Re: SA-Update required modules
I had similar problems on CentOS 32 & 64; I ended up installing the Net::Ident with yum instead (off the dag repo), that worked ok... yum install perl-Net-Ident.noarch The INET6 can be installed the same way, though I don't think it's critical to have it in. HTH Nigel On Mon, 7 Aug 2006 20:45:19 -0500, Chris <[EMAIL PROTECTED]> wrote: >I looked at the list of required modules and noticed after I've been running >it for awhile that I didn't have these two installed: > >9109] dbg: diag: module not installed: Net::Ident ('require' failed) >9109] dbg: diag: module not installed: IO::Socket::INET6 ('require' failed) > >I tried installing Net::Ident awhile ago and get this: > >PERL_DL_NONLAZY=1 /usr/bin/perl5.8.5 "-MExtUtils::Command::MM" "-e" >"test_harness(0, 'blib/lib', 'bl >ib/arch')" t/*.t >t/0use..Net::Ident::_export_hooks() called too early to check prototype >at /tmp/.webmin/Net-Iden >t-1.20/blib/lib/Net/Ident.pm line 29. >ok >t/apacheNet::Ident::_export_hooks() called too early to check prototype >at /tmp/.webmin/Net-Iden >t-1.20/blib/lib/Net/Ident.pm line 29. >skipped >all skipped: no reason given >t/compatNet::Ident::_export_hooks() called too early to check prototype >at /tmp/.webmin/Net-Iden >t-1.20/blib/lib/Net/Ident.pm line 29. >FAILED test 1 > Failed 1/2 tests, 50.00% okay >t/Ident.Net::Ident::_export_hooks() called too early to check prototype >at /tmp/.webmin/Net-Iden >t-1.20/blib/lib/Net/Ident.pm line 29. >FAILED tests 1-3 > Failed 3/7 tests, 57.14% okay >Failed 2/4 test scripts, 50.00% okay. 4/10 subtests failed, 60.00% okay. >Failed Test Stat Wstat Total Fail Failed List of Failed >--- >t/Ident.t 73 42.86% 1-3 >t/compat.t 21 50.00% 1 >1 test skipped. >make: *** [test_dynamic] Error 255 > >The install failed. Would anyone possibly know why this may have happened?
Re: Latest Network Upgrade not spam.
From: "Robert Nicholson" <[EMAIL PROTECTED]> It seems the latest version of these isn't spam? Are there any rules to mark MS attachments as SPAM? From: [EMAIL PROTECTED] Subject: Latest Network Upgrade Date: August 5, 2006 9:55:10 PM CDT To: [EMAIL PROTECTED] X-Spam-Dcc: : grub.camros.com 1113; Body=1 Fuz1=1 Fuz2=1 X-Spam-Checker-Version: SpamAssassin 3.1.1 (2006-03-10) on grub.camros.com X-Spam-Level: X-Spam-Status: No, score=0.2 required=0.6 tests=BAYES_50,HTML_MESSAGE, MIME_BASE64_NO_NAME autolearn=ham version=3.1.1 Received: (qmail 6256 invoked from network); 7 Aug 2006 13:14:38 - Received: from surfgate.starhub.net.sg (203.116.254.187) by 64.34.193.12 with DES-CBC3-SHA encrypted SMTP; 7 Aug 2006 13:14:38 - Received: from imx2.starhub.net.sg (imx2.starhub.net.sg [203.116.254.42]) by surfgate.starhub.net.sg (8.13.6+Sun/8.13.6) with ESMTP id k763FTJC000782 for <[EMAIL PROTECTED]>; Sun, 6 Aug 2006 11:29:11 +0800 (SGT) Received: from kbsmtao2.starhub.net.sg (kbsmtao181.starhub.net.sg [203.116.2.181]) by imx2.starhub.net.sg (8.12.10/8.12.10) with ESMTP id k762oex0025517 for <[EMAIL PROTECTED]>; Sun, 6 Aug 2006 10:50:43 +0800 Received: from kslqb ([203.116.121.101]) by kbsmtao2.starhub.net.sg (Sun Java System Messaging Server 6.2-4.03 (built Sep 22 2005)) with ESMTPP id <[EMAIL PROTECTED]> for [EMAIL PROTECTED]; Sun, 06 Aug 2006 10:55:40 +0800 (SGT) Date-Warning: Date header was inserted by kbsmtao2.starhub.net.sg Message-Id: <[EMAIL PROTECTED]> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="Boundary_ (ID_fld50HgNZSb4ucD84dSJhA)" X-Accept-Flag: Sender is Unknown Lines: 2665 Without some of the body I've no idea what would block these other than DNS rules. And if you are one of the first to be attacked they are often ineffective. The originating address is from another .sg computer. d121101.ppp121.cyberway.com.sg So network rules might not even work. One thing I notice that might be trapped upon is that these two headers and the "To:" do not agree. But that is not a particularly strong spam sign. ===8<--- Received: from kbsmtao2.starhub.net.sg (kbsmtao181.starhub.net.sg [203.116.2.181]) by imx2.starhub.net.sg (8.12.10/8.12.10) with ESMTP id k762oex0025517 for <[EMAIL PROTECTED]>; Sun, 6 Aug 2006 10:50:43 +0800 Received: from kslqb ([203.116.121.101]) by kbsmtao2.starhub.net.sg (Sun Java System Messaging Server 6.2-4.03 (built Sep 22 2005)) with ESMTPP id <[EMAIL PROTECTED]> for ===8<--- To: [EMAIL PROTECTED] ===8<--- If you are not a member of advisor.com's mailing lists you could simply black list them. If you are you might want to generate a specific rule trio that detects advisor.com for the purported source and requires that it be ONLY from their address. That'd be two rules and a meta rule to put them together. (I don't know what would happen with a "blacklist_from" and a more specific "whitelist_from_rcvd". Ideally that would do the trick. But I am not sure it would.) {^_^}
Re: Memory requirements
From: "James Lay" <[EMAIL PROTECTED]> Hey all! Anyone happen to know the memory requirements of SpamAssassin? I have 3.0.4 running on 128 Megs okwill upgrading to 3.1.4 plus the SARE rules tank it? Or am I safe? Thanks all! Perhaps. Do not run anything else with a significant memory footprint on the system at the same time. Do not use X, of course. Minimize the number of children spawned to one. {^_^} Joanne
Re: Memory requirements
On Mon, 7 Aug 2006, James Lay wrote: > Anyone happen to know the memory requirements of SpamAssassin? I have > 3.0.4 running on 128 Megs okwill upgrading to 3.1.4 plus the SARE > rules tank it? Or am I safe? Thanks all! I'm running 3.1.3 with a bunch of SARE and local rules on my hosted server, which only has 96MB of RAM and 196MB of swap. It's also running BIND serving as authoritative for a few domains, and apache serving static content, but no databases or other fancy stuff. I have it configured to only spawn one child and run all scans sequentially, as I don't really care if it takes a couple of minutes to score a message. It works reliably, though there's little margin for adding much else. If there was any less memory I would not be able to run SA. How much swap do you have? And what else is running on the server? -- John Hardin KA7OHZICQ#15735746http://www.impsec.org/~jhardin/ [EMAIL PROTECTED]FALaholic #11174pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- False is the idea of utility that sacrifices a thousand real advantages for one imaginary or trifling inconvenience; that would take fire from men because it burns, and water because one may drown in it; that has no remedy for evils except destruction. The laws that forbid the carrying of arms are laws of such a nature. They disarm only those who are neither inclined nor determined to commit crime. -- Cesare Beccaria, quoted by Thomas Jefferson ---
Latest Network Upgrade not spam.
It seems the latest version of these isn't spam?Are there any rules to mark MS attachments as SPAM? From: [EMAIL PROTECTED] Subject: Latest Network Upgrade Date: August 5, 2006 9:55:10 PM CDT To: [EMAIL PROTECTED] X-Spam-Dcc: : grub.camros.com 1113; Body=1 Fuz1=1 Fuz2=1 X-Spam-Checker-Version: SpamAssassin 3.1.1 (2006-03-10) on grub.camros.com X-Spam-Level: X-Spam-Status: No, score=0.2 required=0.6 tests=BAYES_50,HTML_MESSAGE, MIME_BASE64_NO_NAME autolearn=ham version=3.1.1 Received: (qmail 6256 invoked from network); 7 Aug 2006 13:14:38 - Received: from surfgate.starhub.net.sg (203.116.254.187) by 64.34.193.12 with DES-CBC3-SHA encrypted SMTP; 7 Aug 2006 13:14:38 - Received: from imx2.starhub.net.sg (imx2.starhub.net.sg [203.116.254.42]) by surfgate.starhub.net.sg (8.13.6+Sun/8.13.6) with ESMTP id k763FTJC000782 for <[EMAIL PROTECTED]>; Sun, 6 Aug 2006 11:29:11 +0800 (SGT) Received: from kbsmtao2.starhub.net.sg (kbsmtao181.starhub.net.sg [203.116.2.181]) by imx2.starhub.net.sg (8.12.10/8.12.10) with ESMTP id k762oex0025517 for <[EMAIL PROTECTED]>; Sun, 6 Aug 2006 10:50:43 +0800 Received: from kslqb ([203.116.121.101]) by kbsmtao2.starhub.net.sg (Sun Java System Messaging Server 6.2-4.03 (built Sep 22 2005)) with ESMTPP id <[EMAIL PROTECTED]> for [EMAIL PROTECTED]; Sun, 06 Aug 2006 10:55:40 +0800 (SGT) Date-Warning: Date header was inserted by kbsmtao2.starhub.net.sg Message-Id: <[EMAIL PROTECTED]> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="Boundary_(ID_fld50HgNZSb4ucD84dSJhA)" X-Accept-Flag: Sender is Unknown Lines: 2665
Memory requirements
Hey all! Anyone happen to know the memory requirements of SpamAssassin? I have 3.0.4 running on 128 Megs okwill upgrading to 3.1.4 plus the SARE rules tank it? Or am I safe? Thanks all! James
SA-Update required modules
I looked at the list of required modules and noticed after I've been running it for awhile that I didn't have these two installed: 9109] dbg: diag: module not installed: Net::Ident ('require' failed) 9109] dbg: diag: module not installed: IO::Socket::INET6 ('require' failed) I tried installing Net::Ident awhile ago and get this: PERL_DL_NONLAZY=1 /usr/bin/perl5.8.5 "-MExtUtils::Command::MM" "-e" "test_harness(0, 'blib/lib', 'bl ib/arch')" t/*.t t/0use..Net::Ident::_export_hooks() called too early to check prototype at /tmp/.webmin/Net-Iden t-1.20/blib/lib/Net/Ident.pm line 29. ok t/apacheNet::Ident::_export_hooks() called too early to check prototype at /tmp/.webmin/Net-Iden t-1.20/blib/lib/Net/Ident.pm line 29. skipped all skipped: no reason given t/compatNet::Ident::_export_hooks() called too early to check prototype at /tmp/.webmin/Net-Iden t-1.20/blib/lib/Net/Ident.pm line 29. FAILED test 1 Failed 1/2 tests, 50.00% okay t/Ident.Net::Ident::_export_hooks() called too early to check prototype at /tmp/.webmin/Net-Iden t-1.20/blib/lib/Net/Ident.pm line 29. FAILED tests 1-3 Failed 3/7 tests, 57.14% okay Failed 2/4 test scripts, 50.00% okay. 4/10 subtests failed, 60.00% okay. Failed Test Stat Wstat Total Fail Failed List of Failed --- t/Ident.t 73 42.86% 1-3 t/compat.t 21 50.00% 1 1 test skipped. make: *** [test_dynamic] Error 255 The install failed. Would anyone possibly know why this may have happened? -- Chris 20:41:09 up 8 days, 2:09, 1 user, load average: 1.36, 2.00, 1.94 pgpHMFyyND4FW.pgp Description: PGP signature
Re: Improved OCR Plugin with approximate matching
From: "uNiXpSyChO" <[EMAIL PROTECTED]> decoder wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello there, I have improved the original OcrPlugin (found at http://wiki.apache.org/spamassassin/OcrPlugin), so it contains fuzzy matching. Like that, mistakes made by the OCR recognition or intentional obfuscations in the text don't make the recognition impossible. This is being done with a relative distance calculation between the pattern (word from a given word list) and a line in the recognized input. Also, the plugin uses dynamic scoring (more matched words means more score, this can be adjusted in the source). You can find a full description and an example in the wiki under: http://wiki.apache.org/spamassassin/FuzzyOcrPlugin Ideas for improvements or critics are always welcome :) seems to work... but i never see a score about 1.00. the docs say the default score is 4. did i miss something? You probably never amended your local.cf or equivalent with the score for the rule. So it gets the default score of 1. {^_^}
Re: Improved OCR Plugin with approximate matching
seems to work... but i never see a score about 1.00. the docs say the default score is 4. did i miss something? above 1.00 i meant.
Re: Improved OCR Plugin with approximate matching
decoder wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello there, I have improved the original OcrPlugin (found at http://wiki.apache.org/spamassassin/OcrPlugin), so it contains fuzzy matching. Like that, mistakes made by the OCR recognition or intentional obfuscations in the text don't make the recognition impossible. This is being done with a relative distance calculation between the pattern (word from a given word list) and a line in the recognized input. Also, the plugin uses dynamic scoring (more matched words means more score, this can be adjusted in the source). You can find a full description and an example in the wiki under: http://wiki.apache.org/spamassassin/FuzzyOcrPlugin Ideas for improvements or critics are always welcome :) seems to work... but i never see a score about 1.00. the docs say the default score is 4. did i miss something?
Re: spamd not well after crash
On Monday 07 August 2006 03:32, Loren Wilton wrote: > If you previously installed from a distro of some kind you should probably > upgrade using the newer distro rather than CPAN directly; otherwise you can > end up with mucked up installations since some distros move things around. The problem with that is that many Distros don't release upgrades very often. The only problem you are likely too have in this regard is spamd located in a non-standard place. So check dates. It might be wise to uninstall the rpm just prior to doing the CPAN route. Be sure to follow and install all the pre-requisite cpan modules. There are some that just do not work, and won't build. You can ignore these. But do get the network tests working if possible. -- _ John Andersen pgpmB77wkaOQh.pgp Description: PGP signature
Re: 0451.com
From: "Hamish Marson" <[EMAIL PROTECTED]> Duncan Hill wrote: On Monday 07 August 2006 00:02, wrote: | 2250 0733.com Here are my numbers from last week: 5006 0451.com 3845 53.com Not seeing anywhere near as high, but this is only on my personal server: 440733.com 340451.com 110668.com 4 023.com 2 08.com 2 020.com 1 212.com 1 07770500.com 1 01191.com 1 004.com However, the majority are already being rejected with my standard rules in Postfix (like don't accept mail from certain netblocks). I would have sworn there used to be a domain registration rule that said pure-numeric domains were illegal, but I'm not sure. The RFC's actually state that a domain MUST start with a letter, and be any letter or digit or hyphen after. So according to the RFC's purely numberic domains are illegal. (e.g. From RFC 1035) ::= | " " ::= | "." ::= [ [ ] ] ::= | ::= | "-" ::= | ::= any one of the 52 alphabetic characters A through Z in upper case and a through z in lower case ::= any one of the ten digits 0 through 9 Seems clear to me... And since RFC1035 is still current, I'm not sure why purely numeric domains are considered acceptable. (Apart from I can't think of a really good reason apart from pedanticness to stop them). Well, some browsers allow you to put in "google" for the address and will self-complete to what it thinks you wants. If there is a number only in there the browser will likely try to interpret the number as an 32 IP address in decimal form. All those addresses would hit network 0, though. And that is a reserved net number. {^_-}
Improved OCR Plugin with approximate matching
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello there, I have improved the original OcrPlugin (found at http://wiki.apache.org/spamassassin/OcrPlugin), so it contains fuzzy matching. Like that, mistakes made by the OCR recognition or intentional obfuscations in the text don't make the recognition impossible. This is being done with a relative distance calculation between the pattern (word from a given word list) and a line in the recognized input. Also, the plugin uses dynamic scoring (more matched words means more score, this can be adjusted in the source). You can find a full description and an example in the wiki under: http://wiki.apache.org/spamassassin/FuzzyOcrPlugin Ideas for improvements or critics are always welcome :) Best regards, Chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE18IMJQIKXnJyDxURAm4PAJ9WcLtEDharV99qZrgPGuy0oa6a+QCfcvgz azeW1/azOeGFnW2qBnvcOUs= =KZIA -END PGP SIGNATURE-
Re: 0451.com
On Monday 07 August 2006 16:09, Tony Finch wrote: > On Mon, 7 Aug 2006, Hamish Marson wrote: > > The RFC's actually state that a domain MUST start with a letter, and > > be any letter or digit or hyphen after. So according to the RFC's > > purely numberic domains are illegal. > > No! Wrong! Totally wrong! If they were illegal they would never have been > allocated. Duh. > Yeah, Right... And Verisign never wildcarded domains either did they? Duh! right back at you. > RFC 1123 section 2.1: > > The syntax of a legal Internet host name was specified in RFC-952 Hostname vs DomainName RFC1035 is still current. never superceeded. It states Domain names. RFC1123 says hostnames... In fact RFC1035 isn't even marked as updated! (At least the copies I'm looking at now) AFAICS RFC1123 only mentions hostnames, nothing about domains. A small semantic difference I know, but possibly an important one. I wonder what Cricket has to say about domain names being all digits? Possibly it comes under the be lenient in what you accept & rigid in what you present rule. RFC1912 throws more wood on the fire... Allowable characters in a label for a host name are only ASCII letters, digits, and the `-' character. Labels may not be all numbers, but may have a leading digit (e.g., 3com.com). Labels must end and begin only with a letter or digit. See [RFC 1035] and [RFC 1123]. (Labels were initially restricted in [RFC 1035] to start with a letter, and some older hosts still reportedly have problems with the relaxation in [RFC 1123].) Note there are some Internet hostnames which violate this rule (411.org, 1776.com). The presence of underscores in a label is allowed in [RFC 1033], except [RFC 1033] is informational only and was not defining a standard. There is at least one popular TCP/IP implementation which currently refuses to talk to hosts named with underscores in them. It must be noted that the language in [1035] is such that these rules are voluntary -- they are there for those who wish to minimize problems. Note that the rules for Internet host names also apply to hosts and addresses used in SMTP (See RFC 821). So even rfc1912 still thinks all digit domains are incorrect... But it interprets 1123 as meaning hosts & domains. But even in 1996 it was recognised that the registrars didn't really follow the RFC's properly... I still think all digit domains are probably worth a point or so. > [DNS:4]. One aspect of host name syntax is hereby changed: the > restriction on the first character is relaxed to allow either a > letter or a digit. Host software MUST support this more liberal > syntax. > > Tony. pgpx2IGc4ElMm.pgp Description: PGP signature
Having Bayes MySQL problems
Anyone know what would cause this? I ran sa-learn --force-expire Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/BayesStore/SQL.pm line 132. Use of uninitialized value in numeric ne (!=) at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/BayesStore/SQL.pm line 134. Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/BayesStore/SQL.pm line 135. bayes: database version is different than we understand (3), aborting! at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/BayesStore/SQL.pm line 135. Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/BayesStore/SQL.pm line 179. Use of uninitialized value in numeric ne (!=) at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/BayesStore/SQL.pm line 181. Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/BayesStore/SQL.pm line 182. bayes: database version is different than we understand (3), aborting! at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/BayesStore/SQL.pm line 182.
Re: URIBL and SURBL no lnger hitting
DAve wrote: DAve wrote: Richard wrote: -BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 I noticed this morning that I am no longer hitting any URIBL and SURBL. I did a test, ... I should have included this in the debug output. [23441] dbg: dns: is Net::DNS::Resolver available? yes [23441] dbg: dns: Net::DNS version: 0.57 iirc (may not ...), there were some Net::DNS version issues causing probs. perhaps try upgrading Net::DNS: % perl -e 'use Net::DNS; print $Net::DNS::VERSION,"\n"' 0.58 richard I found a few messages of interest. One concerning teh ClamAV plugin, which I don't use though I have just installed the ImageInfo plugin. I removed it no change. I also found another message reporting a bug in URIDNSBL lookups. I don't think that is affecting me because it concerned the check loop finishing before the timeout. I can certainly see my timeout, it takes a full minutes before spamassassin -D --lint < testemail.txt will finish. I've seen no recent messages about Net::DNS. Not sure where to go next. The delay in SA is causing my mail to backup. Though I threw some more children at MailScanner and it is catching up now, slowly. Dig works, host works. Not sure why SA can't get a lookup. I've restarted dnscache several times, and I have my normal dns servers listed under 127.0.0.1 in /etc/resolv.conf. DAve [63142] dbg: dns: is Net::DNS::Resolver available? yes [63142] dbg: dns: Net::DNS version: 0.58 [63142] dbg: uridnsbl: done waiting for URIDNSBL lookups to complete [63142] dbg: uridnsbl: aborting remaining lookups No change, still cannot complete uridnsbl lookups. But... this works. dig dadixus.com.multi.uribl.com I really hate spammers today. Really, really, hate spammers. Castration is too good for them. This last upgrade of SA and MailScanner has been brutal. I've no idea where to look next. DAve In frustration I edited /etc/resolv.conf and removed 127.0.0.1, URI lookups are completing and MailScanner is blasting through the queues on both machines exceedingly fast now. No idea what could have possibly changed, dnscache is normally bulletproof. I run it on a dozen servers as a local cache, it is a standard install on all my servers and all installs share the same config. Especially since dig worked, and still works to 127.0.0.1. Very odd. DAve -- Three years now I've asked Google why they don't have a logo change for Memorial Day. Why do they choose to do logos for other non-international holidays, but nothing for Veterans? Maybe they forgot who made that choice possible.
Re: ImageInfo path
| I am sure it has to do with the dir structure. We use oes-linux and the | dir structure on it is /etc/mail/spamassassin. So i am asking in what | file do i change the path from /mail/spamassassin to | /etc/mail/spamassassin. I have searched through the 2 files (*.pm and | *.cf and can not find it_). Thanks for any help Do this: find /usr -name Plugin
ImageInfo path
Hello all. Mostly a lurker here. I am trying to install the imageinfo plugin. So, i followed the instructions, place *.pm file in "Plugins" dir and *.cf file in "Spamassassin" dir. Do a spamassassin --lint and get [6870] warn: plugin: failed to parse plugin (from @INC): Can't locate Mail/SpamA ssassin/Plugin/ImageInfo.pm in @INC (@INC contains: /usr/lib/perl5/vendor_perl/5 .8.3/i586-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.3 /usr/lib/perl5/5.8 .3/i586-linux-thread-multi /usr/lib/perl5/5.8.3 /usr/lib/perl5/site_perl/5.8.3/i 586-linux-thread-multi /usr/lib/perl5/site_perl/5.8.3 /usr/lib/perl5/site_perl / usr/lib/perl5/vendor_perl) at (eval 58) line 1. [6870] warn: plugin: failed to create instance of plugin Mail::SpamAssassin::Plu gin::ImageInfo: Can't locate object method "new" via package "Mail::SpamAssassin ::Plugin::ImageInfo" at (eval 59) line 1. I am sure it has to do with the dir structure. We use oes-linux and the dir structure on it is /etc/mail/spamassassin. So i am asking in what file do i change the path from /mail/spamassassin to /etc/mail/spamassassin. I have searched through the 2 files (*.pm and *.cf and can not find it_). Thanks for any help begin:vcard n:Arnold;Chris fn:Chris, Arnold url:http://www.mytimewithgod.net version:2.1 email;internet:[EMAIL PROTECTED] end:vcard
RE: sa-update gives Can't locate LWP/UserAgent.pm in @INC ?
> -Original Message- > From: Evan Platt [mailto:[EMAIL PROTECTED] > Sent: Monday, August 07, 2006 8:53 AM > To: users@spamassassin.apache.org > Subject: sa-update gives Can't locate LWP/UserAgent.pm in @INC ? Had the same problem on Fedora Core 5. I had to install these additional packages. ==Install via Yum== perl-Archive-Tar perl-IO-Zlib perl-libwww-perl Also, once you get the packages installed. Try running "sa-update -D" to see what its doing in the background. :) -Wilson
Re: 0451.com
On Mon, 7 Aug 2006, Tony Finch wrote: > On Mon, 7 Aug 2006, Hamish Marson wrote: > > > > The RFC's actually state that a domain MUST start with a letter, and > > be any letter or digit or hyphen after. So according to the RFC's > > purely numberic domains are illegal. > > No! Wrong! Totally wrong! If they were illegal they would never have been > allocated. Duh. > > RFC 1123 section 2.1: > > The syntax of a legal Internet host name was specified in RFC-952 > [DNS:4]. One aspect of host name syntax is hereby changed: the > restriction on the first character is relaxed to allow either a > letter or a digit. Host software MUST support this more liberal > syntax. ...I guess not. Dammit, when am I going to learn to read my mailbox in *reverse* chronological order? -- John Hardin KA7OHZICQ#15735746http://www.impsec.org/~jhardin/ [EMAIL PROTECTED]FALaholic #11174pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- The difference is that Unix has had thirty years of technical types demanding basic functionality of it. And the Macintosh has had fifteen years of interface fascist users shaping its progress. Windows has the hairpin turns of the Microsoft marketing machine and that's all.-- Red Drag Diva ---
Re: 0451.com
On Mon, 7 Aug 2006, Hamish Marson wrote: > The RFC's actually state that a domain MUST start with a letter, and > be any letter or digit or hyphen after. So according to the RFC's > purely numberic domains are illegal. Should this be worth a point or so in the base ruleset? -- John Hardin KA7OHZICQ#15735746http://www.impsec.org/~jhardin/ [EMAIL PROTECTED]FALaholic #11174pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- The difference is that Unix has had thirty years of technical types demanding basic functionality of it. And the Macintosh has had fifteen years of interface fascist users shaping its progress. Windows has the hairpin turns of the Microsoft marketing machine and that's all.-- Red Drag Diva ---
Re: A lot of this going around
On Monday 07 August 2006 21:34, Theo Van Dinter wrote: > On Mon, Aug 07, 2006 at 09:28:12PM +0300, David Baron wrote: > > >Aug 7 18:04:30 d_baron spamd[28549]: bayes: write failed to Bayes > > >journal /home/david/.spamassassin/bayes_journal (0 of 3624)! > > > > > >Getting numerous messages of this form. Things seem to be working > > > normally! > > > > Aug 7 18:03:38 d_baron spamd[28529]: Exiting eval via last > > at /usr/share/perl5/Mail/SpamAssassin/BayesStore/DBM.pm line 1127. > > The latter is caused by the former, btw. Perhaps something is over quota > or otherwise out of space? Alternately, something like selinux restricting > what spamd can do? > > The first error happens if you can open the journal file for appending, > but doing the write actually fails (in this case, nothing was able to > be written to the file). Yup. Some stuff eats up your home partition and does not even tell you. Thanks for the hint.
Re: URIBL and SURBL no lnger hitting
DAve wrote: Richard wrote: -BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 I noticed this morning that I am no longer hitting any URIBL and SURBL. I did a test, ... I should have included this in the debug output. [23441] dbg: dns: is Net::DNS::Resolver available? yes [23441] dbg: dns: Net::DNS version: 0.57 iirc (may not ...), there were some Net::DNS version issues causing probs. perhaps try upgrading Net::DNS: % perl -e 'use Net::DNS; print $Net::DNS::VERSION,"\n"' 0.58 richard I found a few messages of interest. One concerning teh ClamAV plugin, which I don't use though I have just installed the ImageInfo plugin. I removed it no change. I also found another message reporting a bug in URIDNSBL lookups. I don't think that is affecting me because it concerned the check loop finishing before the timeout. I can certainly see my timeout, it takes a full minutes before spamassassin -D --lint < testemail.txt will finish. I've seen no recent messages about Net::DNS. Not sure where to go next. The delay in SA is causing my mail to backup. Though I threw some more children at MailScanner and it is catching up now, slowly. Dig works, host works. Not sure why SA can't get a lookup. I've restarted dnscache several times, and I have my normal dns servers listed under 127.0.0.1 in /etc/resolv.conf. DAve [63142] dbg: dns: is Net::DNS::Resolver available? yes [63142] dbg: dns: Net::DNS version: 0.58 [63142] dbg: uridnsbl: done waiting for URIDNSBL lookups to complete [63142] dbg: uridnsbl: aborting remaining lookups No change, still cannot complete uridnsbl lookups. But... this works. dig dadixus.com.multi.uribl.com I really hate spammers today. Really, really, hate spammers. Castration is too good for them. This last upgrade of SA and MailScanner has been brutal. I've no idea where to look next. DAve -- Three years now I've asked Google why they don't have a logo change for Memorial Day. Why do they choose to do logos for other non-international holidays, but nothing for Veterans? Maybe they forgot who made that choice possible.
Re: sa-update gives Can't locate LWP/UserAgent.pm in @INC ?
On Mon, Aug 07, 2006 at 11:52:50AM -0700, Evan Platt wrote: > Running SpamAssassin 3.1.3 on a OS/X box. Running sa-update gives > "Can't locate LWP/UserAgent.pm in @INC". Can't recall if I've ever > tried sa-update before. > > Googling doesn't give much help, and a locate of UserAgent.pm finds > nothing on my system. Did you read the INSTALL doc for the sa-update required modules? ;) -- Randomly Generated Tagline: "Luge strategy? Lie flat and try not to die." - Tim Steeves pgpNMFDYYpRb4.pgp Description: PGP signature
sa-update gives Can't locate LWP/UserAgent.pm in @INC ?
Hello all... Running SpamAssassin 3.1.3 on a OS/X box. Running sa-update gives "Can't locate LWP/UserAgent.pm in @INC". Can't recall if I've ever tried sa-update before. Googling doesn't give much help, and a locate of UserAgent.pm finds nothing on my system. Thanks. Evan
A lot of this going around
Aug 7 18:04:30 d_baron spamd[28549]: bayes: write failed to Bayes journal /home/david/.spamassassin/bayes_journal (0 of 3624)! Getting numerous messages of this form. Things seem to be working normally! (Note that sa-update failed this morning due to problems at the site.)
Re: A lot of this going around
On Mon, Aug 07, 2006 at 09:28:12PM +0300, David Baron wrote: > >Aug 7 18:04:30 d_baron spamd[28549]: bayes: write failed to Bayes > >journal /home/david/.spamassassin/bayes_journal (0 of 3624)! > > >Getting numerous messages of this form. Things seem to be working normally! > > Aug 7 18:03:38 d_baron spamd[28529]: Exiting eval via last > at /usr/share/perl5/Mail/SpamAssassin/BayesStore/DBM.pm line 1127. The latter is caused by the former, btw. Perhaps something is over quota or otherwise out of space? Alternately, something like selinux restricting what spamd can do? The first error happens if you can open the journal file for appending, but doing the write actually fails (in this case, nothing was able to be written to the file). -- Randomly Generated Tagline: "The nice thing about Windows is - It does not just crash, it displays a dialog box and lets you press 'OK' first." - Arno Schaefer's .sig pgp2wIMKD1dna.pgp Description: PGP signature
RE: A lot of this going around
>Aug 7 18:04:30 d_baron spamd[28549]: bayes: write failed to Bayes >journal /home/david/.spamassassin/bayes_journal (0 of 3624)! >Getting numerous messages of this form. Things seem to be working normally! >(Note that sa-update failed this morning due to problems at the site.) Also these: Aug 7 18:03:38 d_baron spamd[28529]: Exiting eval via last at /usr/share/perl5/Mail/SpamAssassin/BayesStore/DBM.pm line 1127.
bayes: database version is different than what we understand ???
I'm using MySQL and getting this error: bayes: database version is different than what we understand ??? What does this mean?
Re: URIBL and SURBL no lnger hitting
Richard wrote: -BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 I noticed this morning that I am no longer hitting any URIBL and SURBL. I did a test, ... I should have included this in the debug output. [23441] dbg: dns: is Net::DNS::Resolver available? yes [23441] dbg: dns: Net::DNS version: 0.57 iirc (may not ...), there were some Net::DNS version issues causing probs. perhaps try upgrading Net::DNS: % perl -e 'use Net::DNS; print $Net::DNS::VERSION,"\n"' 0.58 richard I found a few messages of interest. One concerning teh ClamAV plugin, which I don't use though I have just installed the ImageInfo plugin. I removed it no change. I also found another message reporting a bug in URIDNSBL lookups. I don't think that is affecting me because it concerned the check loop finishing before the timeout. I can certainly see my timeout, it takes a full minutes before spamassassin -D --lint < testemail.txt will finish. I've seen no recent messages about Net::DNS. Not sure where to go next. The delay in SA is causing my mail to backup. Though I threw some more children at MailScanner and it is catching up now, slowly. Dig works, host works. Not sure why SA can't get a lookup. I've restarted dnscache several times, and I have my normal dns servers listed under 127.0.0.1 in /etc/resolv.conf. DAve -- Three years now I've asked Google why they don't have a logo change for Memorial Day. Why do they choose to do logos for other non-international holidays, but nothing for Veterans? Maybe they forgot who made that choice possible.
Re: Spam with mail address in it
> Perhaps sometime someone can take Joe's data and >create a web site like URIBL were people can report >e-mail addresses found in scam spam to create a more >comprehensive list with faster turnaround? Oh... I forget... a previous round of discussions about this killed off this idea because there is much potential for abuse. Consider this... a 419 spammer decides to poison such a list by filling out the form and submitting "forged" 419 samples where they paste a 419 scam e-mail into the box, but use a innocent person's yahoo/hotmail/etc e-mail address. Eventually, too many FPs and it is hard to tell the difference between the "real" 419 addresses and the "fake" ones which are really legit addresses of innocent people. But I still think it could be done on a trust basis: (1) submissions ONLY accepted from password-protected accounts... no option for anonomous submissions (2) no data from account fed into system until X number of submissions from that account which match up with OTHER submitters's data (3) data from that submitter nullified as soon as X number of submissions become suspect... with (percent questioned/percent not questioned) factored in... knowing that if someone submits thousands of true 419 scams at some point, a few of these will be questioned) Rob McEwen PowerView Systems [EMAIL PROTECTED]
Re: URIBL and SURBL no lnger hitting
DAve wrote: DAve wrote: Good morning, I noticed this morning that I am no longer hitting any URIBL and SURBL. I did a test, host -tTXT test.uribl.com.multi.uribl.com and got the proper response. I also ran spamassassin -D < testemail.txt which is a message with a URI known in the URIBL list and it provided the following, [11340] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8a19be0) implements 'check_tick' [11340] dbg: uridnsbl: select found no socks ready [11340] dbg: uridnsbl: queries completed: 0 started: 0 [11340] dbg: uridnsbl: queries active: DNSBL=2 NS=1 at Mon Aug 7 10:23:12 2006 [11340] dbg: check: running tests for priority: 500 [11340] dbg: uridnsbl: select found no socks ready [11340] dbg: uridnsbl: queries completed: 0 started: 0 [11340] dbg: uridnsbl: queries active: DNSBL=2 NS=1 at Mon Aug 7 10:23:13 2006 [11340] dbg: dns: success for 0 of 2 queries [11340] dbg: dns: timeout for NO_DNS_FOR_FROM after 15 seconds [11340] dbg: dns: timeout for NO_DNS_FOR_FROM after 15 seconds [11340] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8a19be0) implements 'check_post_dnsbl' [11340] dbg: uridnsbl: select found no socks ready [11340] dbg: uridnsbl: queries completed: 0 started: 0 [11340] dbg: uridnsbl: queries active: DNSBL=2 NS=1 at Mon Aug 7 10:23:26 2006 [11340] dbg: uridnsbl: waiting 2 seconds for URIDNSBL lookups to complete [11340] dbg: uridnsbl: select found no socks ready [11340] dbg: uridnsbl: queries completed: 0 started: 0 [11340] dbg: uridnsbl: queries active: DNSBL=2 NS=1 at Mon Aug 7 10:23:28 2006 [11340] dbg: uridnsbl: done waiting for URIDNSBL lookups to complete [11340] dbg: uridnsbl: aborting remaining lookups Oddly the only thing I have changed is I began running sa-update. So out of curiosity I moved my updates.spamassassin.org* out to /tmp and reran the debug, same results. Logs show the last time I was getting hits was 4 days ago. What have I done wrong? DAve I should have included this in the debug output. [23441] dbg: dns: is Net::DNS::Resolver available? yes [23441] dbg: dns: Net::DNS version: 0.57 DAve OK, I'm digging now, Yahoo and Google show nothing useful. I did install the ImageInfo plugin so I will take it back out see what happens. Searching the archives again. I'm running SA 3.1.1 No spamc/spamd (called from MailScanner) Installed as FreeBSD port on FreeBSD 5 DAve -- Three years now I've asked Google why they don't have a logo change for Memorial Day. Why do they choose to do logos for other non-international holidays, but nothing for Veterans? Maybe they forgot who made that choice possible.
Re: Spam with mail address in it
> Maybe uribl could be changed to also check mail addresses, too? Chris, SURBL and URIBL are not intended to be used for checking against the domains of e-mail addresses, even when the e-mail is contained within the body of the message. In spite of that, I did used to do this... but I discovered that this was a large source for FPs... particularly e-mails which went through many rounds of forwarding and left dozens of e-mail addresses in the body of the message. However, I do think that it would be great if someone created a dns-based blacklist stricktly for e-mails contained within the body of the message. This would be handy for catching the spam that you mentioned as well as for MANY 419 scam e-mails. In fact, Joe Wein maintains just such a list on his web site that one can download and then integrate into their system. But I often find that the few such spams which make it past my system wouldn't have been caught if checked against Joe's list anyways. I attribute this to two things: (1) dns lists that are most successful when they use **multiple** data input sources, all working together (2) turnaround time from the intitial reports to the domain (or e-mail address, in this case) being listed must also be lightening fast. (but I may be making assumptions here about Joe's list) Perhaps sometime someone can take Joe's data and create a web site like URIBL were people can report e-mail addresses found in scam spam to create a more comprehensive list with faster turnaround? Rob McEwen PowerView Systems [EMAIL PROTECTED]
Re: Spam with mail address in it
On Mon, Aug 07, 2006 at 05:37:37PM +0200, decoder wrote: > Maybe uribl could be changed to also check mail addresses, too? FWIW, I thought there was an older one, but a quick search didn't turn it up, so here's the new one: http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5014 -- Randomly Generated Tagline: Alton Brown: Don't thank me, Chuck. I'm only here because a bet's a bet. Patty: Ha. I guess you didn't know about Chucky being National Junior Wacky Golf Champion four years running. AB: No. I regrettably let my Wacky Golf Weekly expire. - Good Eats, "Squid Pro Quo" pgpHZipEWv0LM.pgp Description: PGP signature
Spam with mail address in it
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello, today we received a non-recognized spam mail which contained only plaintext + an email address to write to. The email was [EMAIL PROTECTED] so I wanted to see if uribl maybe lists the domain. The command hostx -t TXT summerdayzz.com.multi.uribl.com gave me: summerdayzz.com.multi.uribl.com TXT "Blacklisted, see http://lookup.uribl.com/?domain=summerdayzz.com"; Maybe uribl could be changed to also check mail addresses, too? Best regards, Chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE115BJQIKXnJyDxURAnr7AJ9koMvWegG6B0Fiop4v3Dx7sjJ4WACfRYoK CMUDyvUjXRiChgTrArCaZEw= =U0ZF -END PGP SIGNATURE-
Re: URIBL and SURBL no lnger hitting
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 >> I noticed this morning that I am no longer hitting any URIBL and >> SURBL. I did a test, ... > I should have included this in the debug output. > > [23441] dbg: dns: is Net::DNS::Resolver available? yes > [23441] dbg: dns: Net::DNS version: 0.57 iirc (may not ...), there were some Net::DNS version issues causing probs. perhaps try upgrading Net::DNS: % perl -e 'use Net::DNS; print $Net::DNS::VERSION,"\n"' 0.58 richard - -- /"\ \ / ASCII Ribbon Campaign X against HTML email, vCards / \ & micro$oft attachments [GPG] OpenMacNews at gmail dot com fingerprint: 50C9 1C46 2F8F DE42 2EDB D460 95F7 DDBD 3671 08C6 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (Darwin) iEYEAREDAAYFAkTXXeAACgkQlffdvTZxCMbbSQCdGworLrHjuRCNXjXwEFlsT6oy wqYAnRoRX5LxbAULG0VfooHSAWDaynwg =9FNS -END PGP SIGNATURE-
Re: URIBL and SURBL no lnger hitting
DAve wrote: Good morning, I noticed this morning that I am no longer hitting any URIBL and SURBL. I did a test, host -tTXT test.uribl.com.multi.uribl.com and got the proper response. I also ran spamassassin -D < testemail.txt which is a message with a URI known in the URIBL list and it provided the following, [11340] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8a19be0) implements 'check_tick' [11340] dbg: uridnsbl: select found no socks ready [11340] dbg: uridnsbl: queries completed: 0 started: 0 [11340] dbg: uridnsbl: queries active: DNSBL=2 NS=1 at Mon Aug 7 10:23:12 2006 [11340] dbg: check: running tests for priority: 500 [11340] dbg: uridnsbl: select found no socks ready [11340] dbg: uridnsbl: queries completed: 0 started: 0 [11340] dbg: uridnsbl: queries active: DNSBL=2 NS=1 at Mon Aug 7 10:23:13 2006 [11340] dbg: dns: success for 0 of 2 queries [11340] dbg: dns: timeout for NO_DNS_FOR_FROM after 15 seconds [11340] dbg: dns: timeout for NO_DNS_FOR_FROM after 15 seconds [11340] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8a19be0) implements 'check_post_dnsbl' [11340] dbg: uridnsbl: select found no socks ready [11340] dbg: uridnsbl: queries completed: 0 started: 0 [11340] dbg: uridnsbl: queries active: DNSBL=2 NS=1 at Mon Aug 7 10:23:26 2006 [11340] dbg: uridnsbl: waiting 2 seconds for URIDNSBL lookups to complete [11340] dbg: uridnsbl: select found no socks ready [11340] dbg: uridnsbl: queries completed: 0 started: 0 [11340] dbg: uridnsbl: queries active: DNSBL=2 NS=1 at Mon Aug 7 10:23:28 2006 [11340] dbg: uridnsbl: done waiting for URIDNSBL lookups to complete [11340] dbg: uridnsbl: aborting remaining lookups Oddly the only thing I have changed is I began running sa-update. So out of curiosity I moved my updates.spamassassin.org* out to /tmp and reran the debug, same results. Logs show the last time I was getting hits was 4 days ago. What have I done wrong? DAve I should have included this in the debug output. [23441] dbg: dns: is Net::DNS::Resolver available? yes [23441] dbg: dns: Net::DNS version: 0.57 DAve -- Three years now I've asked Google why they don't have a logo change for Memorial Day. Why do they choose to do logos for other non-international holidays, but nothing for Veterans? Maybe they forgot who made that choice possible.
Re: 0451.com
On Mon, 7 Aug 2006, Tony Finch wrote: On Mon, 7 Aug 2006, Hamish Marson wrote: The RFC's actually state that a domain MUST start with a letter, and be any letter or digit or hyphen after. So according to the RFC's purely numberic domains are illegal. No! Wrong! Totally wrong! If they were illegal they would never have been allocated. Duh. RFC 1123 section 2.1: The syntax of a legal Internet host name was specified in RFC-952 [DNS:4]. One aspect of host name syntax is hereby changed: the restriction on the first character is relaxed to allow either a letter or a digit. Host software MUST support this more liberal syntax. Ah, I thought I remembered something along those lines but couldn't find the reference. Also, for what it's worth, there are some legitimate businesses that use domains beginning with a digit. 3Com, for instance. - Logan
Re: 0451.com
On Mon, 7 Aug 2006, Hamish Marson wrote: > > The RFC's actually state that a domain MUST start with a letter, and > be any letter or digit or hyphen after. So according to the RFC's > purely numberic domains are illegal. No! Wrong! Totally wrong! If they were illegal they would never have been allocated. Duh. RFC 1123 section 2.1: The syntax of a legal Internet host name was specified in RFC-952 [DNS:4]. One aspect of host name syntax is hereby changed: the restriction on the first character is relaxed to allow either a letter or a digit. Host software MUST support this more liberal syntax. Tony. -- f.a.n.finch <[EMAIL PROTECTED]> http://dotat.at/ FISHER: WEST OR NORTHWEST 4 OR 5 BECOMING VARIABLE 3 OR 4. FAIR. MODERATE OR GOOD.
Re: testing for empty text/plain
On Mon, Aug 07, 2006 at 09:11:14AM -0400, Eric A. Hall wrote: > What's the most efficient way to grab the text/plain part? Check out the other code/plugins. Getting to a specific message part is pretty easy. -- Randomly Generated Tagline: Sarchasm: The gulf between the author of sarcastic wit, and the recipient who doesn't get it. - Washington Post pgpjQVMr52Don.pgp Description: PGP signature
OCR
Hi, I'm planning to test the OCR module in SA very soon. I was wondering if other (commercial) anti-spam products already have a OCR module built-in? Thx F.
Re: Upgrade Woo's
On Mon, Aug 07, 2006 at 08:00:59AM -0400, Chuck Payne wrote: > Aug 7 07:32:02 magi spamd[14114]: config: failed to parse line, skipping: W > Aug 7 07:32:02 magi spamd[14114]: config: failed to parse line, > skipping: bayes_use_chi2_combining 1 "W" isn't a valid config line, and the chi2 business is not a valid config option. > Aug 7 07:32:02 magi spamd[14114]: config: SpamAssassin failed to > parse line, "/home/spamd/" is not valid for "bayes_path", skipping: > bayes_path /home/spamd/ bayes_path should be pointing at a path w/ file prefix, not a directory. > Aug 7 07:32:02 magi spamd[14114]: config: failed to parse line, > skipping: use_dcc 1 > Aug 7 07:32:02 magi spamd[14114]: config: failed to parse line, > skipping: dcc_timeout 8 > Aug 7 07:32:02 magi spamd[14114]: config: failed to parse line, > skipping: dcc_home /var/spool/amavis/dcc/ > Aug 7 07:32:02 magi spamd[14114]: config: failed to parse line, > skipping: dcc_path /var/spool/amavis/bin/cdcc Looks like you didn't load the plugin. -- Randomly Generated Tagline: "And 1.1.81 is officially BugFree(tm), so if you receive any bug-reports on it, you know they are just evil lies." - Linus Torvalds pgp9UrmzWu0km.pgp Description: PGP signature
URIBL and SURBL no lnger hitting
Good morning, I noticed this morning that I am no longer hitting any URIBL and SURBL. I did a test, host -tTXT test.uribl.com.multi.uribl.com and got the proper response. I also ran spamassassin -D < testemail.txt which is a message with a URI known in the URIBL list and it provided the following, [11340] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8a19be0) implements 'check_tick' [11340] dbg: uridnsbl: select found no socks ready [11340] dbg: uridnsbl: queries completed: 0 started: 0 [11340] dbg: uridnsbl: queries active: DNSBL=2 NS=1 at Mon Aug 7 10:23:12 2006 [11340] dbg: check: running tests for priority: 500 [11340] dbg: uridnsbl: select found no socks ready [11340] dbg: uridnsbl: queries completed: 0 started: 0 [11340] dbg: uridnsbl: queries active: DNSBL=2 NS=1 at Mon Aug 7 10:23:13 2006 [11340] dbg: dns: success for 0 of 2 queries [11340] dbg: dns: timeout for NO_DNS_FOR_FROM after 15 seconds [11340] dbg: dns: timeout for NO_DNS_FOR_FROM after 15 seconds [11340] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8a19be0) implements 'check_post_dnsbl' [11340] dbg: uridnsbl: select found no socks ready [11340] dbg: uridnsbl: queries completed: 0 started: 0 [11340] dbg: uridnsbl: queries active: DNSBL=2 NS=1 at Mon Aug 7 10:23:26 2006 [11340] dbg: uridnsbl: waiting 2 seconds for URIDNSBL lookups to complete [11340] dbg: uridnsbl: select found no socks ready [11340] dbg: uridnsbl: queries completed: 0 started: 0 [11340] dbg: uridnsbl: queries active: DNSBL=2 NS=1 at Mon Aug 7 10:23:28 2006 [11340] dbg: uridnsbl: done waiting for URIDNSBL lookups to complete [11340] dbg: uridnsbl: aborting remaining lookups Oddly the only thing I have changed is I began running sa-update. So out of curiosity I moved my updates.spamassassin.org* out to /tmp and reran the debug, same results. Logs show the last time I was getting hits was 4 days ago. What have I done wrong? DAve -- Three years now I've asked Google why they don't have a logo change for Memorial Day. Why do they choose to do logos for other non-international holidays, but nothing for Veterans? Maybe they forgot who made that choice possible.
Re: 0451.com
On Monday 07 August 2006 15:20, Obantec Support wrote: > What would 192.com or 118118.com do without these names? Deal with the fact that the RFCs don't support such names, and petition for a new RFC that accomodates their names? Other businesses have had no issues adapting to the requirements of the RFCs, so why they should be singled out, I don't know.
Re: 0451.com
- Original Message - From: "Hamish Marson" <[EMAIL PROTECTED]> To: "Duncan Hill" <[EMAIL PROTECTED]> Cc: Sent: Monday, August 07, 2006 3:11 PM Subject: Re: 0451.com > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Duncan Hill wrote: > > On Monday 07 August 2006 00:02, wrote: > >> | 2250 0733.com > > > >> Here are my numbers from last week: > >> > >> 5006 0451.com 3845 53.com > > > > Not seeing anywhere near as high, but this is only on my personal > > server: 440733.com 340451.com 110668.com 4 023.com > > 2 08.com 2 020.com 1 212.com 1 07770500.com 1 > > 01191.com 1 004.com > > > > However, the majority are already being rejected with my standard > > rules in Postfix (like don't accept mail from certain netblocks). > > I would have sworn there used to be a domain registration rule that > > said pure-numeric domains were illegal, but I'm not sure. > > The RFC's actually state that a domain MUST start with a letter, and > be any letter or digit or hyphen after. So according to the RFC's > purely numberic domains are illegal. > > (e.g. From RFC 1035) > > ::= | " " > > ::= | "." > > ::= [ [ ] ] > > ::= | > > ::= | "-" > > ::= | > > ::= any one of the 52 alphabetic characters A through Z in > upper case and a through z in lower case > > ::= any one of the ten digits 0 through 9 > > > Seems clear to me... And since RFC1035 is still current, I'm not sure why > purely numeric domains are considered acceptable. (Apart from I can't > think > of a really good reason apart from pedanticness to stop them). > > Hamish, > > > > > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.2 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFE10oj/3QXwQQkZYwRAiq3AJ9aPoHZ7M6Bdmhf2E093xX8iOlCMACePBe8 > pgAwacs61+KKqglxUcMr9vs= > =kn09 > -END PGP SIGNATURE- > What would 192.com or 118118.com do without these names? Mark
Re: 0451.com
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Duncan Hill wrote: > On Monday 07 August 2006 00:02, wrote: >> | 2250 0733.com > >> Here are my numbers from last week: >> >> 5006 0451.com 3845 53.com > > Not seeing anywhere near as high, but this is only on my personal > server: 440733.com 340451.com 110668.com 4 023.com > 2 08.com 2 020.com 1 212.com 1 07770500.com 1 > 01191.com 1 004.com > > However, the majority are already being rejected with my standard > rules in Postfix (like don't accept mail from certain netblocks). > I would have sworn there used to be a domain registration rule that > said pure-numeric domains were illegal, but I'm not sure. The RFC's actually state that a domain MUST start with a letter, and be any letter or digit or hyphen after. So according to the RFC's purely numberic domains are illegal. (e.g. From RFC 1035) ::= | " " ::= | "." ::= [ [ ] ] ::= | ::= | "-" ::= | ::= any one of the 52 alphabetic characters A through Z in upper case and a through z in lower case ::= any one of the ten digits 0 through 9 Seems clear to me... And since RFC1035 is still current, I'm not sure why purely numeric domains are considered acceptable. (Apart from I can't think of a really good reason apart from pedanticness to stop them). Hamish, -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE10oj/3QXwQQkZYwRAiq3AJ9aPoHZ7M6Bdmhf2E093xX8iOlCMACePBe8 pgAwacs61+KKqglxUcMr9vs= =kn09 -END PGP SIGNATURE-
Re: Upgrade Woo's
As Imentioned to someone (perhaps you) the error checking has improved and previously erroneous stuff is getting caught and flagged. Aug 7 07:32:02 magi spamd[14114]: config: failed to parse line, skipping: W You seem to have an uncommented "W" somewhere in a config file. Aug 7 07:32:02 magi spamd[14114]: config: failed to parse line, skipping: bayes_use_chi2_combining 1 Not sure, this may be obsolete. Aug 7 07:32:02 magi spamd[14114]: config: SpamAssassin failed to parse line, "/home/spamd/" is not valid for "bayes_path", skipping: bayes_path /home/spamd/ Bayes_path is misnamed, it is both a path and a filename prefix. "/" isn't a valid filename prefix. A usable name would be /home/spamd/bayes. Aug 7 07:32:02 magi spamd[14114]: config: failed to parse line, skipping: use_dcc 1 DCC is now a plugin and not enabled by default. Enable the plugin in init.pre or v310.pre (wherever it happens to live) and these shoudl fix themselves. Aug 7 07:32:02 magi spamd[14114]: config: failed to parse line, skipping: dcc_timeout 8 Aug 7 07:32:02 magi spamd[14114]: config: failed to parse line, skipping: dcc_home /var/spool/amavis/dcc/ Aug 7 07:32:02 magi spamd[14114]: config: failed to parse line, skipping: dcc_path /var/spool/amavis/bin/cdcc The rest of this is just debug noise, no problems. Aug 7 07:32:03 magi spamd[14114]: spamd: server started on port 783/tcp (running version 3.1.3) Aug 7 07:32:03 magi spamd[14114]: spamd: server pid: 14114 Aug 7 07:32:03 magi spamd[14114]: spamd: server successfully spawned child process, pid 14115 Aug 7 07:32:03 magi spamd[14114]: spamd: server successfully spawned child process, pid 14116 Aug 7 07:32:03 magi spamd[14114]: prefork: child states: II Loren
Re: testing for empty text/plain
On 8/7/2006 12:25 AM, Theo Van Dinter wrote: > On Mon, Aug 07, 2006 at 12:07:58AM -0400, Eric A. Hall wrote: >> Anybody written a rule that tests for empty text/plain, preferably only >> when a non-empty text/html or some other media-type is provided? > > Sounds very similar to MPART_ALT_DIFF. That might be useful as a pre-test filter, such as looking to see if MPART_ALT_DIFF fired before doing anything else. From there I can grep to see if text/plain has any printable characters. What's the most efficient way to grab the text/plain part? -- Eric A. Hallhttp://www.ehsco.com/ Internet Core Protocols http://www.oreilly.com/catalog/coreprot/
Re: 0451.com and blacklist domains
and not only them according to our daily sendmail logs: # egrep '@[0-9]+\.com' YESTERDAY | sed -e 's/^.*@//' -e 's/>.*$//' | sort | uniq -c | sort -rn | head 2484 0733.com 2449 0451.com 100 072.com 66 1039.com 52 006.com 51 0668.com 40 004.com 37 163.com 18 126.com 15 mail.0451.com Thanks for your lists. This leads me onto another point, are there any lists of domains which NEVER send out ham? I do block some domains such as: management-skills-uk.co.uk bahamasvacationdealweb.com which i have received a lot of spam from in the past but i don't know if they still do send spam. Obviously most spam comes from forged email addresses but if there was a list of forged domains which never send ham, i expect it would catch a significant proportion of spam. I don't want to block spammy domains like hanmail.net because i do get some ham from them as well which i can't block. Thanks, Ben
Upgrade Woo's
Hi, I just did a major from 3.0.4 to 3.1.3. I am having some issue with the upgrade. When I start spamd I see the following error in my mail log. Aug 7 07:32:02 magi spamd[14114]: config: failed to parse line, skipping: W Aug 7 07:32:02 magi spamd[14114]: config: failed to parse line, skipping: bayes_use_chi2_combining 1 Aug 7 07:32:02 magi spamd[14114]: config: SpamAssassin failed to parse line, "/home/spamd/" is not valid for "bayes_path", skipping: bayes_path /home/spamd/ Aug 7 07:32:02 magi spamd[14114]: config: failed to parse line, skipping: use_dcc 1 Aug 7 07:32:02 magi spamd[14114]: config: failed to parse line, skipping: dcc_timeout 8 Aug 7 07:32:02 magi spamd[14114]: config: failed to parse line, skipping: dcc_home /var/spool/amavis/dcc/ Aug 7 07:32:02 magi spamd[14114]: config: failed to parse line, skipping: dcc_path /var/spool/amavis/bin/cdcc Aug 7 07:32:03 magi spamd[14114]: spamd: server started on port 783/tcp (running version 3.1.3) Aug 7 07:32:03 magi spamd[14114]: spamd: server pid: 14114 Aug 7 07:32:03 magi spamd[14114]: spamd: server successfully spawned child process, pid 14115 Aug 7 07:32:03 magi spamd[14114]: spamd: server successfully spawned child process, pid 14116 Aug 7 07:32:03 magi spamd[14114]: prefork: child states: II "/home/spamd/" is not valid for "bayes_path", skipping: bayes_path /home/spamd/ Aug 7 07:32:02 magi spamd[14114]: config: failed to parse line, skipping: use_dcc 1 Aug 7 07:32:02 magi spamd[14114]: config: failed to parse line, skipping: dcc_timeout 8 Aug 7 07:32:02 magi spamd[14114]: config: failed to parse line, skipping: dcc_home /var/spool/amavis/dcc/ Aug 7 07:32:02 magi spamd[14114]: config: failed to parse line, skipping: dcc_path /var/spool/amavis/bin/cdcc These were working in 3.0.4 I haven't change anything in my local.cf. # Enable Bayes auto-learning use_bayes 1 use_bayes_rules 1 bayes_auto_learn 1 bayes_auto_learn1 bayes_path /home/spamd/ bayes_file_mode 0666 bayes_min_ham_num 200 bayes_min_spam_num 200 bayes_learn_during_report 1 bayes_auto_learn_threshold_nonspam 0.1 bayes_auto_learn_threshold_spam 5.0 bayes_use_hapaxes 1 bayes_use_chi2_combining1 bayes_ignore_header ReSent-Date bayes_ignore_header ReSent-From bayes_ignore_header ReSent-Message-ID bayes_ignore_header ReSent-Subject bayes_ignore_header ReSent-To bayes_ignore_header Resent-Date bayes_ignore_header Resent-From bayes_ignore_header ReSent-Message-ID bayes_ignore_header ReSent-Subject bayes_ignore_header ReSent-To bayes_ignore_header Resent-Date bayes_ignore_header Resent-From bayes_ignore_header Resent-Message-ID bayes_ignore_header Resent-Subject bayes_ignore_header Resent-To bayes_ignore_header X-Received-From-IP bayes_ignore_header X-Virus-Scanned bayes_ignore_header X-Spam-Status bayes_ignore_header X-Spam-Level bayes_ignore_header X-Sender bayes_ignore_header X-Mailer # # Enable or disable network checks # use_razor2 1 use_dcc 1 dcc_timeout 8 dcc_home/var/spool/amavis/dcc/ use_pyzor 0 Before the update dcc was working...here is example of the out from a message just minutes before the update Content analysis details: (3.6 points, 1.5 required) pts rule name description -- -- 0.2 RISK_FREE BODY: Risk free. Suuurr 0.1 HTML_50_60 BODY: Message is 50% to 60% HTML 0.0 HTML_WEB_BUGS BODY: Image tag intended to identify you 0.0 HTML_MESSAGE BODY: HTML included in message 1.5 RAZOR2_CF_RANGE_51_100 BODY: Razor2 gives confidence level above 50% [cf: 100] 0.1 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/) 1.4 DCC_CHECK Listed in DCC (http://rhyolite.com/anti-spam/dcc/) 0.2 DIGEST_MULTIPLEMessage hits more than one network digest check Bayes has never worked, so at this time I am not worried about. The path is correct. - The other problem I am having is where the score show up in the header isn't the same as that subject Subject: [SPAM(4.3)] Re: your order is ready for shipment 138925084 X-Spam-Checker-Version:SpamAssassin 3.1.3 (2006-06-01) on my.domain.com X-Spam-Status: No, score=1.4 required=5.0 tests=AWL,HTML_MESSAGE, NUMERIC_HTTP_ADDR,SUBJ_HAS_UNIQ_ID,UNPARSEABLE_RELAY autolearn=noversion=3.1.3 X-Spam-Level: * from the box Content analysis details: (4.3 points, 1.5 required) pts rule name description -- --
RE: 0451.com
On Mon, 7 Aug 2006, Sietse van Zanen wrote: OK than let's put this in another 'political' context: Caring about 'legitimate' e-mail coming from those domains would be like caring for the few 'legitimate' bombs dropped over Iraq, Afghanistan or Lebanon. It would indeed be better to have no bombs at all -Sietse First off, STOP top-posting. Secondly, let's keeps the political contexts, views, and any other personal beliefs off of this technical mailing list. No, I am not saying this to express my beliefs on what you're talking about either way, this is no place for that type of discussion. If you want to talk politics or whether your take on any conflict is right, just, "leitimate", or whatever, then take it to a political discussion board and you can talk all day long. Now, back on topic please. -Gary From: Tony Finch on behalf of Tony Finch Sent: Mon 07-Aug-06 13:26 To: Sietse van Zanen Cc: users@spamassassin.apache.org Subject: RE: 0451.com On Mon, 7 Aug 2006, Sietse van Zanen wrote: Caring about 'legitimate' e-mail coming from these domains would be like caring about the 'legitimate' claims of Bush saying he is a true christian... All-numeric domains are popular in China because they are easier for people to deal with than alphabetic domains. For example, 263.com is China's second-largest ISP. You can't just assume that an all-numeric domain is necessarily abusive, any more so than Yahoo or Fastmail. Tony. -- f.a.n.finch <[EMAIL PROTECTED]> http://dotat.at/ FISHER: WEST OR NORTHWEST 4 OR 5 BECOMING VARIABLE 3 OR 4. FAIR. MODERATE OR GOOD.
RE: 0451.com
I have a US customer with a numeric domain. Not sure why they did that (boy, did it muck up Microsoft NT!) Funny thing, when the spammers starting dictionary attacks, they do it in alphabetic order, so numeric domains get hit with spam first also.
RE: 0451.com
OK than let's put this in another 'political' context: Caring about 'legitimate' e-mail coming from those domains would be like caring for the few 'legitimate' bombs dropped over Iraq, Afghanistan or Lebanon. It would indeed be better to have no bombs at all -Sietse From: Tony Finch on behalf of Tony Finch Sent: Mon 07-Aug-06 13:26 To: Sietse van Zanen Cc: users@spamassassin.apache.org Subject: RE: 0451.com On Mon, 7 Aug 2006, Sietse van Zanen wrote: > Caring about 'legitimate' e-mail coming from these domains would be like > caring about the 'legitimate' claims of Bush saying he is a true > christian... All-numeric domains are popular in China because they are easier for people to deal with than alphabetic domains. For example, 263.com is China's second-largest ISP. You can't just assume that an all-numeric domain is necessarily abusive, any more so than Yahoo or Fastmail. Tony. -- f.a.n.finch <[EMAIL PROTECTED]> http://dotat.at/ FISHER: WEST OR NORTHWEST 4 OR 5 BECOMING VARIABLE 3 OR 4. FAIR. MODERATE OR GOOD.
Re: spamd not well after crash
It would be easier to fire up CPAN and install the latest than to try and figure it out. You are back level 2 or 4 releases. If you previously installed from a distro of some kind you should probably upgrade using the newer distro rather than CPAN directly; otherwise you can end up with mucked up installations since some distros move things around. ok. i'll be doing it. but we are using vpopmail with individual preferences for every user. does that mean that every single user has to start from scratch?! how do you rebuild individual databases?! i remember asking bout that in order to be able to do black/white listing per user and as far as i remember that was not possible?!?!?! and what happened the the rbl lookups?!?! Not much has changed in regards to any of this between 3.0.4 and now. The major change is that there are more things in plugins, and some of them arean't enabled by default. You will have to look for init.pre and any other *.pre files in the same general place, and see which things you want to uncomment. I think some of the RBLs may qualify for this. The user config files, if they were up to date in 3.0 and not spitting warnings, will probably still be OK. There has been some added syntax checking, so things that were wrong but didn't get complaints before might get complaints now. Same with your site-wide config files. As always, it is a good idea to run --lint after the new install to see what it might complain about. I don't believe either the Bayes or AWL databases have changed since around 3.0, so I don't think you should have to do any rebuilding as the result of the upgrade. Loren
Re: 0451.com
* Tony Finch <[EMAIL PROTECTED]>: > All-numeric domains are popular in China because they are easier for > people to deal with than alphabetic domains. For example, 263.com is > China's second-largest ISP. You can't just assume that an all-numeric > domain is necessarily abusive, any more so than Yahoo or Fastmail. Is there any meaning to "263" in Chinese? -- Ralf Hildebrandt (i.A. des IT-Zentrums) [EMAIL PROTECTED] Charite - Universitätsmedizin BerlinTel. +49 (0)30-450 570-155 Gemeinsame Einrichtung von FU- und HU-BerlinFax. +49 (0)30-450 570-962 IT-Zentrum Standort CBF send no mail to [EMAIL PROTECTED]
RE: 0451.com
On Mon, 7 Aug 2006, Sietse van Zanen wrote: > Caring about 'legitimate' e-mail coming from these domains would be like > caring about the 'legitimate' claims of Bush saying he is a true > christian... All-numeric domains are popular in China because they are easier for people to deal with than alphabetic domains. For example, 263.com is China's second-largest ISP. You can't just assume that an all-numeric domain is necessarily abusive, any more so than Yahoo or Fastmail. Tony. -- f.a.n.finch <[EMAIL PROTECTED]> http://dotat.at/ FISHER: WEST OR NORTHWEST 4 OR 5 BECOMING VARIABLE 3 OR 4. FAIR. MODERATE OR GOOD.
Re: sender in blacklist_from but message is delivered to recipient
jdow wrote: All is normal. SpamAssassin NEVER fails to deliver email. It simply marks it as spam. It is the job of whatever called SpamAssassin to parse the return and filter as you wish. I'd say it ALWAYS fails to deliver email, since it doesn't do that. ;)
RE: 0451.com
Caring about 'legitimate' e-mail coming from these domains would be like caring about the 'legitimate' claims of Bush saying he is a true christian... -Sietse From: Nigel Frankcom [mailto:[EMAIL PROTECTED] Sent: Mon 07-Aug-06 11:32 To: users@spamassassin.apache.org Subject: Re: 0451.com On Mon, 7 Aug 2006 08:21:41 +0100, Duncan Hill <[EMAIL PROTECTED]> wrote: >On Monday 07 August 2006 00:02, wrote: >> | 2250 0733.com > >> Here are my numbers from last week: >> >>5006 0451.com >>3845 53.com > >Not seeing anywhere near as high, but this is only on my personal server: >440733.com >340451.com >110668.com >4 023.com >2 08.com >2 020.com >1 212.com >1 07770500.com >1 01191.com >1 004.com > >However, the majority are already being rejected with my standard rules in >Postfix (like don't accept mail from certain netblocks). I would have sworn >there used to be a domain registration rule that said pure-numeric domains >were illegal, but I'm not sure. Daily stats for 0451.com... we are by no means a large mail operation. Pretty safe to say they don't send any legitimate mail out I think. DateCount 060701 = 146 060702 = 152 060703 = 121 060704 = 419 060705 = 479 060706 = 135 060707 = 81 060708 = 77 060709 = 48 060710 = 30 060711 = 270 060712 = 128 060713 = 53 060714 = 111 060715 = 56 060716 = 100 060717 = 74 060718 = 71 060719 = 103 060720 = 86 060721 = 186 060722 = 85 060723 = 107 060724 = 90 060725 = 15 060726 = 114 060727 = 86 060728 = 110 060729 = 103 060730 = 102 060731 = 117 060801 = 119 060802 = 63 060803 = 83 060804 = 153 060805 = 132 060806 = 149 Total = 4554
Re: spamd not well after crash
> > Horked Bayes database? > > It would be easier to fire up CPAN and install the latest than to > try and figure it out. You are back level 2 or 4 releases. ok. i'll be doing it. but we are using vpopmail with individual preferences for every user. does that mean that every single user has to start from scratch?! how do you rebuild individual databases?! i remember asking bout that in order to be able to do black/white listing per user and as far as i remember that was not possible?!?!?! and what happened the the rbl lookups?!?! thanks.. > > > -- > _ > John Andersen >
Re: sender in blacklist_from but message is delivered to recipient
From: "Daniel Chojecki" <[EMAIL PROTECTED]> Hello, my conf is: postfix-2.3.2 spamd 3.1.4 blacklist_from in sql. The problem is that spamd delivers message even when the sender is on blacklist_from - in logs i see - user_in_blacklist. Any idea ? All is normal. SpamAssassin NEVER fails to deliver email. It simply marks it as spam. It is the job of whatever called SpamAssassin to parse the return and filter as you wish. (I simply filter by letting OE sort into folders. The spam folder gets checked once or twice a day for false alarms at low scores. Otherwise it just gets trashed.) {^_^} Joanne
Re: 0451.com
On Mon, 7 Aug 2006 08:21:41 +0100, Duncan Hill <[EMAIL PROTECTED]> wrote: >On Monday 07 August 2006 00:02, wrote: >> | 2250 0733.com > >> Here are my numbers from last week: >> >>5006 0451.com >>3845 53.com > >Not seeing anywhere near as high, but this is only on my personal server: >440733.com >340451.com >110668.com >4 023.com >2 08.com >2 020.com >1 212.com >1 07770500.com >1 01191.com >1 004.com > >However, the majority are already being rejected with my standard rules in >Postfix (like don't accept mail from certain netblocks). I would have sworn >there used to be a domain registration rule that said pure-numeric domains >were illegal, but I'm not sure. Daily stats for 0451.com... we are by no means a large mail operation. Pretty safe to say they don't send any legitimate mail out I think. DateCount 060701 = 146 060702 = 152 060703 = 121 060704 = 419 060705 = 479 060706 = 135 060707 = 81 060708 = 77 060709 = 48 060710 = 30 060711 = 270 060712 = 128 060713 = 53 060714 = 111 060715 = 56 060716 = 100 060717 = 74 060718 = 71 060719 = 103 060720 = 86 060721 = 186 060722 = 85 060723 = 107 060724 = 90 060725 = 15 060726 = 114 060727 = 86 060728 = 110 060729 = 103 060730 = 102 060731 = 117 060801 = 119 060802 = 63 060803 = 83 060804 = 153 060805 = 132 060806 = 149 Total = 4554
sender in blacklist_from but message is delivered to recipient
Hello,my conf is:postfix-2.3.2spamd 3.1.4blacklist_from in sql.The problem is that spamd delivers message even when the senderis on blacklist_from - in logs i see - user_in_blacklist. Any idea ?best regradsDaniel
Re: 0451.com
On Monday 07 August 2006 00:02, wrote: > | 2250 0733.com > Here are my numbers from last week: > >5006 0451.com >3845 53.com Not seeing anywhere near as high, but this is only on my personal server: 440733.com 340451.com 110668.com 4 023.com 2 08.com 2 020.com 1 212.com 1 07770500.com 1 01191.com 1 004.com However, the majority are already being rejected with my standard rules in Postfix (like don't accept mail from certain netblocks). I would have sworn there used to be a domain registration rule that said pure-numeric domains were illegal, but I'm not sure.