am I doing wrong?
>
> this should not happend, check spamassassin --lint
Yep, I always do before loading a new ruleset, shows no problems.
> output from s
LuKreme wrote:
Got quite a few emails today from users complaining about the huge
onslaught of SPAM into their mailboxes. One user in particular is used
to getting 2-5 email messages a day and logged in this morning to over
250 in the last 12 hours.
So, I investigated.
Ooops, I restarted sp
On Thu, 13 Aug 2009 10:41:51 +0200, Per Jessen wrote:
> My ruleset contains lines like this:
>
> ifplugin Mail::Spamassassin::Plugin::DKIM
> whitelist_from_dkim *...@example.com
> endif
i would use def_whitelist_from_dkim with wildcard user, just me, but imho
better
in other words:
whitelist_f
My ruleset contains lines like this:
ifplugin Mail::Spamassassin::Plugin::DKIM
whitelist_from_dkim *...@example.com
endif
I see DKIM_VERIFIED hit in mails from example.com, but the whitelisting
doesn't happen for some reason. What am I doing wrong?
/Per Jessen, Zürich
> On Wed, 2009-08-12 at 20:36 -0600, LuKreme wrote:
> > I find my users almost never look at the SPAM
> > mailbox
On 13.08.09 06:30, rich...@buzzhost.co.uk wrote:
> There is an easy fix for that - take that facility away :-)
do you mean, take away spam filtering or the possibility to look at fa
On Thu, 13 Aug 2009 09:09:59 +0200, Matus UHLAR - fantomas
wrote:
>> How ever I dont know if my db has reach the minimun 200 tokens to let
>> bayes testing work. Is there a SQL query to know this number?
> sa-learn --dumpdb should do that if you have correct parameters for the
> DB...
magic
--
On 12.08.09 11:32, Luis Daniel Lucio Quiroz wrote:
> Talking about bayes trying,
> I did setup bayes/SQL and i see all tokens in my db.
>
> How ever I dont know if my db has reach the minimun 200 tokens to let bayes
> testing work. Is there a SQL query to know this number?
sa-learn --dumpdb sho
56 matches
Mail list logo