New spam type - sender domain quickly deleted
Dear list, yesterday I've got some new kind of spam: X-Envelope-From: [EMAIL PROTECTED] Received: from abruxateatro.com (unknown [210.245.161.31]) by power2u.goelsen.net (Postfix) with SMTP id for _; Sun, 11 Jun 2006 18:25:57 +0200 (CEST) X-Envelope-From: [EMAIL PROTECTED] Received: from acidstufftv.com (unknown [210.245.161.31]) by power2u.goelsen.net (Postfix) with SMTP id for _; Sun, 11 Jun 2006 18:25:58 +0200 (CEST) These domains don't exist now, but obviously did yesterday. Did anybody else see such SPAM? How can I check if a domain ever existed? Is anybody working on a check for new domains, so that you could say if a domain is newer than 2 days, temporary reject? mfg zmi -- // Michael Monnerie, Ing.BSc- http://it-management.at // Tel: 0660/4156531 .network.your.ideas. // PGP Key: lynx -source http://zmi.at/zmi3.asc | gpg --import // Fingerprint: 44A3 C1EC B71E C71A B4C2 9AA6 C818 847C 55CB A4EE // Keyserver: www.keyserver.net Key-ID: 0x55CBA4EE pgpdtZM10u4zO.pgp Description: PGP signature
Re: New spam type - sender domain quickly deleted
On 12 Jun 2006, at 07:53, Michael Monnerie wrote: yesterday I've got some new kind of spam: X-Envelope-From: [EMAIL PROTECTED] Received: from abruxateatro.com (unknown [210.245.161.31]) by power2u.goelsen.net (Postfix) with SMTP id for _; Sun, 11 Jun 2006 18:25:57 +0200 (CEST) X-Envelope-From: [EMAIL PROTECTED] Received: from acidstufftv.com (unknown [210.245.161.31]) by power2u.goelsen.net (Postfix) with SMTP id for _; Sun, 11 Jun 2006 18:25:58 +0200 (CEST) These domains don't exist now, but obviously did yesterday. Did anybody else see such SPAM? How can I check if a domain ever existed? Is anybody working on a check for new domains, so that you could say if a domain is newer than 2 days, temporary reject? abruxateatro.com still exists in DNS. although it looks like just a domain parked site: ;; QUESTION SECTION: ;www.abruxateatro.com. IN A ;; ANSWER SECTION: www.abruxateatro.com. 300 IN A 69.25.212.153 ;; AUTHORITY SECTION: abruxateatro.com. 172671 IN NS ns.1.name.net. abruxateatro.com. 172671 IN NS ns.2.name.net. You might want to take a look at red.uribl.com, althought it's not actively maintained ..yet: # red.uribl.com - Experimental list for new domain registrations and mass moves between registries that we define as spam supporters or facilitators. This zone is not actively maintained currently, but we have big plans for it ;) Oh ya, use at your own risk. -j PGP.sig Description: This is a digitally signed message part
Re: Another example...
On Donnerstag, 8. Juni 2006 17:33 Gary V wrote: What's surprising is that you are surprised that someone can make mail appear to come from you. There is nothing stopping them. That's not true: SPF. Of course, only if the recipient checks for SPF records, but lots of sites check it now (anyway still too few). mfg zmi -- // Michael Monnerie, Ing.BSc- http://it-management.at // Tel: 0660/4156531 .network.your.ideas. // PGP Key: lynx -source http://zmi.at/zmi3.asc | gpg --import // Fingerprint: 44A3 C1EC B71E C71A B4C2 9AA6 C818 847C 55CB A4EE // Keyserver: www.keyserver.net Key-ID: 0x55CBA4EE pgp7v2aIBKg2v.pgp Description: PGP signature
Re: RCVD_IN_WHOIS_BOGONS mis-firing since 3.13 upgrade
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Rolf wrote: I have just noticed the same thing. Increase in false positives due to that rule telling me the upstream mail server addresses (which I don't control) have been listed in combined-HIB.dnsiplists.completewhois.com. Which is not right for any reason - they ought not be there. Looking around at www.completewhois.com I cannot find those addresses at all. I've had to change the score of the rule to zero as its hitting every piece of mail as they all pass through those upstream servers. Any suggestions would be appreciated. thanks [snip] I've filed a bug report on this issue, if you'd care to contribute any details or useful information. http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4951 Alan -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEjSv4E2gsBSKjZHQRAlB3AKCV48WtvKs4N4MbVHTzykjzKgTiOQCfbFQP VPCbjK+UCT2GA7hpRg5Dj1s= =SbWk -END PGP SIGNATURE-
RE: The Future of Email is SQL
Well yes Exchange does have it's problems (its much better than it used to be), but ya gotta remember the underlying DB is Access. I think there are moves afoot for the next version of MS-Ex to be able to run with SQl-Server as the backend datastore (2003 may already have this ability) which is v. usefull for large (1000+) user bases. Kinda proves the point really, you need a proper DB for this sort of thing not some tin pot 'user' thing. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 -Original Message- From: Rob McEwen [mailto:[EMAIL PROTECTED] Sent: 09 June 2006 23:16 To: users@spamassassin.apache.org Subject: RE: The Future of Email is SQL MS Exchange... one big Database Exactly... And that is one reason why I wouldn't touch this SQL idea with a 10 foot pole.. the fact that Exchange works this way only proves my point... I hear all the time about Exchange servers crashing and the administrator having to rebuild the database while the mail server is down for the next 10 hours. The bottom line is that using a SQL DB backend as mail storage is putting all your eggs in one basket. I have a much simpler solution to accomplish the problem that this was idea was originally attempting to solve... simply place the spams that are caught in a folder on the mail server that is accessible via webmail. Then create a separate program to periodically enumerate through the spam folder in all the accounts on the server to delete spams over X days old. If needed, you could still have a database with the basic info about the spams (date received, subject line, recipients, from, message file name, etc) to use for e-mailing digests to the user... and this DB's stability wouldn't then have to be tied to the overall reliability/stability of mail services. Also keep in mind that SQL doesn't always mean better performance... I've seen many web sites that deliver content dynamically from a SQL database backend where there were noticeably large delays between page loads, for example. Rob McEwen PowerView Systems [EMAIL PROTECTED] ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. **
blackholes.intersil.net
The intersil.net domain name has expired (probably inadvertently) and is pending renewal or deletion. Thanks to the Network Solutions redirecting it by cname to resalehost.networksolutions.com it will return positive to every address. Yet another fine contribution to net stability by the good folks at Network Solutions. So, if you are using blackholes.intersil.net as a dnsbl you may want to remove it for a day or two until they can get it renewed. Bill Larson Network Administrator Compu-Net Enterprises
RE: Low scoring since 3.1.1 upgrade
Hi all, Details can be found below.. One thing I have noticed is that spamc appears to be version 3.1.3 and spamassassin appears to be version 3.1.1?? Leaving the mail client out of it seems that even from the cli SA scores spam very low, see example spamassassin -D of obvious spam at bottom of this message: Contents of ~/.spamassassin/user_prefs bash-2.05a$ grep -v ^# user_prefs required_score 5 rewrite_header subject SPAM _HITS_ : Contents of /etc/mail/spamassassin/* bash-2.05a$ grep -v ^# * init.pre: init.pre: init.pre:loadplugin Mail::SpamAssassin::Plugin::URIDNSBL init.pre: init.pre:loadplugin Mail::SpamAssassin::Plugin::Hashcash init.pre: init.pre:loadplugin Mail::SpamAssassin::Plugin::SPF init.pre: v310.pre: v310.pre: v310.pre:loadplugin Mail::SpamAssassin::Plugin::Pyzor v310.pre: v310.pre: v310.pre:loadplugin Mail::SpamAssassin::Plugin::SpamCop v310.pre: v310.pre: v310.pre:loadplugin Mail::SpamAssassin::Plugin::AWL v310.pre: v310.pre:loadplugin Mail::SpamAssassin::Plugin::AutoLearnThreshold v310.pre: v310.pre: v310.pre: v310.pre:loadplugin Mail::SpamAssassin::Plugin::WhiteListSubject v310.pre: v310.pre: v310.pre: v310.pre:loadplugin Mail::SpamAssassin::Plugin::MIMEHeader v310.pre: v310.pre:loadplugin Mail::SpamAssassin::Plugin::ReplaceTags v310.pre: v312.pre: v312.pre: v312.pre: bash-2.05a$ spamassassin -V SpamAssassin version 3.1.3 running on Perl version 5.6.1 bash-2.05a$ spamassassin --lint bash-2.05a$ bash-2.05a$ bash-2.05a$ bash-2.05a$ spamassassin -D spam [16796] dbg: logger: adding facilities: all [16796] dbg: logger: logging level is DBG [16796] dbg: generic: SpamAssassin version 3.1.3 [16796] dbg: config: score set 0 chosen. [16796] dbg: util: running in taint mode? yes [16796] dbg: util: taint mode: deleting unsafe environment variables, resetting PATH [16796] dbg: util: PATH included '/usr/local/bin', keeping [16796] dbg: util: PATH included '/bin', keeping [16796] dbg: util: PATH included '/usr/bin', keeping [16796] dbg: util: PATH included '/usr/X11R6/bin', keeping [16796] dbg: util: final PATH set to: /usr/local/bin:/bin:/usr/bin:/usr/X11R6/bin [16796] dbg: message: MIME PARSER START [16796] dbg: message: main message type: text/plain [16796] dbg: message: parsing normal part [16796] dbg: message: added part, type: text/plain [16796] dbg: message: MIME PARSER END [16796] dbg: dns: is Net::DNS::Resolver available? yes [16796] dbg: dns: Net::DNS version: 0.57 [16796] dbg: config: using /etc/mail/spamassassin for site rules pre files [16796] dbg: config: read file /etc/mail/spamassassin/init.pre [16796] dbg: config: read file /etc/mail/spamassassin/v310.pre [16796] dbg: config: read file /etc/mail/spamassassin/v312.pre [16796] dbg: config: using /usr/share/spamassassin for sys rules pre files [16796] dbg: config: using /usr/share/spamassassin for default rules dir [16796] dbg: config: read file /usr/share/spamassassin/10_misc.cf [16796] dbg: config: read file /usr/share/spamassassin/20_advance_fee.cf [16796] dbg: config: read file /usr/share/spamassassin/20_anti_ratware.cf [16796] dbg: config: read file /usr/share/spamassassin/20_body_tests.cf [16796] dbg: config: read file /usr/share/spamassassin/20_compensate.cf [16796] dbg: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf [16796] dbg: config: read file /usr/share/spamassassin/20_drugs.cf [16796] dbg: config: read file /usr/share/spamassassin/20_fake_helo_tests.cf [16796] dbg: config: read file /usr/share/spamassassin/20_head_tests.cf [16796] dbg: config: read file /usr/share/spamassassin/20_html_tests.cf [16796] dbg: config: read file /usr/share/spamassassin/20_meta_tests.cf [16796] dbg: config: read file /usr/share/spamassassin/20_net_tests.cf [16796] dbg: config: read file /usr/share/spamassassin/20_phrases.cf [16796] dbg: config: read file /usr/share/spamassassin/20_porn.cf [16796] dbg: config: read file /usr/share/spamassassin/20_ratware.cf [16796] dbg: config: read file /usr/share/spamassassin/20_uri_tests.cf [16796] dbg: config: read file /usr/share/spamassassin/23_bayes.cf [16796] dbg: config: read file /usr/share/spamassassin/25_accessdb.cf [16796] dbg: config: read file /usr/share/spamassassin/25_antivirus.cf [16796] dbg: config: read file /usr/share/spamassassin/25_body_tests_es.cf [16796] dbg: config: read file /usr/share/spamassassin/25_body_tests_pl.cf [16796] dbg: config: read file /usr/share/spamassassin/25_dcc.cf [16796] dbg: config: read file /usr/share/spamassassin/25_dkim.cf [16796] dbg: config: read file /usr/share/spamassassin/25_domainkeys.cf [16796] dbg: config: read file /usr/share/spamassassin/25_hashcash.cf [16796] dbg: config: read file /usr/share/spamassassin/25_pyzor.cf [16796] dbg: config: read file /usr/share/spamassassin/25_razor2.cf [16796] dbg: config: read file /usr/share/spamassassin/25_replace.cf [16796] dbg: config: read file /usr/share/spamassassin/25_spf.cf [16796] dbg: config: read file /usr/share/spamassassin/25_textcat.cf [16796] dbg:
TextCat and ok_languages
With --lint, I am getting the following error: [2900] warn: config: failed to parse, now a plugin, skipping: ok_languages en fr es I have looked up the docs here: http://spamassassin.apache.org/full/3.1.x/dist/doc/Mail_SpamAssassin_Plugin_ TextCat.html and it seems to say that a setting of: ok_languages en fr es is acceptable. I have it in my local.cf Why am I getting this error message? Thanks Ben
Re: TextCat and ok_languages
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ben Wylie wrote: With --lint, I am getting the following error: [2900] warn: config: failed to parse, now a plugin, skipping: ok_languages en fr es I have looked up the docs here: http://spamassassin.apache.org/full/3.1.x/dist/doc/Mail_SpamAssassin_Plugin_ TextCat.html and it seems to say that a setting of: ok_languages en fr es is acceptable. I have it in my local.cf Why am I getting this error message? Thanks Ben Ben, make sure that you have the textcat plugin loaded in either your init.pre or v3xx.pre files. you don't want to load the plugin in your local.cf file as it'll load after any of the rules that call it do and will therefor not be useable. of course, after making those changes be sure to restart spamd if you're using it. HTH Alan -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEjTenE2gsBSKjZHQRAjh8AKCTz5Cwq1ikn0ore5b9k7h0jmRvNwCcCLMi 8GIRiFLFsPjx+x1kHhCX1Qw= =sbLF -END PGP SIGNATURE-
Re: Low scoring since 3.1.1 upgrade
Try using the SARE stocks rule: http://www.rulesemporium.com/rules.htm#stocks Jeff C. -- Jeff Chan mailto:[EMAIL PROTECTED] http://www.surbl.org/
RE: TextCat and ok_languages
With --lint, I am getting the following error: [2900] warn: config: failed to parse, now a plugin, skipping: ok_languages en fr es Why am I getting this error message? make sure that you have the textcat plugin loaded in either your init.pre or v3xx.pre files. Thanks, it wasn't enabled in v310.pre and so it was giving me the error message for that line in local.cf. All ok now, Ben
sa-learn
just to check... I currently use sa-learn by getting a cross-section of my userbase to copy ALL their spam into a shared imap folder. This bypasses any extra headers being added if they were to forward etc. Some of the messages, (the majority) will have already been scanned by bayes and have a score assigned. Even though there are now SA headers in the mail does this affect the baysian learner, or is it smart enough to remove / ignore any SA tags it finds!? Thanks Ronan -- Ronan McGlue Analyst / Programmer CMC Systems Group Queens University Belfast
black list from IP
Hi, I use postfix-2.1.5-5 with spamassassin-3.0.4 and amavisd-new-2.3.2, I would want to block to all the mail coming from a specific IP address, can use: blacklist_from xxx.xxx.xxx.xxx thanks. -- Salvatore.
X-Spam-Headers at top of email
For some reason when I upgraded recently, Spamassassin is now placing the X-Spam headers at the top of the email rather than at the end of the headers section as it had been. Is there an option I can set, or does anyone know why it has suddenly changed where it puts the headers? Thanks Ben
RE: X-Spam-Headers at top of email
It's a bug in spamass-milter 0.3.0. Upgrade to 0.3.1 -Sietse From: Ben Wylie [mailto:[EMAIL PROTECTED] Sent: Mon 12-Jun-06 12:56 To: users@spamassassin.apache.org Subject: X-Spam-Headers at top of email For some reason when I upgraded recently, Spamassassin is now placing the X-Spam headers at the top of the email rather than at the end of the headers section as it had been. Is there an option I can set, or does anyone know why it has suddenly changed where it puts the headers? Thanks Ben
Re: X-Spam-Headers at top of email
Ben Wylie wrote: I am running SpamAssassin version 3.1.2 on windows 2003 server called via the command line, so I think it must be something in SpamAssassin that has changed. There was a change introduced in SA 3.1.0. This has been discussed on this list before, a quick search will find the discussions: http://article.gmane.org/gmane.mail.spam.spamassassin.general/72378/match=headers+location Thanks Ben -Original Message- From: Sietse van Zanen [mailto:[EMAIL PROTECTED] Sent: 12 June 2006 12:00 To: Ben Wylie; users@spamassassin.apache.org Subject: RE: X-Spam-Headers at top of email It's a bug in spamass-milter 0.3.0. Upgrade to 0.3.1 -Sietse From: Ben Wylie [mailto:[EMAIL PROTECTED] Sent: Mon 12-Jun-06 12:56 To: users@spamassassin.apache.org Subject: X-Spam-Headers at top of email For some reason when I upgraded recently, Spamassassin is now placing the X-Spam headers at the top of the email rather than at the end of the headers section as it had been. Is there an option I can set, or does anyone know why it has suddenly changed where it puts the headers? Thanks Ben -- Anthony Peacock CHIME, Royal Free University College Medical School WWW:http://www.chime.ucl.ac.uk/~rmhiajp/ If you have an apple and I have an apple and we exchange apples then you and I will still each have one apple. But if you have an idea and I have an idea and we exchange these ideas, then each of us will have two ideas. -- George Bernard Shaw
RE: X-Spam-Headers at top of email
Well, it has. But AFAIK it has not caused problems on other than spamass-milter. Search the mailing list, there's much more on this issue. But not sure about win2003 installations of it. -Sietse From: Ben Wylie [mailto:[EMAIL PROTECTED] Sent: Mon 12-Jun-06 13:40 To: Sietse van Zanen; users@spamassassin.apache.org Subject: RE: X-Spam-Headers at top of email I am running SpamAssassin version 3.1.2 on windows 2003 server called via the command line, so I think it must be something in SpamAssassin that has changed. Thanks Ben -Original Message- From: Sietse van Zanen [mailto:[EMAIL PROTECTED] Sent: 12 June 2006 12:00 To: Ben Wylie; users@spamassassin.apache.org Subject: RE: X-Spam-Headers at top of email It's a bug in spamass-milter 0.3.0. Upgrade to 0.3.1 -Sietse From: Ben Wylie [mailto:[EMAIL PROTECTED] Sent: Mon 12-Jun-06 12:56 To: users@spamassassin.apache.org Subject: X-Spam-Headers at top of email For some reason when I upgraded recently, Spamassassin is now placing the X-Spam headers at the top of the email rather than at the end of the headers section as it had been. Is there an option I can set, or does anyone know why it has suddenly changed where it puts the headers? Thanks Ben
Re: X-Spam-Headers at top of email
Hi Sietse, The original poster didn't actually explain why this was a problem for him. So I was explaining why the position of the headers had changed. Sietse van Zanen wrote: Well, it has. But AFAIK it has not caused problems on other than spamass-milter. Search the mailing list, there's much more on this issue. But not sure about win2003 installations of it. -Sietse From: Ben Wylie [mailto:[EMAIL PROTECTED] Sent: Mon 12-Jun-06 13:40 To: Sietse van Zanen; users@spamassassin.apache.org Subject: RE: X-Spam-Headers at top of email I am running SpamAssassin version 3.1.2 on windows 2003 server called via the command line, so I think it must be something in SpamAssassin that has changed. Thanks Ben -Original Message- From: Sietse van Zanen [mailto:[EMAIL PROTECTED] Sent: 12 June 2006 12:00 To: Ben Wylie; users@spamassassin.apache.org Subject: RE: X-Spam-Headers at top of email It's a bug in spamass-milter 0.3.0. Upgrade to 0.3.1 -Sietse From: Ben Wylie [mailto:[EMAIL PROTECTED] Sent: Mon 12-Jun-06 12:56 To: users@spamassassin.apache.org Subject: X-Spam-Headers at top of email For some reason when I upgraded recently, Spamassassin is now placing the X-Spam headers at the top of the email rather than at the end of the headers section as it had been. Is there an option I can set, or does anyone know why it has suddenly changed where it puts the headers? Thanks Ben -- Anthony Peacock CHIME, Royal Free University College Medical School WWW:http://www.chime.ucl.ac.uk/~rmhiajp/ If you have an apple and I have an apple and we exchange apples then you and I will still each have one apple. But if you have an idea and I have an idea and we exchange these ideas, then each of us will have two ideas. -- George Bernard Shaw
Re: sa-learn
Ronan McGlue wrote: just to check... I currently use sa-learn by getting a cross-section of my userbase to copy ALL their spam into a shared imap folder. This bypasses any extra headers being added if they were to forward etc. Some of the messages, (the majority) will have already been scanned by bayes and have a score assigned. Even though there are now SA headers in the mail does this affect the baysian learner, or is it smart enough to remove / ignore any SA tags it finds!? Thanks Ronan The Bayesian learner will ignore messages it has already learned before. Jo
RE: X-Spam-Headers at top of email
Well, I think he was talking about the headers popping up in the e-mail (the body), and thtat is definitely a problem. And looks very much like the problem casued by/with spamass-milter. But he indeed should have been more clear, not even specifying whcih platform, new + old versions, configurations etc. I wonder why people are nowedays even becoming too lazy to take a little time explaining their problems and still expect people to readily give them the correct answers. I also wonder, why I keep replying. :-) Though my rule of thumb is, short questions, get short answers -Sietse From: Anthony Peacock [mailto:[EMAIL PROTECTED] Sent: Mon 12-Jun-06 14:02 To: SpamAssassin Users Subject: Re: X-Spam-Headers at top of email Hi Sietse, The original poster didn't actually explain why this was a problem for him. So I was explaining why the position of the headers had changed. Sietse van Zanen wrote: Well, it has. But AFAIK it has not caused problems on other than spamass-milter. Search the mailing list, there's much more on this issue. But not sure about win2003 installations of it. -Sietse From: Ben Wylie [mailto:[EMAIL PROTECTED] Sent: Mon 12-Jun-06 13:40 To: Sietse van Zanen; users@spamassassin.apache.org Subject: RE: X-Spam-Headers at top of email I am running SpamAssassin version 3.1.2 on windows 2003 server called via the command line, so I think it must be something in SpamAssassin that has changed. Thanks Ben -Original Message- From: Sietse van Zanen [mailto:[EMAIL PROTECTED] Sent: 12 June 2006 12:00 To: Ben Wylie; users@spamassassin.apache.org Subject: RE: X-Spam-Headers at top of email It's a bug in spamass-milter 0.3.0. Upgrade to 0.3.1 -Sietse From: Ben Wylie [mailto:[EMAIL PROTECTED] Sent: Mon 12-Jun-06 12:56 To: users@spamassassin.apache.org Subject: X-Spam-Headers at top of email For some reason when I upgraded recently, Spamassassin is now placing the X-Spam headers at the top of the email rather than at the end of the headers section as it had been. Is there an option I can set, or does anyone know why it has suddenly changed where it puts the headers? Thanks Ben -- Anthony Peacock CHIME, Royal Free University College Medical School WWW:http://www.chime.ucl.ac.uk/~rmhiajp/ If you have an apple and I have an apple and we exchange apples then you and I will still each have one apple. But if you have an idea and I have an idea and we exchange these ideas, then each of us will have two ideas. -- George Bernard Shaw
Re: sa-learn
Jo, I think, this is not the answer to the exact question. If I understood the question correctly, Ronan asked whether sa-learn would ignore the headers that were inserted in mails that have been SCANNED, but probably not yet LEARNED. If I am right, then the answer might be found in the documentation at: http://wiki.apache.org/spamassassin/BayesInSpamAssassin It's OK to feed emails with Spamassassin markup into the sa-learn command -- sa-learn will ignore any standard Spamassassin headers, and if the original email has been encapsulated into an attachment it will decapsulate the email. In other words sa-learn will undo any changes which Spamassassin has done before learning the spam/ham character of the email. HTH Christoph Reichenberger On 12.06.2006, at 14:15, Jo wrote: Ronan McGlue wrote: just to check... I currently use sa-learn by getting a cross-section of my userbase to copy ALL their spam into a shared imap folder. This bypasses any extra headers being added if they were to forward etc. Some of the messages, (the majority) will have already been scanned by bayes and have a score assigned. Even though there are now SA headers in the mail does this affect the baysian learner, or is it smart enough to remove / ignore any SA tags it finds!? Thanks Ronan The Bayesian learner will ignore messages it has already learned before. Jo
Re: black list from IP
Sasa wrote on Mon, 12 Jun 2006 12:55:41 +0200: Hi, I use postfix-2.1.5-5 with spamassassin-3.0.4 and amavisd-new-2.3.2, I would want to block to all the mail coming from a specific IP address, can use: blacklist_from xxx.xxx.xxx.xxx Use the access list of your MTA. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com
Re: X-Spam-Headers at top of email
Hi, I reread the original email and I agree it can be read both ways. Without further information it is hard to tell. Anyway, the OP now has enough clues to at least come back here with more information. Sietse van Zanen wrote: Well, I think he was talking about the headers popping up in the e-mail (the body), and thtat is definitely a problem. And looks very much like the problem casued by/with spamass-milter. But he indeed should have been more clear, not even specifying whcih platform, new + old versions, configurations etc. I wonder why people are nowedays even becoming too lazy to take a little time explaining their problems and still expect people to readily give them the correct answers. I also wonder, why I keep replying. :-) Though my rule of thumb is, short questions, get short answers -Sietse From: Anthony Peacock [mailto:[EMAIL PROTECTED] Sent: Mon 12-Jun-06 14:02 To: SpamAssassin Users Subject: Re: X-Spam-Headers at top of email Hi Sietse, The original poster didn't actually explain why this was a problem for him. So I was explaining why the position of the headers had changed. Sietse van Zanen wrote: Well, it has. But AFAIK it has not caused problems on other than spamass-milter. Search the mailing list, there's much more on this issue. But not sure about win2003 installations of it. -Sietse From: Ben Wylie [mailto:[EMAIL PROTECTED] Sent: Mon 12-Jun-06 13:40 To: Sietse van Zanen; users@spamassassin.apache.org Subject: RE: X-Spam-Headers at top of email I am running SpamAssassin version 3.1.2 on windows 2003 server called via the command line, so I think it must be something in SpamAssassin that has changed. Thanks Ben -Original Message- From: Sietse van Zanen [mailto:[EMAIL PROTECTED] Sent: 12 June 2006 12:00 To: Ben Wylie; users@spamassassin.apache.org Subject: RE: X-Spam-Headers at top of email It's a bug in spamass-milter 0.3.0. Upgrade to 0.3.1 -Sietse From: Ben Wylie [mailto:[EMAIL PROTECTED] Sent: Mon 12-Jun-06 12:56 To: users@spamassassin.apache.org Subject: X-Spam-Headers at top of email For some reason when I upgraded recently, Spamassassin is now placing the X-Spam headers at the top of the email rather than at the end of the headers section as it had been. Is there an option I can set, or does anyone know why it has suddenly changed where it puts the headers? Thanks Ben -- Anthony Peacock CHIME, Royal Free University College Medical School WWW:http://www.chime.ucl.ac.uk/~rmhiajp/ If you have an apple and I have an apple and we exchange apples then you and I will still each have one apple. But if you have an idea and I have an idea and we exchange these ideas, then each of us will have two ideas. -- George Bernard Shaw -- Anthony Peacock CHIME, Royal Free University College Medical School WWW:http://www.chime.ucl.ac.uk/~rmhiajp/ If you have an apple and I have an apple and we exchange apples then you and I will still each have one apple. But if you have an idea and I have an idea and we exchange these ideas, then each of us will have two ideas. -- George Bernard Shaw
Re: Domainkeys - Conflicting msg headers?
On Monday 23 January 2006 15:50, Matt Kettler took the opportunity to write: Glen Carreras wrote: I've enabled the DK plugin (and applied the patch) and for the most part, I believe DK is working but, the following two headers confuse me as they appear to be conflicting statements. Are these normal or do I perhaps have something mis-configured somewhere? * 0.0 DK_SIGNED Domain Keys: message has an unverified signature * -0.0 DK_VERIFIED Domain Keys: signature passes verification From looking at the domainkeys plugin, that's normal, and the description is a bit misleading. DK_SIGNED means the message is signed. Period. The follow-on text is trying to explain that DK_SIGNED has not verified the signature, it has merely detected one is present, so the signature may or may not be valid. DK_VERIFIED means the signature passed verification. Based on the code, this will never happen unless the message also matches DK_SIGNED. I suggest that the description for DK_SIGNED be changed slightly to Domain Keys: message has a (not yet verified) signature. -- Magnus Holmgren[EMAIL PROTECTED] (No Cc of list mail needed, thanks) pgpgUeio3RgwV.pgp Description: PGP signature
Re: black list from IP
On Mon, 12 Jun 2006, sasa wrote: Hi, I use postfix-2.1.5-5 with spamassassin-3.0.4 and amavisd-new-2.3.2, I would want to block to all the mail coming from a specific IP address, can use: blacklist_from xxx.xxx.xxx.xxx Waiting until SA gets the message is needlessly wasteful of system resources. Surely postfix gives you the ability to reject mail from specific addresses early in the SMTP dialog? That would be a better way to completely block all mail coming from a specific IP address. -- John Hardin KA7OHZICQ#15735746http://www.impsec.org/~jhardin/ [EMAIL PROTECTED]FALaholic #11174pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- The problem is when people look at Yahoo, slashdot, or groklaw and jump from obvious and correct observations like Oh my God, this place is teeming with utter morons to incorrect conclusions like there's nothing of value here.-- Al Petrofsky, in Y! SCOX --- 6 days until SWMBO's Birthday
Re: SA tags above header info
On Monday 03 October 2005 18:14, Nix took the opportunity to write: On Sat, 1 Oct 2005, [EMAIL PROTECTED] stated: Which begs the question I don't remember anybody asking: What the censored is DomainKeys and why should it experience a special exception to sane ordering if header information with time of application ordered message tags? It's a scheme whereby the headers get cryptographically signed, as a body, with a key derived from a DNS lookup; another anti-forgery scheme, like SPF, only hopefully more forwarding-friendly. The idea is that relays sign the headers from a given Received: line on down, thus validating the path a mail has taken without breaking the ability for further relays to add Received lines. So adding things above Received lines is safe: adding them below invalidates the DK signature. One remark I haven't seen yet is that the DomainKey-Signature: field can include an h tag, which specifies which header fields are included in the signature. If that tag is included (and I think it usually is(?)) and there aren't already any X-Spam-* fields that have been signed, then it should be safe to add SA's header lines below, just like before. If the h tag isn't present, adding it shouldn't change the verfication status, but I don't think it's allowed. Always prepending SA's header lines clearly is the easiest thing to do. (Yes, I think it looks ugly, too.) Me too, but it's probably just because I'm used to it. Always adding new headers to the top has the additional benefit that it's easier to see which relay added what. -- Magnus Holmgren[EMAIL PROTECTED] (No Cc of list mail needed, thanks) pgpGShOtBkTZC.pgp Description: PGP signature
SPamAssassin question
hi what is the correct procedure to enable to spam.blacklist file I edited a file /etc/ and changed a line Is Definitely Spam = %rules-dir%/spam.blacklist.rules High Scoring Spam Actions = store and then I created a spam.blacklist file and edited it FromOrTo: name at isp.comyes FromOrTo: name2 at isp2.com yes FromOrTo: default no then nobody was able to receive any emails I did a tail command I saw that the blacklist file has syntax error I edited the MailScanner.conf and put the original settings back and then everybody was able to receive the email again what is the proper step by step to have the blacklist file used and where is the emails that were not delivered to the user while the syntax error was present is there a way to get to them and resend them to the users -- View this message in context: http://www.nabble.com/SPamAssassin-question-t1774263.html#a4829266 Sent from the SpamAssassin - Users forum at Nabble.com.
Re: The Future of Email is SQL
I can't recall seeing any mention in this thread of DBmail (dbmail.org), which already exists and is an all-in-one SMTP/POP3/IMAP server with MySQL or Postgres message storage (with support for SQLite on the way). It's been in development for three or four years, and from what I remember is used by the developers on a mail system with 100K+ users. I like it as a concept, but haven't been brave enough to put it into production.
For those who are considering a Barracuda Network Device server
All, I bought a Barracuda Model 400 last October. My current setup is as follows: Barracuda GW --- Internal servers --- Spamassassin server --- Quarantine or local delivery. Although there was a small percentage of spam being caught by adding the Barracuda, this was because I added my own Regex rules on the Barracuda. Without my Regex rules, using their intent RBL, a trained bayes, and SBL-XBL RBL, the devise gave me nothing in terms of more spam captured than Spamassassin with SARE. In fact, I don't have concrete numbers but I am willing to put $100 and say SA/SARE does better. Because I am a customer, I have access to the Barracuda Networks forums. I am not the only one unimpressed and since it's a moderated forum, all the postings I have made which have a negative undertones, do not get posted. OK, enough of that. I bought the server in October (8 months ago) for about $4800. This included a years license. Well, the server has a bad drive based on their support's diagnostics. They want me to pay $899 to have it replaced! FWIW, if you open the box yourself, it voids support. I want to say that if your thinking of buying one of the Barracuda Networks Spam Firewall (www.barracudanetworks.com), save your money!. I would have been better off spending about $2000 for two decent servers and running SA/SARE at the perimeter. I hope this helps somebody else from making the same mistake. Brian
Re: For those who are considering a Barracuda Network Device server
We have a 400 as well. I don't think one can even compare SA out-of-the-box and the Barracuda. I'm catching more Spam with the use of SA with no rules loaded than what our Barracuda is tagging. I've taken messages that came off the Barracuda and thew it through SA. SA scored almost 2.5 points higher than the Barracuda in several cases. I pretty much at this time strictly use the Barracuda as a buffer to 'tone' down traffic that would make our server drop to its knees. We are in process of getting a firewall in place and when that happens, the Barracuda will probably go bye..bye when I start building access lists. On Mon, 12 Jun 2006, wrote: All, I bought a Barracuda Model 400 last October. My current setup is as follows: Barracuda GW --- Internal servers --- Spamassassin server --- Quarantine or local delivery. Although there was a small percentage of spam being caught by adding the Barracuda, this was because I added my own Regex rules on the Barracuda. Without my Regex rules, using their intent RBL, a trained bayes, and SBL-XBL RBL, the devise gave me nothing in terms of more spam captured than Spamassassin with SARE. In fact, I don't have concrete numbers but I am willing to put $100 and say SA/SARE does better. Because I am a customer, I have access to the Barracuda Networks forums. I am not the only one unimpressed and since it's a moderated forum, all the postings I have made which have a negative undertones, do not get posted. OK, enough of that. I bought the server in October (8 months ago) for about $4800. This included a years license. Well, the server has a bad drive based on their support's diagnostics. They want me to pay $899 to have it replaced! FWIW, if you open the box yourself, it voids support. I want to say that if your thinking of buying one of the Barracuda Networks Spam Firewall (www.barracudanetworks.com), save your money!. I would have been better off spending about $2000 for two decent servers and running SA/SARE at the perimeter. I hope this helps somebody else from making the same mistake. Brian -- This message was sent using 100% recycled electrons.
Re: For those who are considering a Barracuda Network Device server
| I pretty much at this time strictly use the Barracuda as a buffer to 'tone' down | traffic that would make our server drop to its knees. We are in process | of getting a firewall in place and when that happens, the Barracuda will | probably go bye..bye when I start building access lists. That's exactly what mine was doing. It allowed for me to run SA/SARE with a less beefy box. B
Re: For those who are considering a Barracuda Network Device server
On Monday, June 12, 2006, 10:23:20 AM, wrote: I bought a Barracuda Model 400 last October. My current setup is as follows: Barracuda GW --- Internal servers --- Spamassassin server --- Quarantine or local delivery. Although there was a small percentage of spam being caught by adding the Barracuda, this was because I added my own Regex rules on the Barracuda. Without my Regex rules, using their intent RBL, a trained bayes, and SBL-XBL RBL, the devise gave me nothing in terms of more spam captured than Spamassassin with SARE. In fact, I don't have concrete numbers but I am willing to put $100 and say SA/SARE does better. Doesn't Barracuda use SpamAssassin in their boxes? If so it's not too surprising that it wouldn't perform much differently from SpamAssassin :-) Barracuda may not use SARE, so SARE may indeed be better. Jeff C. -- Jeff Chan mailto:[EMAIL PROTECTED] http://www.surbl.org/
Re: SPamAssassin question
On Mon, 12 Jun 2006, slyandjen wrote: what is the correct procedure to enable to spam.blacklist file I edited a file /etc/ and changed a line Is Definitely Spam = %rules-dir%/spam.blacklist.rules High Scoring Spam Actions = store and then I created a spam.blacklist file and edited it FromOrTo: name at isp.comyes FromOrTo: name2 at isp2.com yes FromOrTo: default no then nobody was able to receive any emails I did a tail command I saw that the blacklist file has syntax error I edited the MailScanner.conf and put the original settings back and then everybody was able to receive the email again This definitely looks like more of a MailScanner question than a SpamAssassin question, which to me means you might want to try asking on the MailScanner mailing list. - Logan
RE: For those who are considering a Barracuda Network Device server
Actually I mentioned that to my Barracuda sales person (we have the Spyware Firewall which is really good) and he told me that they started with SpamAssassin, but have since moved to their own software. -- Benjamin Story, CCNA CCDA Network Administrator Dot Foods, Inc www.dotfoods.com IT Helpdesk x2312 or [EMAIL PROTECTED] -Original Message- From: Jeff Chan [mailto:[EMAIL PROTECTED] Sent: Monday, June 12, 2006 12:46 PM To: Cc: users@spamassassin.apache.org Subject: Re: For those who are considering a Barracuda Network Device server On Monday, June 12, 2006, 10:23:20 AM, wrote: I bought a Barracuda Model 400 last October. My current setup is as follows: Barracuda GW --- Internal servers --- Spamassassin server --- Quarantine or local delivery. Although there was a small percentage of spam being caught by adding the Barracuda, this was because I added my own Regex rules on the Barracuda. Without my Regex rules, using their intent RBL, a trained bayes, and SBL-XBL RBL, the devise gave me nothing in terms of more spam captured than Spamassassin with SARE. In fact, I don't have concrete numbers but I am willing to put $100 and say SA/SARE does better. Doesn't Barracuda use SpamAssassin in their boxes? If so it's not too surprising that it wouldn't perform much differently from SpamAssassin :-) Barracuda may not use SARE, so SARE may indeed be better. Jeff C. -- Jeff Chan mailto:[EMAIL PROTECTED] http://www.surbl.org/
Re: For those who are considering a Barracuda Network Device server
Jeff Chan wrote: Doesn't Barracuda use SpamAssassin in their boxes? If so it's not too surprising that it wouldn't perform much differently from SpamAssassin :-) It's probably using an old version *shrug* Barracuda may not use SARE, so SARE may indeed be better. Quite possibly -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239
Re: SPamAssassin question
Logan Shaw wrote: On Mon, 12 Jun 2006, slyandjen wrote: what is the correct procedure to enable to spam.blacklist file I edited a file /etc/ and changed a line Is Definitely Spam = %rules-dir%/spam.blacklist.rules High Scoring Spam Actions = store and then I created a spam.blacklist file and edited it FromOrTo: name at isp.comyes FromOrTo: name2 at isp2.com yes FromOrTo: default no If that's exactly what you have put in your ruleset then your syntax is wrong. It should be [EMAIL PROTECTED] Have a look at the Mailscanner documentation: http://mailscanner.info/documentation.html And then ask on the Mailscanner list: http://mailscanner.info/support.html#mailing -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239
Re: The Future of Email is SQL
Mike Jackson wrote: I can't recall seeing any mention in this thread of DBmail (dbmail.org), which already exists and is an all-in-one SMTP/POP3/IMAP server with MySQL or Postgres message storage (with support for SQLite on the way). It's been in development for three or four years, and from what I remember is used by the developers on a mail system with 100K+ users. I like it as a concept, but haven't been brave enough to put it into production. Yes I mentioned this the other day. Not too much response though. DBMail is 5-6 years old. Especially active for the past 4 years. There are a number of production systems out there; some with thousands of users. It can be setup all-in-one or integrated with Postfix or other with no problems. Features such as lmtp, maildrop, and now Sieve support for message filtering, put it on par with Cyrus from at least a feature standpoint. I haven't seen benchmarking against the more well known servers, but with an optimized DB install it performs very well. In addition, it has many great possibilities with the RDBMS back-end. Clustering, replication not to mention direct SQL access to the data store which gives a lot of developers a lower learning curve for extending the software. It really is worth taking a look. We are using it on an install with around 300 users... with no problems. We are using a dbmail-postfix-mysql-amavis setup, with mysql replication to a hot backup server for fail-over. Obviously a small install, but it has been going very well. - Kevin
RE: X-Spam-Headers at top of email
I'm very sorry for not being clearer or provide the required information. The change is that the X-Spam headers are now at the very top of the headers section, whereas previously they had been at the bottom of the headers. This is not a problem, but was unexpected and I thought it to be some sort of error. I thought the standard was to add new headers to the bottom of the list of headers so you could see clearly in which order the headers had been added. I will not be using domain keys and as I think it is neater having the X-Spam headers at the bottom of the headers list I would like to have some sort of conf option to have them how they were, but this does not seem possible. I realise that I should always provide platform information and all those details but sometimes I forget and this time I thought that it was a General SpamAssassin issue which was probably why I thought it unnecessary. As it turns out, it wasn't a platform specific problem after all. However, thanks for your help and sorry for causing trouble and confusion. Ben PS What is the best medium to search the list archives, because I have not been very successful in finding relevant posts when I have problems? -Original Message- From: Sietse van Zanen [mailto:[EMAIL PROTECTED] Sent: 12 June 2006 13:24 To: SpamAssassin Users Subject: RE: X-Spam-Headers at top of email Well, I think he was talking about the headers popping up in the e-mail (the body), and thtat is definitely a problem. And looks very much like the problem casued by/with spamass-milter. But he indeed should have been more clear, not even specifying whcih platform, new + old versions, configurations etc. I wonder why people are nowedays even becoming too lazy to take a little time explaining their problems and still expect people to readily give them the correct answers. I also wonder, why I keep replying. :-) Though my rule of thumb is, short questions, get short answers -Sietse From: Anthony Peacock [mailto:[EMAIL PROTECTED] Sent: Mon 12-Jun-06 14:02 To: SpamAssassin Users Subject: Re: X-Spam-Headers at top of email Hi Sietse, The original poster didn't actually explain why this was a problem for him. So I was explaining why the position of the headers had changed. Sietse van Zanen wrote: Well, it has. But AFAIK it has not caused problems on other than spamass-milter. Search the mailing list, there's much more on this issue. But not sure about win2003 installations of it. -Sietse From: Ben Wylie [mailto:[EMAIL PROTECTED] Sent: Mon 12-Jun-06 13:40 To: Sietse van Zanen; users@spamassassin.apache.org Subject: RE: X-Spam-Headers at top of email I am running SpamAssassin version 3.1.2 on windows 2003 server called via the command line, so I think it must be something in SpamAssassin that has changed. Thanks Ben -Original Message- From: Sietse van Zanen [mailto:[EMAIL PROTECTED] Sent: 12 June 2006 12:00 To: Ben Wylie; users@spamassassin.apache.org Subject: RE: X-Spam-Headers at top of email It's a bug in spamass-milter 0.3.0. Upgrade to 0.3.1 -Sietse From: Ben Wylie [mailto:[EMAIL PROTECTED] Sent: Mon 12-Jun-06 12:56 To: users@spamassassin.apache.org Subject: X-Spam-Headers at top of email For some reason when I upgraded recently, Spamassassin is now placing the X-Spam headers at the top of the email rather than at the end of the headers section as it had been. Is there an option I can set, or does anyone know why it has suddenly changed where it puts the headers? Thanks Ben -- Anthony Peacock CHIME, Royal Free University College Medical School WWW:http://www.chime.ucl.ac.uk/~rmhiajp/ If you have an apple and I have an apple and we exchange apples then you and I will still each have one apple. But if you have an idea and I have an idea and we exchange these ideas, then each of us will have two ideas. -- George Bernard Shaw
Re: SPamAssassin question
FromOrTo: name at isp.comyes FromOrTo: name2 at isp2.com yes FromOrTo: default no these are just demos they are usually filled with normal addresses I fixed the problem today but all I want to know is where is the email stored if they are not send to the user -- View this message in context: http://www.nabble.com/SPamAssassin-question-t1774263.html#a4835608 Sent from the SpamAssassin - Users forum at Nabble.com.
Re: X-Spam-Headers at top of email
Examine the headers if this email, Ben. You should see something like this: DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=dk20050327; d=earthlink.net; b=i4B11JScmztoFnQh3L1dmNgJJ5LVrH4KvL6IDhr5usaFJCVhE+LJEBcXMk75qfx+; h=Received:Message-ID:From:To:References:Subject:Date:MIME-Version:Content-Type:Content-Transfer-Encoding:X-Priority:X-MSMail-Priority:X-Mailer:X-MimeOLE:X-ELNK-Trace:X-Originating-IP; Received: from [71.116.167.175] (helo=Wednesday) by elasmtp-banded.atl.sa.earthlink.net with asmtp (Exim 4.34) id 1FltBj-00075j-CX for users@spamassassin.apache.org; Thu, 01 Jun 2006 15:50:35 -0400 And something like this: X-ELNK-Trace: bb89ecdb26a8f9f24d2b10475b571120f889c95d8c8c9425737e3fd793879b263bd6f2aa67ad2da1350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c X-Originating-IP: 71.116.167.175 X-ELNK-AV: 0 X-ELNK-Info: sbv=0; sbrc=.0; sbf=00; sbw=000; These various signatures are SUPPOSED to provide some proof about what is contained below with checksums to verify their authenticity. If you complain to Earthlink about spam including these headers without any interspersed anti-spam headers is a great help. Unfortunately there are still tools, such as ClamAV, which place headers at the bottom. Even this list's software modifies headers below the DomainKey-Signature line. At least SpamAssassin is trying to do what it can to do the right thing. {^_^} - Original Message - From: Ben Wylie [EMAIL PROTECTED] I'm very sorry for not being clearer or provide the required information. The change is that the X-Spam headers are now at the very top of the headers section, whereas previously they had been at the bottom of the headers. This is not a problem, but was unexpected and I thought it to be some sort of error. I thought the standard was to add new headers to the bottom of the list of headers so you could see clearly in which order the headers had been added. I will not be using domain keys and as I think it is neater having the X-Spam headers at the bottom of the headers list I would like to have some sort of conf option to have them how they were, but this does not seem possible. I realise that I should always provide platform information and all those details but sometimes I forget and this time I thought that it was a General SpamAssassin issue which was probably why I thought it unnecessary. As it turns out, it wasn't a platform specific problem after all. However, thanks for your help and sorry for causing trouble and confusion. Ben PS What is the best medium to search the list archives, because I have not been very successful in finding relevant posts when I have problems? -Original Message- From: Sietse van Zanen [mailto:[EMAIL PROTECTED] Sent: 12 June 2006 13:24 To: SpamAssassin Users Subject: RE: X-Spam-Headers at top of email Well, I think he was talking about the headers popping up in the e-mail (the body), and thtat is definitely a problem. And looks very much like the problem casued by/with spamass-milter. But he indeed should have been more clear, not even specifying whcih platform, new + old versions, configurations etc. I wonder why people are nowedays even becoming too lazy to take a little time explaining their problems and still expect people to readily give them the correct answers. I also wonder, why I keep replying. :-) Though my rule of thumb is, short questions, get short answers -Sietse From: Anthony Peacock [mailto:[EMAIL PROTECTED] Sent: Mon 12-Jun-06 14:02 To: SpamAssassin Users Subject: Re: X-Spam-Headers at top of email Hi Sietse, The original poster didn't actually explain why this was a problem for him. So I was explaining why the position of the headers had changed. Sietse van Zanen wrote: Well, it has. But AFAIK it has not caused problems on other than spamass-milter. Search the mailing list, there's much more on this issue. But not sure about win2003 installations of it. -Sietse From: Ben Wylie [mailto:[EMAIL PROTECTED] Sent: Mon 12-Jun-06 13:40 To: Sietse van Zanen; users@spamassassin.apache.org Subject: RE: X-Spam-Headers at top of email I am running SpamAssassin version 3.1.2 on windows 2003 server called via the command line, so I think it must be something in SpamAssassin that has changed. Thanks Ben -Original Message- From: Sietse van Zanen [mailto:[EMAIL PROTECTED] Sent: 12 June 2006 12:00 To: Ben Wylie; users@spamassassin.apache.org Subject: RE: X-Spam-Headers at top of email It's a bug in spamass-milter 0.3.0. Upgrade to 0.3.1 -Sietse From: Ben Wylie [mailto:[EMAIL PROTECTED] Sent: Mon 12-Jun-06 12:56 To: users@spamassassin.apache.org Subject: X-Spam-Headers at top of email For some reason when I upgraded recently, Spamassassin is now placing the X-Spam headers at the top of the email rather than at the end of the headers section as it had been. Is there an option I can set, or does
Re: SPamAssassin question
From: slyandjen [EMAIL PROTECTED] FromOrTo: name at isp.comyes FromOrTo: name2 at isp2.com yes FromOrTo: default no these are just demos they are usually filled with normal addresses I fixed the problem today but all I want to know is where is the email stored if they are not send to the user -- View this message in context: http://www.nabble.com/SPamAssassin-question-t1774263.html#a4835608 Sent from the SpamAssassin - Users forum at Nabble.com. You are asking the wrong people. SpamAssassin does not ever store or delete email. The tool that calls SpamAssassin has that responsibility. {^_^}
Re: question
From: slyandjen [EMAIL PROTECTED] if I have blacklist file which one shouldit be? I'vre seen people using yes and some uses store Definite Spam Is High Scoring = yes or strore Your question is somewhat garbled due to poor English usage. What blacklist file? is the question that comes to mind. However, for this particular site serving a small number of adults who are not hung up on being religiously righteous or anything like that we deliver everything. We mark spam. It gets sorted in our MUA, Outlook Express. We periodically look through the spam to find items with scores too low for comfort and take appropriate actions. (Well, Loren does. I'm lazy.) We also check at least the low scoring spam for mismarked spam. I scan the subjects and senders for all the spam. (And, indeed, some are pretty disgusting.) If I had a youngster to deal with - say someone below the age of good judgment at 35^H^H18 - I might snip out all spam and forward it to a special account for my review. You never know what those little monsters are up to. {^_-} If I was dealing with members of a particularly up tight religious organization I'd find someone else to do the job. (In some contexts breast is a bad word. In others it is common as with breast cancer support groups. *I* do not want the thankless job if trying to sort that out. I grew up. That was a sad mistake on my part, perhaps. YMMV) In other words YOU know your priorities. Make your decisions according to those priorities. {^_^}
Re: SPamAssassin question
Slyandjen wrote on Mon, 12 Jun 2006 13:21:20 -0700 (PDT): I fixed the problem today but all I want to know is where is the email stored if they are not send to the user In the quarantine. - wiki.mailscanner.info Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com
Re: question
ok sorry spam.blacklist.rules this is the blacklist file I was talking about MailScanner.conf this is the I was asking about a line Definite Spam Is High Scoring = if I use the spam.blacklist.rules file what should it be on this line? Definite Spam Is High Scoring = yes or Definite Spam Is High Scoring = store -- View this message in context: http://www.nabble.com/question-t1776367.html#a4837412 Sent from the SpamAssassin - Users forum at Nabble.com.
Re: For those who are considering a Barracuda Network Device server
RE: For those who are considering a Barracuda Network Device server|Funny story, I've had phone conversations with them about being possibly employed. I got weird mixed signals. Things didn't seem right. I heard a |few stories. They asked me to come up with a solution of some sorts, which I found kind of odd. My last reply to them was along the lines of Why |reinvent the wheel?. There was no response. |Story ends with me still being mentally bored at my current job :) |Chris Santerre What bothers me is the most is the money I invested. We are a small company and $4800 is a big deal. All I can do is educate other people about how bad of a product it is. What's strange is all the good press I hear about them. I just don't see why. Maybe it is because of hapless and inexperienced admins being able to login to a pretty interface and do their job. Oh well...lesson learned.
Re: question
I don't speak MailScanner. So I answered with generalities for spam disposition. I'd seriously check any MailScanner mailing lists for help with its inner details. {o.o} - Original Message - From: slyandjen [EMAIL PROTECTED] ok sorry spam.blacklist.rules this is the blacklist file I was talking about MailScanner.conf this is the I was asking about a line Definite Spam Is High Scoring = if I use the spam.blacklist.rules file what should it be on this line? Definite Spam Is High Scoring = yes or Definite Spam Is High Scoring = store -- View this message in context: http://www.nabble.com/question-t1776367.html#a4837412 Sent from the SpamAssassin - Users forum at Nabble.com.
Re: question
slyandjen wrote: ok sorry spam.blacklist.rules this is the blacklist file I was talking about MailScanner.conf this is the I was asking about a line Definite Spam Is High Scoring = if I use the spam.blacklist.rules file what should it be on this line? Definite Spam Is High Scoring = yes or Definite Spam Is High Scoring = store Why don't you ask on the Mailscanner list? -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239
Re: For those who are considering a Barracuda Network Device server
On Mon, 2006-06-12 at 11:41 -0600, wrote: | I pretty much at this time strictly use the Barracuda as a buffer to 'tone' down | traffic that would make our server drop to its knees. We are in process | of getting a firewall in place and when that happens, the Barracuda will | probably go bye..bye when I start building access lists. That's exactly what mine was doing. It allowed for me to run SA/SARE with a less beefy box. B Our SonicWall PRO2040 firewall does RBL checking, which was a pleasant surprise to us since that feature was not a decision criterium for us. But, using the RBL feature has reduced the load on our Postfix/SA box considerably--and for much less $$$ than a Barracuda. -- _ A Message From... L. Mark Stone Reliable Networks of Maine, LLC We manage your network so you can manage your business 477 Congress Street Portland, ME 04101 Tel: (207) 772-5678 Web: http://www.rnome.com This email was sent from Reliable Networks of Maine LLC. It may contain information that is privileged and confidential. If you suspect that you were not intended to receive it, please delete it and notify us as soon as possible. Thank you.
RE: For those who are considering a Barracuda Network Device server
I took a look at them as a way to possibly go to a gui spam server because some of the other admins at my company are not linux gurus by any stretch, but these lacked some of the necessary functionality that would give me cause to actually pay for one. Course.. If anyone doesn't know.. Use webmin, it's a great alternative to doing things via command line... Especially if your not a linux guy like most of this list. Need a secure connection, just use the webmin ssl feature. :) -Brent -Original Message- From: L. Mark Stone [mailto:[EMAIL PROTECTED] Sent: Monday, June 12, 2006 8:44 PM To: users@spamassassin.apache.org Subject: Re: For those who are considering a Barracuda Network Device server On Mon, 2006-06-12 at 11:41 -0600, wrote: | I pretty much at this time strictly use the Barracuda as a buffer to | 'tone' down traffic that would make our server drop to its knees. We | are in process of getting a firewall in place and when that happens, | the Barracuda will probably go bye..bye when I start building access lists. That's exactly what mine was doing. It allowed for me to run SA/SARE with a less beefy box. B Our SonicWall PRO2040 firewall does RBL checking, which was a pleasant surprise to us since that feature was not a decision criterium for us. But, using the RBL feature has reduced the load on our Postfix/SA box considerably--and for much less $$$ than a Barracuda. -- _ A Message From... L. Mark Stone Reliable Networks of Maine, LLC We manage your network so you can manage your business 477 Congress Street Portland, ME 04101 Tel: (207) 772-5678 Web: http://www.rnome.com This email was sent from Reliable Networks of Maine LLC. It may contain information that is privileged and confidential. If you suspect that you were not intended to receive it, please delete it and notify us as soon as possible. Thank you.
Re: For those who are considering a Barracuda Network Device server
If I was feeling stinky I'd note that I do not like web administration tools as much as I like editing the files myself by hand doing things I understand from an overdose of RTFM. And I'm not a Linux guy last time I checked myself in front of a mirror. {^,-} But I'm not. (Besides ix guy is perhaps more to the point. I also dabble with FreeBSD; but, I don't use it for anything important yet.) (It's been a contentious day on several lists. Some humor was needed.) - Original Message - From: Brent Kennedy [EMAIL PROTECTED] I took a look at them as a way to possibly go to a gui spam server because some of the other admins at my company are not linux gurus by any stretch, but these lacked some of the necessary functionality that would give me cause to actually pay for one. Course.. If anyone doesn't know.. Use webmin, it's a great alternative to doing things via command line... Especially if your not a linux guy like most of this list. Need a secure connection, just use the webmin ssl feature. :) -Brent -Original Message- From: L. Mark Stone [mailto:[EMAIL PROTECTED] On Mon, 2006-06-12 at 11:41 -0600, wrote: | I pretty much at this time strictly use the Barracuda as a buffer to | 'tone' down traffic that would make our server drop to its knees. We | are in process of getting a firewall in place and when that happens, | the Barracuda will probably go bye..bye when I start building access lists. That's exactly what mine was doing. It allowed for me to run SA/SARE with a less beefy box. B Our SonicWall PRO2040 firewall does RBL checking, which was a pleasant surprise to us since that feature was not a decision criterium for us. But, using the RBL feature has reduced the load on our Postfix/SA box considerably--and for much less $$$ than a Barracuda. -- _ A Message From... L. Mark Stone Reliable Networks of Maine, LLC We manage your network so you can manage your business 477 Congress Street Portland, ME 04101 Tel: (207) 772-5678 Web: http://www.rnome.com This email was sent from Reliable Networks of Maine LLC. It may contain information that is privileged and confidential. If you suspect that you were not intended to receive it, please delete it and notify us as soon as possible. Thank you.
RE: For those who are considering a Barracuda Network Device server
But isn't that that beauty of SA. You don't have to be a Linux guy to install it. -Original Message- From: jdow [mailto:[EMAIL PROTECTED] Sent: Monday, June 12, 2006 7:35 PM To: users@spamassassin.apache.org Subject: Re: For those who are considering a Barracuda Network Device server If I was feeling stinky I'd note that I do not like web administration tools as much as I like editing the files myself by hand doing things I understand from an overdose of RTFM. And I'm not a Linux guy last time I checked myself in front of a mirror. {^,-} But I'm not. (Besides ix guy is perhaps more to the point. I also dabble with FreeBSD; but, I don't use it for anything important yet.) (It's been a contentious day on several lists. Some humor was needed.) - Original Message - From: Brent Kennedy [EMAIL PROTECTED] I took a look at them as a way to possibly go to a gui spam server because some of the other admins at my company are not linux gurus by any stretch, but these lacked some of the necessary functionality that would give me cause to actually pay for one. Course.. If anyone doesn't know.. Use webmin, it's a great alternative to doing things via command line... Especially if your not a linux guy like most of this list. Need a secure connection, just use the webmin ssl feature. :) -Brent -Original Message- From: L. Mark Stone [mailto:[EMAIL PROTECTED] On Mon, 2006-06-12 at 11:41 -0600, wrote: | I pretty much at this time strictly use the Barracuda as a buffer to | 'tone' down traffic that would make our server drop to its knees. We | are in process of getting a firewall in place and when that happens, | the Barracuda will probably go bye..bye when I start building access lists. That's exactly what mine was doing. It allowed for me to run SA/SARE with a less beefy box. B Our SonicWall PRO2040 firewall does RBL checking, which was a pleasant surprise to us since that feature was not a decision criterium for us. But, using the RBL feature has reduced the load on our Postfix/SA box considerably--and for much less $$$ than a Barracuda. -- _ A Message From... L. Mark Stone Reliable Networks of Maine, LLC We manage your network so you can manage your business 477 Congress Street Portland, ME 04101 Tel: (207) 772-5678 Web: http://www.rnome.com This email was sent from Reliable Networks of Maine LLC. It may contain information that is privileged and confidential. If you suspect that you were not intended to receive it, please delete it and notify us as soon as possible. Thank you.
Re: For those who are considering a Barracuda Network Device server
On Mon, 2006-06-12 at 19:34 -0700, jdow wrote: If I was feeling stinky I'd note that I do not like web administration tools as much as I like editing the files myself by hand doing things I understand from an overdose of RTFM. And I'm not a Linux guy last time I checked myself in front of a mirror. {^,-} But I'm not. (Besides ix guy is perhaps more to the point. I also dabble with FreeBSD; but, I don't use it for anything important yet.) (It's been a contentious day on several lists. Some humor was needed.) You mean calling GPL License 'nonsense' wasn't your best effort of the day? You hurled similar bombshells on other lists? Craig