Re: spamc -d option problem
Marc Perkel wrote: Marc Perkel wrote: I'm trying to use the spamc -d option and it doesn't seem to be working. I have multiple hosts listed and it works fo the first host bot not for the second. spamc -x -d pascal.ctyme.com,localhost What am I doing wrong? Or is there a bug? Am I the only one who is having this problem? Are there other people who have this working where the -d option works for more than one server in the list? OK - 3rd time same question. Is there a bug here or am I doing something wrong? The first host listed works but if the first host is down it doesn't try the next host in the list. Also - I can't seem to find a place to enter SA bugs into Bugzilla.
Re: trusted networks
Ben Wylie wrote: >>> As i understand it, in trusted networks you want >>> to have any ip or ip range that you trust to be >>> reporting correctly the details of the server from >>> which it received the email. >>> >> Yes, however there's another stipulation.. By default, >> if undeclared, internal_networks will copy the values >> of trusted_networks. >> >> You do NOT under ANY condition want another ISP's >> mailservers to be internal. Thus, if you expand >> trusted_networks to include outside ISPs, you must >> declare internal_networks. >> > > Ok, well that is resolvable. What is actually meant > to be included as "internal" and what is the difference > between that and trusted networks? If something is > trusted then it can be treated as internal, or can't it? > No, internal must never receive mail directly from a dialup node. SA applies DUL RBLs and other such tests against hosts delivering mail to internal hosts. This is why internal must ONLY contain your IPs. If say one of an ISP's mailservers enters your internal_networks list, all mail sent by users of that network will be penalized as if they were bypassing the ISPs servers and trying to deliver directly to your MX. > But for the sake of arguements, let's say i do specify > my internal networks independently. > internal_networks.. it works the same as trusted_networks.. check the manpage. > >> After all, consider that if an email has only been >> touched by trusted hosts, ALL_TRUSTED will fire and >> subtract 1.8 points off the score. >> >> I may trust yahoo to report IPs correctly. However, >> I don't trust their users at all. I'd not apply >> trusted_networks to yahoo's severs for this reason. >> > > However if i trust the main Yahoo mail servers it doesn't > mean i have to trust it's users. For example, let's > say i trust 81.103.221.35 as a Yahoo server to tell me > the truth. A Yahoo user ([EMAIL PROTECTED]) sends an > email to me ([EMAIL PROTECTED]). > > Return-Path: <[EMAIL PROTECTED]> > Received: from aamtain08-winn.ispmail.ntl.com ([81.103.221.35]) > by mtain06-winn.ispmail.ntl.com with ESMTP > id <[EMAIL PROTECTED]> > for <[EMAIL PROTECTED]>; Wed, 28 Jun 2006 23:45:20 +0100 > Received: from web53801.mail.yahoo.com ([206.190.36.196]) > by aamtain08-winn.ispmail.ntl.com with SMTP > id <[EMAIL PROTECTED]> > for <[EMAIL PROTECTED]>; Wed, 28 Jun 2006 23:45:19 +0100 > Received: (qmail 15634 invoked by uid 60001); 28 Jun 2006 22:45:11 - > DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; > s=s1024; d=yahoo.com; > > h=Message-ID:Received:Date:From:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; > > b=Ue4aoOyVvwobMH+Vv9+e0x66UAJb/9Z9GIrwOdz3FR/hP2y1q2YM9SfmV4BILlLbqAsYVfI5HoKlMzkKgs547daKfjzSu9cIkU6kdFKyKLPAHjluZOBdTg/WD3esWZ9zPhJvfFEx39aUOH/0SE9weARVWBGt3/347XkphA727y4= > ; > Message-ID: <[EMAIL PROTECTED]> > Received: from [70.22.206.250] by web53801.mail.yahoo.com via HTTP; Wed, 28 > Jun 2006 15:45:11 PDT > > We trust the main yahoo server, but the webmail server we > do not trust, so it will never trigger ALL_TRUSTED. > If you're careful not to trust 206.190.36.196 or other IP's like it, you'll be fine. > Can you see any negative effects of having 81.103.221.35 > in my trusted networks? True, but what *positive* effect have you gained? None. > Could that server send out spam directly? If it got hacked... > As i see it, there will always be another server > feeding it the email, so you will never get all trusted > firing. > > As i see it, i can trust that server. > True.. but again.. why.. what gain is there? Trusting that server doesn't help you in any way. It doesn't enhance SA's accuracy. It doesn't make SA have any inherently better understanding of the email. SA always parses all the received headers, trusted or not. It always applies RBL checks against all the non-internal IPs, trusted or not.
RE: whitelist include file
> -Original Message- > From: Payal Rathod [mailto:[EMAIL PROTECTED] > Sent: Wednesday, June 28, 2006 10:34 PM > To: users@spamassassin.apache.org > Subject: Re: whitelist include file > > On Wed, Jun 28, 2006 at 02:11:33PM -0400, Theo Van Dinter wrote: > > You could use an include, but just put the whitelist entries in > > another file named .cf, and you're done. SpamAssassin > > reads all .cf files in /etc/mail/spamassassin -- local.cf > is just the > > common one that gets used. > > Thanks a lot for the mails. > I have one query, do I have to restart SA each time I update > the .cf file for whitelist? > With warm regards, > -Payal > spamd - yes spamassassin - no perl - depends when M::SA->new() is created, and if it's ever recreated on run X. d
Re: whitelist include file
On Wed, Jun 28, 2006 at 02:11:33PM -0400, Theo Van Dinter wrote: > You could use an include, but just put the whitelist entries in > another file > named .cf, and you're done. SpamAssassin reads all .cf files in > /etc/mail/spamassassin -- local.cf is just the common one that gets used. Thanks a lot for the mails. I have one query, do I have to restart SA each time I update the .cf file for whitelist? With warm regards, -Payal
Re: Lots of missed spam
On Wed, Jun 28, 2006 at 06:55:07PM -0700, jdow wrote: > >1) all of this spam is hitting BAYES_00.. you really should check your > >bayes training and correct it. > > THAT is a bad thing. Getting down to BAYES_00 for spam takes some > doing. At the very least a whole lot of spam got trained as ham. Well, that's not necessarily true. Another possibility is that the spam message comes in but there are few tokens which are also in the DB. At that point Bayes has little to go on, and if the tokens in the DB are hammy, then the message is scored as ham. ie: Message has tokens a, b, c, d, ..., z. Of those, Bayes DB has tokens a, c, z, which are statistically ham. Therefore with the information available to Bayes, the Message is ham. This could even account for "lots" of messages all being marked as ham if there's no learning of the tokens going on in between receipt of the messages. But in the end, running the message through "spamassassin -D bayes" is likely the only thing that can be done to debug what is going on, but that's also probably not going to be helpful in the end with DB changes/learning/etc. -- Randomly Generated Tagline: "I think Ultra Slimfast powered the SCUD missile." - Bob Lazarus pgpGbLkeqraNH.pgp Description: PGP signature
RE: Lots of missed spam
On Thu, 29 Jun 2006, Leigh Sharpe wrote: > I'm seriously considering resetting the bayes and starting again, > but this time I'll be making sure that it only gets fed by people > who are actually competent enough to put their spam in the spam > folder and ham in the ham folder, not the other way around. Keep the users' spam and ham training folders. You can always check them, and forget and retrain the erroneous ones (or train, or disable, the erroneous user...) -- John Hardin KA7OHZICQ#15735746http://www.impsec.org/~jhardin/ [EMAIL PROTECTED]FALaholic #11174pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- The problem is when people look at Yahoo, slashdot, or groklaw and jump from obvious and correct observations like "Oh my God, this place is teeming with utter morons" to incorrect conclusions like "there's nothing of value here".-- Al Petrofsky, in Y! SCOX --- 6 days until The 230th anniversary of the Declaration of Independence
Re: trusted networks
>> As i understand it, in trusted networks you want >> to have any ip or ip range that you trust to be >> reporting correctly the details of the server from >> which it received the email. > > Yes, however there's another stipulation.. By default, > if undeclared, internal_networks will copy the values > of trusted_networks. > > You do NOT under ANY condition want another ISP's > mailservers to be internal. Thus, if you expand > trusted_networks to include outside ISPs, you must > declare internal_networks. Ok, well that is resolvable. What is actually meant to be included as "internal" and what is the difference between that and trusted networks? If something is trusted then it can be treated as internal, or can't it? But for the sake of arguements, let's say i do specify my internal networks independently. > After all, consider that if an email has only been > touched by trusted hosts, ALL_TRUSTED will fire and > subtract 1.8 points off the score. > > I may trust yahoo to report IPs correctly. However, > I don't trust their users at all. I'd not apply > trusted_networks to yahoo's severs for this reason. However if i trust the main Yahoo mail servers it doesn't mean i have to trust it's users. For example, let's say i trust 81.103.221.35 as a Yahoo server to tell me the truth. A Yahoo user ([EMAIL PROTECTED]) sends an email to me ([EMAIL PROTECTED]). Return-Path: <[EMAIL PROTECTED]> Received: from aamtain08-winn.ispmail.ntl.com ([81.103.221.35]) by mtain06-winn.ispmail.ntl.com with ESMTP id <[EMAIL PROTECTED]> for <[EMAIL PROTECTED]>; Wed, 28 Jun 2006 23:45:20 +0100 Received: from web53801.mail.yahoo.com ([206.190.36.196]) by aamtain08-winn.ispmail.ntl.com with SMTP id <[EMAIL PROTECTED]> for <[EMAIL PROTECTED]>; Wed, 28 Jun 2006 23:45:19 +0100 Received: (qmail 15634 invoked by uid 60001); 28 Jun 2006 22:45:11 - DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=Ue4aoOyVvwobMH+Vv9+e0x66UAJb/9Z9GIrwOdz3FR/hP2y1q2YM9SfmV4BILlLbqAsYVfI5HoKlMzkKgs547daKfjzSu9cIkU6kdFKyKLPAHjluZOBdTg/WD3esWZ9zPhJvfFEx39aUOH/0SE9weARVWBGt3/347XkphA727y4= ; Message-ID: <[EMAIL PROTECTED]> Received: from [70.22.206.250] by web53801.mail.yahoo.com via HTTP; Wed, 28 Jun 2006 15:45:11 PDT We trust the main yahoo server, but the webmail server we do not trust, so it will never trigger ALL_TRUSTED. Can you see any negative effects of having 81.103.221.35 in my trusted networks? Could that server send out spam directly? As i see it, there will always be another server feeding it the email, so you will never get all trusted firing. As i see it, i can trust that server. Ben
RE: Lots of missed spam
This was my first suspicion. I turned off Bayes tests temporarily and it had little effect. I'm seriously considering resetting the bayes and starting again, but this time I'll be making sure that it only gets fed by people who are actually competent enough to put their spam in the spam folder and ham in the ham folder, not the other way around. Regards, Leigh Leigh Sharpe Network Systems Engineer Pacific Wireless Ph +61 3 9584 8966 Mob 0408 009 502 email [EMAIL PROTECTED] web www.pacificwireless.com.au -Original Message- From: jdow [mailto:[EMAIL PROTECTED] Sent: Thursday, June 29, 2006 11:57 AM To: users@spamassassin.apache.org Subject: Re: Lots of missed spam Leigh you have a large boatload of spam trained as ham. Make sure your users realize that GOOD messages train as ham and BAD messages train as spam. It appears at least one person has been feeding them both to the ham training. {^_^} - Original Message - From: "Leigh Sharpe" <[EMAIL PROTECTED]> 1) Bayes is still in training. I've only recently given everybody the opportunity to feed it spam. I expect it to get better soon. My question was more related to why this stuff is getting through now, when it used to get blocked. 2) I'll look into upgrading. I installed the current version using yum, and a check-update on spamassassin gives me an enormous list of dependencies which scares me a bit, quite frankly. Regards, Leigh Leigh Sharpe Network Systems Engineer Pacific Wireless Ph +61 3 9584 8966 Mob 0408 009 502 email [EMAIL PROTECTED] web www.pacificwireless.com.au -Original Message- From: Matt Kettler [mailto:[EMAIL PROTECTED] Leigh Sharpe wrote: > Hi All, > After 6 months or more of perfect operation, I have had heaps of spam > has been missed over the last few weeks. Running SA with -D option > shows nothing obvious in the logs. > A small selection of misses is posted here: > http://www.pacificwireless.com.au/spam/ > > Anybody got any ideas why really obvious stuff might be getting > through? Some of it is stuff which always used to get tagged, but now > isn't. There's been no changes on the server, except for an increase > in the number of mail users. > I also note that quite a lot of it is getting negative sscores. 1) all of this spam is hitting BAYES_00.. you really should check your bayes training and correct it. 2) You're running a relatively old version of SpamAssassin. Version 3.0.3 has multiple security vulnerabilities. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3351 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1266 http://spamassassin.apache.org/advisories/cve-2006-2447.txt
Re: Lots of missed spam
Leigh you have a large boatload of spam trained as ham. Make sure your users realize that GOOD messages train as ham and BAD messages train as spam. It appears at least one person has been feeding them both to the ham training. {^_^} - Original Message - From: "Leigh Sharpe" <[EMAIL PROTECTED]> 1) Bayes is still in training. I've only recently given everybody the opportunity to feed it spam. I expect it to get better soon. My question was more related to why this stuff is getting through now, when it used to get blocked. 2) I'll look into upgrading. I installed the current version using yum, and a check-update on spamassassin gives me an enormous list of dependencies which scares me a bit, quite frankly. Regards, Leigh Leigh Sharpe Network Systems Engineer Pacific Wireless Ph +61 3 9584 8966 Mob 0408 009 502 email [EMAIL PROTECTED] web www.pacificwireless.com.au -Original Message- From: Matt Kettler [mailto:[EMAIL PROTECTED] Leigh Sharpe wrote: Hi All, After 6 months or more of perfect operation, I have had heaps of spam has been missed over the last few weeks. Running SA with -D option shows nothing obvious in the logs. A small selection of misses is posted here: http://www.pacificwireless.com.au/spam/ Anybody got any ideas why really obvious stuff might be getting through? Some of it is stuff which always used to get tagged, but now isn't. There's been no changes on the server, except for an increase in the number of mail users. I also note that quite a lot of it is getting negative sscores. 1) all of this spam is hitting BAYES_00.. you really should check your bayes training and correct it. 2) You're running a relatively old version of SpamAssassin. Version 3.0.3 has multiple security vulnerabilities. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3351 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1266 http://spamassassin.apache.org/advisories/cve-2006-2447.txt
Re: Lots of missed spam
From: "Matt Kettler" <[EMAIL PROTECTED]> Leigh Sharpe wrote: Hi All, After 6 months or more of perfect operation, I have had heaps of spam has been missed over the last few weeks. Running SA with -D option shows nothing obvious in the logs. A small selection of misses is posted here: http://www.pacificwireless.com.au/spam/ Anybody got any ideas why really obvious stuff might be getting through? Some of it is stuff which always used to get tagged, but now isn't. There's been no changes on the server, except for an increase in the number of mail users. I also note that quite a lot of it is getting negative sscores. 1) all of this spam is hitting BAYES_00.. you really should check your bayes training and correct it. THAT is a bad thing. Getting down to BAYES_00 for spam takes some doing. At the very least a whole lot of spam got trained as ham. I'd select a collection of known spam and a collection of known ham both totaling more than 200. (1000 if possible.) Then carefully feed them to sa-learn with the correct ham or spam flag. 2) You're running a relatively old version of SpamAssassin. Version 3.0.3 has multiple security vulnerabilities. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3351 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1266 http://spamassassin.apache.org/advisories/cve-2006-2447.txt The upgrade to 3.0.5 is relatively painless. I'd recommend that for the faint of heart. (I am getting excellent results here with 3.0.4 patched with some custom debug patches and with the 3.0.5 diffs from 3.0.4.) {^_^} JD
RE: Lots of missed spam
1) Bayes is still in training. I've only recently given everybody the opportunity to feed it spam. I expect it to get better soon. My question was more related to why this stuff is getting through now, when it used to get blocked. 2) I'll look into upgrading. I installed the current version using yum, and a check-update on spamassassin gives me an enormous list of dependencies which scares me a bit, quite frankly. Regards, Leigh Leigh Sharpe Network Systems Engineer Pacific Wireless Ph +61 3 9584 8966 Mob 0408 009 502 email [EMAIL PROTECTED] web www.pacificwireless.com.au -Original Message- From: Matt Kettler [mailto:[EMAIL PROTECTED] Sent: Thursday, June 29, 2006 10:55 AM To: Leigh Sharpe Cc: users Subject: Re: Lots of missed spam Leigh Sharpe wrote: > Hi All, > After 6 months or more of perfect operation, I have had heaps of spam > has been missed over the last few weeks. Running SA with -D option > shows nothing obvious in the logs. > A small selection of misses is posted here: > http://www.pacificwireless.com.au/spam/ > > Anybody got any ideas why really obvious stuff might be getting > through? Some of it is stuff which always used to get tagged, but now > isn't. There's been no changes on the server, except for an increase > in the number of mail users. > I also note that quite a lot of it is getting negative sscores. 1) all of this spam is hitting BAYES_00.. you really should check your bayes training and correct it. 2) You're running a relatively old version of SpamAssassin. Version 3.0.3 has multiple security vulnerabilities. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3351 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1266 http://spamassassin.apache.org/advisories/cve-2006-2447.txt
Re: Lots of missed spam
Leigh Sharpe wrote: > Hi All, > After 6 months or more of perfect operation, I have had heaps of spam > has been missed over the last few weeks. Running SA with -D option > shows nothing obvious in the logs. > A small selection of misses is posted here: > http://www.pacificwireless.com.au/spam/ > > Anybody got any ideas why really obvious stuff might be getting > through? Some of it is stuff which always used to get tagged, but now > isn't. There's been no changes on the server, except for an increase > in the number of mail users. > I also note that quite a lot of it is getting negative sscores. 1) all of this spam is hitting BAYES_00.. you really should check your bayes training and correct it. 2) You're running a relatively old version of SpamAssassin. Version 3.0.3 has multiple security vulnerabilities. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3351 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1266 http://spamassassin.apache.org/advisories/cve-2006-2447.txt
Re: trusted networks
Ben Wylie wrote: > As i understand it, in trusted networks you want to have any ip or ip range > that you trust to be reporting correctly the details of the server from which > it received the email. > > If this is the case, presumably it is good to have the main service provider > servers in this list. > > So if i know that Yahoo always correctly report the ip of the person they > receive the email from, i want to trust yahoo servers. > > Have i understood this correctly? > Yes, however there's another stipulation.. By default, if undeclared, internal_networks will copy the values of trusted_networks. You do NOT under ANY condition want another ISP's mailservers to be internal. Thus, if you expand trusted_networks to include outside ISPs, you must declare internal_networks. Generally speaking, you're best off with just configuring trusted_networks to contain your mailservers, and nobody elses. After all, consider that if an email has only been touched by trusted hosts, ALL_TRUSTED will fire and subtract 1.8 points off the score. I may trust yahoo to report IPs correctly. However, I don't trust their users at all. I'd not apply trusted_networks to yahoo's severs for this reason. > If so, is there a list somewhere of large email service providers which are > reliably going to report the ip they receive an email from, along with their > various server ip addresses or ip ranges? >
Setting bayes directory on Windows
Title: Setting bayes directory on Windows Is anyone running on Windows (server 2003) and been able to get bayes_path and auto_whitelist_path to work properly? I can't get either to do anything for me. I've tried short names, no spaces, etc. Nothing seems to work. If I'm logged on it uses the administrator folder (under Documents and Settings) and if it's running on its own, it uses the Default User. I'm using 3.1.3. Thanks, Don
Lots of missed spam
Hi All, After 6 months or more of perfect operation, I have had heaps of spam has been missed over the last few weeks. Running SA with -D option shows nothing obvious in the logs. A small selection of misses is posted here: http://www.pacificwireless.com.au/spam/ Anybody got any ideas why really obvious stuff might be getting through? Some of it is stuff which always used to get tagged, but now isn't. There's been no changes on the server, except for an increase in the number of mail users. I also note that quite a lot of it is getting negative sscores. Regards, Leigh Leigh SharpeNetwork Systems EngineerPacific WirelessPh +61 3 9584 8966Mob 0408 009 502email [EMAIL PROTECTED]web www.pacificwireless.com.au
Re: Dev list on an RBL
yeah I saw that -- looks like hermes.apache.org -- one of the ASF's massive dedicated servers -- displayed behaviour like a zombie to some CBL tester somewhere ;) It also made it to the XBL. It was quickly delisted though, as far as I can see -- although I'm on the road so can't check. --j. Chris Santerre writes: > dev@spamassassin.apache.org mailing list > > Blockedby cbl.abuseat.org > > Oh noes! :) > > Chris Santerre > SysAdmin and SARE/URIBL ninja > http://www.uribl.com > http://www.rulesemporium.com
trusted networks
As i understand it, in trusted networks you want to have any ip or ip range that you trust to be reporting correctly the details of the server from which it received the email. If this is the case, presumably it is good to have the main service provider servers in this list. So if i know that Yahoo always correctly report the ip of the person they receive the email from, i want to trust yahoo servers. Have i understood this correctly? If so, is there a list somewhere of large email service providers which are reliably going to report the ip they receive an email from, along with their various server ip addresses or ip ranges? Thanks Ben
Re: RulesDuJour random.current.cf?
I don't administer the SonicWall personally, but it has a "pro-active" web filter, using rules that nobody here completely comprehends, to block categories of Web Content. The category that this URL was hitting was "Free Software Downloads". We're a fairly small organization so it's easy for me to have the firewall administrator "Unblock" a site when this happens. But this is the first time I've had something start being blocked, after using it for a long time. Our Administrator mentioned that some work that he'd been doing may have caused this incident. On Wednesday 28 June 2006 13:35, L. Mark Stone wrote: > On Wed, 2006-06-28 at 09:19 -0500, Larry Starr wrote: > > I have found the problem: "Never underestimate the power of your own > > systems to make you feel dumb!". > > > > It seems that our SonicWall firewall, sometime recently, had decided that > > this was a forbidden site, so the "403" error was due to my own firewall > > blocking access. > > > > Have since "unblocked" the site and everything is, once again, working > > fine. > > > > Thought I'd pass this along, in case someone else should run into a > > problem like this. > > > > On Monday 26 June 2006 09:43, Larry Starr wrote: > > > About a week ago I started seeing: > > > >> The following rules had errors: > > > >> William Stearn's RANDOM WORD Ruleset was not retrieved because of: > > > >> 403 from > > > >> http://www.sa-blacklist.stearns.org/sa-blacklist/random.current.cf. > > > > > > I ignored it for awhile, because I've seen transient problems with some > > > of the RDJ rules in the past, but not for this long. > > > > > > Has this ruleset gone away? > > > > > > Thank you, > > Larry, > > What setting in your SonicWall did you find blocked this site? We use a > PRO2040 in front of our mail servers and have licensed the Gateway > security bundle, on which we rely. > > Thanks, > Mark -- Larry G. Starr - [EMAIL PROTECTED] or [EMAIL PROTECTED] Software Engineer: Full Compass Systems LTD. Phone: 608-831-7330 x 1347 FAX: 608-831-6330 === There are only three sports: bullfighting, mountaineering and motor racing, all the rest are merely games! - Ernest Hemmingway
Re: Only Local Mail
Jay Lee <[EMAIL PROTECTED]> wrote on Wednesday, June 28, 2006: >Jess Mooers wrote: >> I have 2 email addresses that I would like only local domains to be able to >> send messages to. >Is there a way to do this with SpamAssassin 3.1.1? >> >SA is really the wrong tool for this, you should look at setting up a >filter via your Mail Server... > >Jay Thanks. I will look into that for Exim. Regards, Jess Mooers ~~~ Landmann InterActive 1423 S. Park St., Madison, WI 53715 W 608-257-1558 www.landmanninteractive.com
Re: Only Local Mail
Jess Mooers wrote: I have 2 email addresses that I would like only local domains to be able to send messages to. Is there a way to do this with SpamAssassin 3.1.1? SA is really the wrong tool for this, you should look at setting up a filter via your Mail Server... Jay begin:vcard fn:Jay Lee n:Lee;Jay org:Philadelphia Biblical University;Information Technology Dept. email;internet:[EMAIL PROTECTED] title:Network / Systems Administrator x-mozilla-html:TRUE version:2.1 end:vcard
Only Local Mail
I have 2 email addresses that I would like only local domains to be able to send messages to. Is there a way to do this with SpamAssassin 3.1.1? Regards, Jess Mooers ~~~ Landmann InterActive 1423 S. Park St., Madison, WI 53715 W 608-257-1558 www.landmanninteractive.com
Re: Error when starting spamd 3.1.3
Rosenbaum, Larry M. wrote: From: Jorge Valdes [mailto:[EMAIL PROTECTED] Hi, I get the following error when starting spamd: error: Insecure dependency in `` while running with -T switch at /usr/local/lib/perl5/site_perl/5.8.6/Sys/Hostname/Long.pm line 91, line 222. System: Solaris 9/sparc Perl 5.8.6 This does not affect general operation, but it is anoying to see everytime I restart spamd due to option changes and/or configuration changes. Try editing Long.pm and replacing this line: my $tmp = `hostname` . '.' . `domainname`; with this: my $tmp = `hostname`; my $tmp2 = `domainname`; $tmp .= ".$tmp2"; Thanks, that did the trick!! -- Jorge Valdes [EMAIL PROTECTED]
Re: RulesDuJour random.current.cf?
On Wed, 2006-06-28 at 09:19 -0500, Larry Starr wrote: > I have found the problem: "Never underestimate the power of your own systems > to make you feel dumb!". > > It seems that our SonicWall firewall, sometime recently, had decided that > this > was a forbidden site, so the "403" error was due to my own firewall blocking > access. > > Have since "unblocked" the site and everything is, once again, working fine. > > Thought I'd pass this along, in case someone else should run into a problem > like this. > > > On Monday 26 June 2006 09:43, Larry Starr wrote: > > About a week ago I started seeing: > > >> The following rules had errors: > > >> William Stearn's RANDOM WORD Ruleset was not retrieved because of: 403 > > >> from http://www.sa-blacklist.stearns.org/sa-blacklist/random.current.cf. > > > > I ignored it for awhile, because I've seen transient problems with some of > > the RDJ rules in the past, but not for this long. > > > > Has this ruleset gone away? > > > > Thank you, > Larry, What setting in your SonicWall did you find blocked this site? We use a PRO2040 in front of our mail servers and have licensed the Gateway security bundle, on which we rely. Thanks, Mark --
RE: Error when starting spamd 3.1.3
> From: Jorge Valdes [mailto:[EMAIL PROTECTED] > > Hi, > > I get the following error when starting spamd: > > error: Insecure dependency in `` while running with -T switch at > /usr/local/lib/perl5/site_perl/5.8.6/Sys/Hostname/Long.pm line 91, > line 222. > > System: > Solaris 9/sparc > Perl 5.8.6 > > This does not affect general operation, but it is anoying to see > everytime I restart spamd due to option changes and/or configuration > changes. Try editing Long.pm and replacing this line: my $tmp = `hostname` . '.' . `domainname`; with this: my $tmp = `hostname`; my $tmp2 = `domainname`; $tmp .= ".$tmp2";
Re: whitelist include file
Payal Rathod wrote: Hi, I plan to keep all my white_list from addresses in a separate file instead of local.cf. Can anyone please tell me how to use an include file in local.cf? With warm regards, -Payal Hi, Just call it anything you want but make sure it ends in .cf whitelist.cf seems like a good idea. SA will include all *.cf files automagically. Regards, Rick
Re: whitelist include file
On Wed, Jun 28, 2006 at 01:51:15PM -0400, Payal Rathod wrote: > I plan to keep all my white_list from addresses in a separate file > instead of local.cf. Can anyone please tell me how to use an include > file in local.cf? You could use an include, but just put the whitelist entries in another file named .cf, and you're done. SpamAssassin reads all .cf files in /etc/mail/spamassassin -- local.cf is just the common one that gets used. -- Randomly Generated Tagline: "You probably don't walk over to a door and pull on the hinge. Why not? Because it's stupid ... "- Prof. Long pgpa4qFdSqkqJ.pgp Description: PGP signature
whitelist include file
Hi, I plan to keep all my white_list from addresses in a separate file instead of local.cf. Can anyone please tell me how to use an include file in local.cf? With warm regards, -Payal
Re: Airline reservations get tagged
On Wednesday 28 June 2006 08:48, Ralf Hildebrandt wrote: > * [EMAIL PROTECTED] <[EMAIL PROTECTED]>: > > Given that airline messages are important, are related to meney, and > > recipients dont want to get forged ones, it would be a great idea to > > start a campaign with airlines / travel agents to use some sort of > > proof of origin (spf, digital signature, whatnot) Recipients could then > > apply whitelists > > Amen to that! Does SA do anything with digital signatures to deduct scores? If it's worthwhile, I'm game to play. Hamish. pgpRP8SW9ERLm.pgp Description: PGP signature
Re: Common error or not?
Morriz wrote: And these lines show up in the log: prefork: sysread(7) not ready, wait max 300 secs prefork: child 6047: entering state 1 prefork: new lowest idle kid: 6047 prefork: child reports idle prefork: child states: II I have the following in /etc/sysconfig/spamassassin: SPAMDOPTIONS="-d -m 50 -H -D" This shouldn't be the problem with only two children (as logged above) but do you really have enough memory for 50 children? At a minimum you'd probably need close to 2GB of RAM dedicated for them and certainly no less than 1.5GB. Daryl
RE: Whitelisted, but still marked spam?!
Are you sure that the subject rewriting is occurring at your server? I've seen similar problems when the sending mail server marked it as spam on the way out. Your amavis hits clearly show a different score. Rgds, Magnus -Original Message- From: Paul Ryan [mailto:[EMAIL PROTECTED] Sent: Wednesday, 28 June, 2006 20:27 To: users@spamassassin.apache.org Subject: Whitelisted, but still marked spam?! List - I did quite a bit of searching, but didn't find anything relevant. Basically I have a user on a mailing list that is getting an email which they do receive but it's marked as spam in the subject. I've placed the sender in the manual whitelist (local.cf), but it doesn't work, it still rewrites the subject. Below I've included relevant info, but have change the names and locations to protect the innocent. You can see it gets a score of 5.1/5.0 despite the hits being -98.509. The user is still getting the email, so functionally it's not a 'problem', but I don't understand why it's doing this and where it's catching it. TIA for taking a look. System: SpamAssassin version 3.0.4 running on Perl version 5.8.6 Linux 2.6.8.1-24mdksmp #1 SMP Thu Jan 13 23:11:43 MST 2005 i686 Pentium III (Coppermine) unknown GNU/Linux - actually Mandriva Email Header: Return-Path: <[EMAIL PROTECTED]> Received: from localhost (trident.my-domain.com [xxx.yyy.zzz.4]) by mail.my-domain.com (Postfix) with ESMTP id 8AB5C4FB30 for <[EMAIL PROTECTED]>; Tue, 27 Jun 2006 05:33:49 -0500 (CDT) Received: from mail.my-domain.com ([xxx.yyy.zzz.1]) by localhost (trident.my-domain.com [xxx.yyy.zzz.4]) (amavisd-new, port 10025) with LMTP id 19482-02-9 for <[EMAIL PROTECTED]>; Tue, 27 Jun 2006 05:33:47 -0500 (CDT) Received: from rydia.2square.com (unknown [###.###.###.###]) by mail.my-domain.com (Postfix) with ESMTP id D6D894FB19 for <[EMAIL PROTECTED]>; Tue, 27 Jun 2006 05:33:43 -0500 (CDT) Authentication-Results: rydia.2square.com [EMAIL PROTECTED]; ip-match=fail Authentication-Results: rydia.2square.com [EMAIL PROTECTED]; domainkeys= (no key) Received: from mail.abc.net (mail.abc.de [###.###.###.###]) by rydia.2square.com (rydia.2square.com) (MDaemon.PRO.v8.1.3.R) with ESMTP id md5011711.msg for <[EMAIL PROTECTED]>; Tue, 27 Jun 2006 05:34:01 -0500 Received: (qmail 16011 invoked by alias); 27 Jun 2006 10:33:31 - Delivered-To: GMX delivery to [EMAIL PROTECTED] Received: (qmail 15662 invoked by uid 0); 27 Jun 2006 10:33:29 - Received: from 80.135.191.239 by www086.abc.net with HTTP; Tue, 27 Jun 2006 12:33:30 +0200 (CEST) Content-Type: text/plain; charset="utf-8" Date: Tue, 27 Jun 2006 12:33:30 +0200 From: [EMAIL PROTECTED] Message-ID: <[EMAIL PROTECTED]> MIME-Version: 1.0 Subject: [***SPAM*** Score/Req: 05.1/5.0] GN'R 452 / AXL STILL UNDER ARREST To: [EMAIL PROTECTED] X-Authenticated: #6748436 X-Mailer: WWW-Mail 6100 (Global Message Exchange) X-Priority: 3 Content-Transfer-Encoding: 8bit X-Lookup-Warning: MAIL lookup on [EMAIL PROTECTED] does not match ###.###.###.### X-MDRcpt-To: [EMAIL PROTECTED] X-Rcpt-To: [EMAIL PROTECTED] X-MDRemoteIP: 213.165.64.21 X-Return-Path: [EMAIL PROTECTED] X-Spam-Prev-Subject: GN'R 452 / AXL STILL UNDER ARREST X-Spam-Processed: rydia.2square.com, Tue, 27 Jun 2006 05:34:03 -0500 X-MDAV-Processed: rydia.2square.com, Tue, 27 Jun 2006 05:34:04 -0500 X-MDRedirect: 1 X-MDaemon-Deliver-To: [EMAIL PROTECTED] X-Virus-Scanned: amavisd-new at my-domain.com Mail Log: Jun 27 05:33:53 trident amavis[19482]: (19482-02-9) Passed CLEAN , [###.###.###.###] <[EMAIL PROTECTED]> -> <[EMAIL PROTECTED]> , Message-ID: <[EMAIL PROTECTED]> , Hits: -98.509 , tests=AWL,BAYES_20,BIZ_TLD,NO_REAL_NAME,USER_IN_WHITELIST
RE: Whitelisted, but still marked spam?!
List - I did quite a bit of searching, but didn't find anything relevant. Basically I have a user on a mailing list that is getting an email which they do receive but it's marked as spam in the subject. I've placed the sender in the manual whitelist (local.cf), but it doesn't work, it still rewrites the subject. Below I've included relevant info, but have change the names and locations to protect the innocent. You can see it gets a score of 5.1/5.0 despite the hits being -98.509. The user is still getting the email, so functionally it's not a 'problem', but I don't understand why it's doing this and where it's catching it. TIA for taking a look. System: SpamAssassin version 3.0.4 running on Perl version 5.8.6 Linux 2.6.8.1-24mdksmp #1 SMP Thu Jan 13 23:11:43 MST 2005 i686 Pentium III (Coppermine) unknown GNU/Linux - actually Mandriva Email Header: Return-Path: <[EMAIL PROTECTED]> Received: from localhost (trident.my-domain.com [xxx.yyy.zzz.4]) by mail.my-domain.com (Postfix) with ESMTP id 8AB5C4FB30 for <[EMAIL PROTECTED]>; Tue, 27 Jun 2006 05:33:49 -0500 (CDT) Received: from mail.my-domain.com ([xxx.yyy.zzz.1]) by localhost (trident.my-domain.com [xxx.yyy.zzz.4]) (amavisd-new, port 10025) with LMTP id 19482-02-9 for <[EMAIL PROTECTED]>; Tue, 27 Jun 2006 05:33:47 -0500 (CDT) Received: from rydia.2square.com (unknown [###.###.###.###]) by mail.my-domain.com (Postfix) with ESMTP id D6D894FB19 for <[EMAIL PROTECTED]>; Tue, 27 Jun 2006 05:33:43 -0500 (CDT) Authentication-Results: rydia.2square.com [EMAIL PROTECTED]; ip-match=fail Authentication-Results: rydia.2square.com [EMAIL PROTECTED]; domainkeys= (no key) Received: from mail.abc.net (mail.abc.de [###.###.###.###]) by rydia.2square.com (rydia.2square.com) (MDaemon.PRO.v8.1.3.R) with ESMTP id md5011711.msg for <[EMAIL PROTECTED]>; Tue, 27 Jun 2006 05:34:01 -0500 Received: (qmail 16011 invoked by alias); 27 Jun 2006 10:33:31 - Delivered-To: GMX delivery to [EMAIL PROTECTED] Received: (qmail 15662 invoked by uid 0); 27 Jun 2006 10:33:29 - Received: from 80.135.191.239 by www086.abc.net with HTTP; Tue, 27 Jun 2006 12:33:30 +0200 (CEST) Content-Type: text/plain; charset="utf-8" Date: Tue, 27 Jun 2006 12:33:30 +0200 From: [EMAIL PROTECTED] Message-ID: <[EMAIL PROTECTED]> MIME-Version: 1.0 Subject: [***SPAM*** Score/Req: 05.1/5.0] GN'R 452 / AXL STILL UNDER ARREST To: [EMAIL PROTECTED] X-Authenticated: #6748436 X-Mailer: WWW-Mail 6100 (Global Message Exchange) X-Priority: 3 Content-Transfer-Encoding: 8bit X-Lookup-Warning: MAIL lookup on [EMAIL PROTECTED] does not match ###.###.###.### X-MDRcpt-To: [EMAIL PROTECTED] X-Rcpt-To: [EMAIL PROTECTED] X-MDRemoteIP: 213.165.64.21 X-Return-Path: [EMAIL PROTECTED] X-Spam-Prev-Subject: GN'R 452 / AXL STILL UNDER ARREST X-Spam-Processed: rydia.2square.com, Tue, 27 Jun 2006 05:34:03 -0500 X-MDAV-Processed: rydia.2square.com, Tue, 27 Jun 2006 05:34:04 -0500 X-MDRedirect: 1 X-MDaemon-Deliver-To: [EMAIL PROTECTED] X-Virus-Scanned: amavisd-new at my-domain.com Mail Log: Jun 27 05:33:53 trident amavis[19482]: (19482-02-9) Passed CLEAN , [###.###.###.###] <[EMAIL PROTECTED]> -> <[EMAIL PROTECTED]> , Message-ID: <[EMAIL PROTECTED]> , Hits: -98.509 , tests=AWL,BAYES_20,BIZ_TLD,NO_REAL_NAME,USER_IN_WHITELIST It appears the subject line was rewriten by rydia.2square.com before it reached your system. Gary V _ Express yourself instantly with MSN Messenger! Download today - it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
Whitelisted, but still marked spam?!
List - I did quite a bit of searching, but didn't find anything relevant. Basically I have a user on a mailing list that is getting an email which they do receive but it's marked as spam in the subject. I've placed the sender in the manual whitelist (local.cf), but it doesn't work, it still rewrites the subject. Below I've included relevant info, but have change the names and locations to protect the innocent. You can see it gets a score of 5.1/5.0 despite the hits being -98.509. The user is still getting the email, so functionally it's not a 'problem', but I don't understand why it's doing this and where it's catching it. TIA for taking a look. System: SpamAssassin version 3.0.4 running on Perl version 5.8.6 Linux 2.6.8.1-24mdksmp #1 SMP Thu Jan 13 23:11:43 MST 2005 i686 Pentium III (Coppermine) unknown GNU/Linux - actually Mandriva Email Header: Return-Path: <[EMAIL PROTECTED]> Received: from localhost (trident.my-domain.com [xxx.yyy.zzz.4]) by mail.my-domain.com (Postfix) with ESMTP id 8AB5C4FB30 for <[EMAIL PROTECTED]>; Tue, 27 Jun 2006 05:33:49 -0500 (CDT) Received: from mail.my-domain.com ([xxx.yyy.zzz.1]) by localhost (trident.my-domain.com [xxx.yyy.zzz.4]) (amavisd-new, port 10025) with LMTP id 19482-02-9 for <[EMAIL PROTECTED]>; Tue, 27 Jun 2006 05:33:47 -0500 (CDT) Received: from rydia.2square.com (unknown [###.###.###.###]) by mail.my-domain.com (Postfix) with ESMTP id D6D894FB19 for <[EMAIL PROTECTED]>; Tue, 27 Jun 2006 05:33:43 -0500 (CDT) Authentication-Results: rydia.2square.com [EMAIL PROTECTED]; ip-match=fail Authentication-Results: rydia.2square.com [EMAIL PROTECTED]; domainkeys= (no key) Received: from mail.abc.net (mail.abc.de [###.###.###.###]) by rydia.2square.com (rydia.2square.com) (MDaemon.PRO.v8.1.3.R) with ESMTP id md5011711.msg for <[EMAIL PROTECTED]>; Tue, 27 Jun 2006 05:34:01 -0500 Received: (qmail 16011 invoked by alias); 27 Jun 2006 10:33:31 - Delivered-To: GMX delivery to [EMAIL PROTECTED] Received: (qmail 15662 invoked by uid 0); 27 Jun 2006 10:33:29 - Received: from 80.135.191.239 by www086.abc.net with HTTP; Tue, 27 Jun 2006 12:33:30 +0200 (CEST) Content-Type: text/plain; charset="utf-8" Date: Tue, 27 Jun 2006 12:33:30 +0200 From: [EMAIL PROTECTED] Message-ID: <[EMAIL PROTECTED]> MIME-Version: 1.0 Subject: [***SPAM*** Score/Req: 05.1/5.0] GN'R 452 / AXL STILL UNDER ARREST To: [EMAIL PROTECTED] X-Authenticated: #6748436 X-Mailer: WWW-Mail 6100 (Global Message Exchange) X-Priority: 3 Content-Transfer-Encoding: 8bit X-Lookup-Warning: MAIL lookup on [EMAIL PROTECTED] does not match ###.###.###.### X-MDRcpt-To: [EMAIL PROTECTED] X-Rcpt-To: [EMAIL PROTECTED] X-MDRemoteIP: 213.165.64.21 X-Return-Path: [EMAIL PROTECTED] X-Spam-Prev-Subject: GN'R 452 / AXL STILL UNDER ARREST X-Spam-Processed: rydia.2square.com, Tue, 27 Jun 2006 05:34:03 -0500 X-MDAV-Processed: rydia.2square.com, Tue, 27 Jun 2006 05:34:04 -0500 X-MDRedirect: 1 X-MDaemon-Deliver-To: [EMAIL PROTECTED] X-Virus-Scanned: amavisd-new at my-domain.com Mail Log: Jun 27 05:33:53 trident amavis[19482]: (19482-02-9) Passed CLEAN , [###.###.###.###] <[EMAIL PROTECTED]> -> <[EMAIL PROTECTED]> , Message-ID: <[EMAIL PROTECTED]> , Hits: -98.509 , tests=AWL,BAYES_20,BIZ_TLD,NO_REAL_NAME,USER_IN_WHITELIST
Error when starting spamd 3.1.3
Hi, I get the following error when starting spamd: error: Insecure dependency in `` while running with -T switch at /usr/local/lib/perl5/site_perl/5.8.6/Sys/Hostname/Long.pm line 91, line 222. System: Solaris 9/sparc Perl 5.8.6 This does not affect general operation, but it is anoying to see everytime I restart spamd due to option changes and/or configuration changes. -- Jorge Valdes Intercom El Salvador [EMAIL PROTECTED]
Hidden Option?
Hi, just wanted to let everyone know that I found a SPAMD option that cannot be configured via commandline: server-scale-period By looking at the documentation, this option sets how much time the system will wait before determining whether a new child is spawned, the current default is 2 seconds. In my case, I wanted to wait longer in order not to spawn a child only to be killed a couple of seconds later when the min-spare children became available again. I found out that the only way to change this was in the spamd script. I added the option manually ~ line 195. 'server-scale-period=i'=> \$opt{'server-scale-period'}, Now I can set the option to my taste. -- Jorge Valdes Intercom El Salvador [EMAIL PROTECTED]
Re: RulesDuJour random.current.cf?
I have found the problem: "Never underestimate the power of your own systems to make you feel dumb!". It seems that our SonicWall firewall, sometime recently, had decided that this was a forbidden site, so the "403" error was due to my own firewall blocking access. Have since "unblocked" the site and everything is, once again, working fine. Thought I'd pass this along, in case someone else should run into a problem like this. On Monday 26 June 2006 09:43, Larry Starr wrote: > About a week ago I started seeing: > >> The following rules had errors: > >> William Stearn's RANDOM WORD Ruleset was not retrieved because of: 403 > >> from http://www.sa-blacklist.stearns.org/sa-blacklist/random.current.cf. > > I ignored it for awhile, because I've seen transient problems with some of > the RDJ rules in the past, but not for this long. > > Has this ruleset gone away? > > Thank you, -- Larry G. Starr - [EMAIL PROTECTED] or [EMAIL PROTECTED] Software Engineer: Full Compass Systems LTD. Phone: 608-831-7330 x 1347 FAX: 608-831-6330 === There are only three sports: bullfighting, mountaineering and motor racing, all the rest are merely games! - Ernest Hemmingway
Re: SpamAssassin local rules not executing
Chase James wrote: > I'm using sa-exim to run checks against incoming mail at SMTP time. It seems > to be working great, except it won't run my custom rules in > /etc/spamassassin/local.cf. Check to see if /etc/spamassassin is your site rules dir.. SA will automatically hunt for several different directories and use the first one of them it finds... try running spamassassin --lint -D. The site rules dir should be mentioned near the top of the output. Also, if you use spamd, amavis or MailScanner they need to be restarted for site rules changes to take effect.
RE: Blocking all inline GIF or JPG Images
--On Tuesday, June 27, 2006 5:10 PM -0400 Dave Koontz <[EMAIL PROTECTED]> wrote: Unfortunately, in our environment, "inline" images do get extensive use from our users (College Students, Faculty). Much of their email is for entertainment value, and many email "jokes" make use of Inline images of a variety of file types. GIF and JPG are just two types, you will also see PNG, BMP, etc. My company manufactures and assembles products and inspects items on receipt at the dock. When damage is found, including quality issues from our vendors, we photograph the item and email it to them so that they can immediately start to address the issue and get it fixed before the next day's shipment leaves their facility. Often a message requires a series of photos and explanatory text. Photographic email is a real requirement of business correspondence. I'm no fan of HTML in email, because it's so easy to use it to hide spam and malicious material in. I advocate strict syntax checking (which alas would fail the most common HTML-generating MUA's), and restriction of HTML to the subset needed to do this kind of job. Others have mentioned needing to include an HTML part to "contain" the image part. I personally attach my images to a text/plain part with a multipart/mixed, with the image set to disposition:inline. No HTML part is included, but I can see how one might need one for multiple images with interleaved comments, as a text/plain part has no mechanism to do that. My question is how to smack the biggest supplier of MUA's (the one in Redmond) to produce a sufficiently limited subset of HTML so that we as email admins can properly do our job while still allowing users to use a reasonable subset of markup.
Re: Airline reservations get tagged
Hi Loren, everyone Loren Wilton wrote: bayes token 'visa' => 0.997839158297152 bayes token 'refund' => 0.997646909307943 bayes token 'drinks' => 0.997585038685398 bayes token 'NUMBER' => 0.990398319296953 bayes token 'nights' => 0.98853871069642 This suggests you are still on 2.6x. It is possible that upgrading to 3.x or 3.1.x might get spam scores more in alignment with your actual incoming mail. No, we're running SA 3.04 in here. This is the output from SpamAssassin -D on an email, not a dump from the (now hashed) Bayes database. Regards, Paul Boven.
Common error or not?
Hi everybody, I hope I am sending this to the right place :) I have the following problem after having run the new spamassassin 3.1.3 for several days The emails dont get stamped correctly after being evaluated and this shows up in their headers: SA:0(?/?) And these lines show up in the log: prefork: sysread(7) not ready, wait max 300 secs prefork: child 6047: entering state 1 prefork: new lowest idle kid: 6047 prefork: child reports idle prefork: child states: II I have the following in /etc/sysconfig/spamassassin: SPAMDOPTIONS="-d -m 50 -H -D" I cannot find any solutions to this problem on the net. Only 4 or 5 people so far have reported the same problem, but nobody has helped them. Anybody knows whats going on? cheerz, Morriz
Re: Airline reservations get tagged
* [EMAIL PROTECTED] <[EMAIL PROTECTED]>: > Given that airline messages are important, are related to meney, and > recipients dont want to get forged ones, it would be a great idea to > start a campaign with airlines / travel agents to use some sort of > proof of origin (spf, digital signature, whatnot) Recipients could then > apply whitelists Amen to that! -- Ralf Hildebrandt (i.A. des IT-Zentrums) [EMAIL PROTECTED] Charite - Universitätsmedizin BerlinTel. +49 (0)30-450 570-155 Gemeinsame Einrichtung von FU- und HU-BerlinFax. +49 (0)30-450 570-962 IT-Zentrum Standort CBF send no mail to [EMAIL PROTECTED]