Re: ixHash Timeout
Chris schrieb: I've been seeing this quite a bit lately, is the site down or do the timeouts need to be increased? Its currently set for the default 10 seconds. Oct 21 12:28:03 localhost spamd[19162]: ixhash timeout reached at /etc/mail/spamassassin/iXhash.pm line 91. Oct 21 12:28:03 localhost spamd[19162]: ixhash timeout reached at /etc/mail/spamassassin/iXhash.pm line 91. Which zones do you query? The servers running the zones nospam.login-solutions.de and nospam.login-solutions.ag run fine. But I happen to know that the guys running the zone @ manitu.net moved to another machine, maybe they have problems. I'll get in touch with them Dirk
Re: why this spam has a negative score?
[EMAIL PROTECTED] wrote: Hi all, I´m newbee to Spamassassin I´ve install Spamassassin 3.1.5 a some spam are§not marked as a spam. Whatś wrong in my settings of spamassassin Especially this header: Return-Path: <[EMAIL PROTECTED]> X-Spam-Checker-Version: SpamAssassin 3.1.5 (2006-08-29) on fw.muvalmez.cz X-Spam-Status: No, score=-88.9 required=5.0 tests=DATE_IN_PAST_96_XX, EXTRA_MPART_TYPE,HTML_IMAGE_ONLY_08,HTML_MESSAGE,INVALID_DATE, MIME_HTML_MOSTLY,MPART_ALT_DIFF,RCVD_NUMERIC_HELO,SARE_GIF_ATTACH, SARE_GIF_STOX,UNPARSEABLE_RELAY,USER_IN_WHITELIST autolearn=no version=3.1.5 X-Spam-Level: X-Original-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Don't whitelist yourself with a whitelist method that isn't immune to forgery. Daryl
Re: why this spam has a negative score?
[EMAIL PROTECTED] wrote: Hi all, I´m newbee to Spamassassin I´ve install Spamassassin 3.1.5 a some spam are§not marked as a spam. Whatś wrong in my settings of spamassassin Especially this header: Return-Path: <[EMAIL PROTECTED]> X-Spam-Checker-Version: SpamAssassin 3.1.5 (2006-08-29) on fw.muvalmez.cz X-Spam-Status: No, score=-88.9 required=5.0 tests=DATE_IN_PAST_96_XX, EXTRA_MPART_TYPE,HTML_IMAGE_ONLY_08,HTML_MESSAGE,INVALID_DATE, MIME_HTML_MOSTLY,MPART_ALT_DIFF,RCVD_NUMERIC_HELO,SARE_GIF_ATTACH, SARE_GIF_STOX,UNPARSEABLE_RELAY,USER_IN_WHITELIST autolearn=no version=3.1.5 X-Spam-Level: X-Original-To: [EMAIL PROTECTED] Received: from bmx.cz.net (bmx.cz.net [193.85.2.20]) by fw.muvalmez.cz (Postfix) with ESMTP id E7F5A2C08D for <[EMAIL PROTECTED]>; Mon, 23 Oct 2006 09:52:37 +0200 (CEST) Received: from 210.211.242.52.bb-static.vsnl.net.in (unknown [210.211.242.52]) by bmx.cz.net (Postfix) with ESMTP id 17D221277F5 for <[EMAIL PROTECTED]>; Mon, 23 Oct 2006 09:52:22 +0200 (CEST) Received: from mailin.webmailer.de (port=6609 helo=rjsjqvsn) by 210.211.242.52.bb-static.vsnl.net.in with smtp id 2MYvP-u3m6-D3O for [EMAIL PROTECTED]; Tue, 31 Jan 2006 13:22:61 +0530 Message-ID: <[EMAIL PROTECTED]> From: "Jimmy" <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: younger man's eyes that? You've gone out the Date: Tue, 31 Jan 2006 13:22:61 +0530 MIME-Version: 1.0 X-Security: MIME headers sanitized on fw.muvalmez.cz See http://www.impsec.org/email-tools/sanitizer-intro.html for details. $Revision: 1.139 $Date: 2003-09-07 10:14:23-07 Content-Type: multipart/related; type="multipart/alternative"; boundary="=_NextPart_000_000B_01C62669.6F0E7D80" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 X-Virus-Status: No X-Virus-Checker-Version: clamassassin 1.2.3 with clamscan / ClamAV 0.88.4/2077/Mon Oct 23 08:29:38 2006 Status: X-Antivirus: AVG for E-mail 7.5.427 [268.13.9/490] USER_IN_WHITELIST: SARE_GIF_STOX,UNPARSEABLE_RELAY,USER_IN_WHITELIST autolearn=no -- To define recursion, we must first define recursion. 01:30:01 up 12 days, 2:21, 9 users, load average: 0.47, 0.42, 0.38 Linux Registered User #241685 http://counter.li.org
why this spam has a negative score?
Hi all, I´m newbee to Spamassassin I´ve install Spamassassin 3.1.5 a some spam are§not marked as a spam. Whatś wrong in my settings of spamassassin Especially this header: Return-Path: <[EMAIL PROTECTED]> X-Spam-Checker-Version: SpamAssassin 3.1.5 (2006-08-29) on fw.muvalmez.cz X-Spam-Status: No, score=-88.9 required=5.0 tests=DATE_IN_PAST_96_XX, EXTRA_MPART_TYPE,HTML_IMAGE_ONLY_08,HTML_MESSAGE,INVALID_DATE, MIME_HTML_MOSTLY,MPART_ALT_DIFF,RCVD_NUMERIC_HELO,SARE_GIF_ATTACH, SARE_GIF_STOX,UNPARSEABLE_RELAY,USER_IN_WHITELIST autolearn=no version=3.1.5 X-Spam-Level: X-Original-To: [EMAIL PROTECTED] Received: from bmx.cz.net (bmx.cz.net [193.85.2.20]) by fw.muvalmez.cz (Postfix) with ESMTP id E7F5A2C08D for <[EMAIL PROTECTED]>; Mon, 23 Oct 2006 09:52:37 +0200 (CEST) Received: from 210.211.242.52.bb-static.vsnl.net.in (unknown [210.211.242.52]) by bmx.cz.net (Postfix) with ESMTP id 17D221277F5 for <[EMAIL PROTECTED]>; Mon, 23 Oct 2006 09:52:22 +0200 (CEST) Received: from mailin.webmailer.de (port=6609 helo=rjsjqvsn) by 210.211.242.52.bb-static.vsnl.net.in with smtp id 2MYvP-u3m6-D3O for [EMAIL PROTECTED]; Tue, 31 Jan 2006 13:22:61 +0530 Message-ID: <[EMAIL PROTECTED]> From: "Jimmy" <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: younger man's eyes that? You've gone out the Date: Tue, 31 Jan 2006 13:22:61 +0530 MIME-Version: 1.0 X-Security: MIME headers sanitized on fw.muvalmez.cz See http://www.impsec.org/email-tools/sanitizer-intro.html for details. $Revision: 1.139 $Date: 2003-09-07 10:14:23-07 Content-Type: multipart/related; type="multipart/alternative"; boundary="=_NextPart_000_000B_01C62669.6F0E7D80" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 X-Virus-Status: No X-Virus-Checker-Version: clamassassin 1.2.3 with clamscan / ClamAV 0.88.4/2077/Mon Oct 23 08:29:38 2006 Status: X-Antivirus: AVG for E-mail 7.5.427 [268.13.9/490]
Re: Max-children setting not high enough causing spamassassin to hang?
James Lavery wrote: Hi all, Version: 3.1.4 OS - Unslung 6.8 on a Linksys NSLU2 (Slug) Running spamd with fetchmail and postfix How much memory do one of those things have? A couple of days ago the Slug hung with masses of disk activity; when I looked at what was going on, it seemd that spamd and/or spamc were chewing up resources. Looking at the spamd log file (relevant part included below) indicates that I hadn't got my max-child setting high enough to cope with a flurry of emails coming in. Is this my problem, or is this a red herring, and is it the warning logged by child process 17429 ' copy_config timeout, respawning child process..'? After this, it sems that 17429 no longer talks to the parent process. respawning child... ie. the child kills itself and the parent spawns a new one. Dead children don't talk to their parents much. ;) I'd be surprised if too low a max-children setting would be causing the problem, so can someone shed light on what the problem was with this child process? I had to restart spamd to get things going again. It's the opposite. Too large of a setting causes the machine to use up all it's physical memory and swap thrash. copy_config timeouts are always indicative of this, or insane CPU load. Daryl
Max-children setting not high enough causing spamassassin to hang?
Hi all, Version: 3.1.4 OS - Unslung 6.8 on a Linksys NSLU2 (Slug) Running spamd with fetchmail and postfix A couple of days ago the Slug hung with masses of disk activity; when I looked at what was going on, it seemd that spamd and/or spamc were chewing up resources. Looking at the spamd log file (relevant part included below) indicates that I hadn't got my max-child setting high enough to cope with a flurry of emails coming in. Is this my problem, or is this a red herring, and is it the warning logged by child process 17429 ' copy_config timeout, respawning child process..'? After this, it sems that 17429 no longer talks to the parent process. I'd be surprised if too low a max-children setting would be causing the problem, so can someone shed light on what the problem was with this child process? I had to restart spamd to get things going again. Thanks, James Log file extract: Mon Oct 23 06:02:58 2006 [17427] info: prefork: child states: IIMon Oct 23 06:38:55 2006 [17428] info: spamd: connection from localhost [127.0.0.1] at port 2676Mon Oct 23 06:38:56 2006 [17428] info: spamd: setuid to spamd succeededMon Oct 23 06:38:57 2006 [17428] info: spamd: processing message <[EMAIL PROTECTED]> for spamd:40Mon Oct 23 06:39:18 2006 [17428] info: spamd: identified spam (16.6/5.0) for spamd:40 in 22.9 seconds, 2512 bytes.Mon Oct 23 06:39:18 2006 [17428] info: spamd: result: Y 16 - INVALID_TZ_EST,URIBL_AB_SURBL,URIBL_BLACK,URIBL_JP_SURBL,URIBL_OB_SURBL,URIBL_SC_SURBL scantime=22.9,size=2512,user=spamd,uid=40,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=2676,mid=<[EMAIL PROTECTED]>,autolearn=noMon Oct 23 06:39:24 2006 [17427] info: prefork: child states: IIMon Oct 23 06:59:51 2006 [17428] info: spamd: connection from localhost [127.0.0.1] at port 2698Mon Oct 23 06:59:52 2006 [17428] info: spamd: setuid to spamd succeededMon Oct 23 06:59:55 2006 [17429] info: spamd: connection from localhost [127.0.0.1] at port 2699Mon Oct 23 06:59:58 2006 [17429] info: spamd: setuid to spamd succeededMon Oct 23 07:00:00 2006 [17428] info: spamd: processing message <[EMAIL PROTECTED]> for spamd:40Mon Oct 23 07:00:09 2006 [17429] info: spamd: processing message <[EMAIL PROTECTED]> for spamd:40Mon Oct 23 07:00:57 2006 [17428] info: spamd: clean message (1.6/5.0) for spamd:40 in 65.6 seconds, 1881 bytes.Mon Oct 23 07:00:58 2006 [17428] info: spamd: result: . 1 - INVALID_TZ_EST,UNDISC_RECIPS scantime=65.6,size=1881,user=spamd,uid=40,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=2698,mid=<[EMAIL PROTECTED]>,autolearn=noMon Oct 23 07:01:02 2006 [17429] info: spamd: clean message (1.6/5.0) for spamd:40 in 67.9 seconds, 1893 bytes.Mon Oct 23 07:01:02 2006 [17429] info: spamd: result: . 1 - INVALID_TZ_EST,UNDISC_RECIPS scantime=67.9,size=1893,user=spamd,uid=40,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=2699,mid=<[EMAIL PROTECTED]>,autolearn=noMon Oct 23 07:01:58 2006 [17428] warn: spamd: copy_config timeout, respawning child process after 3 messages at /opt/bin/spamd line 967.Mon Oct 23 07:02:09 2006 [17427] info: prefork: child states: BIMon Oct 23 07:02:10 2006 [17427] info: prefork: child states: BIMon Oct 23 07:02:13 2006 [17427] warn: prefork: cannot ping 17428, file handle not defined, child likely to still be processing SIGCHLD handler after killing itselfMon Oct 23 07:02:13 2006 [17427] warn: Use of uninitialized value in concatenation (.) or string at /opt/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/SpamdForkScaling.pm line 127.Mon Oct 23 07:02:13 2006 [17427] warn: prefork: killing failed child 17428 fd= at /opt/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/SpamdForkScaling.pm line 127.Mon Oct 23 07:02:13 2006 [17427] warn: prefork: killed child 17428 at /opt/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/SpamdForkScaling.pm line 141.Mon Oct 23 07:02:14 2006 [17427] info: spamd: handled cleanup of child pid 17428 due to SIGCHLDMon Oct 23 07:02:16 2006 [17427] info: spamd: server successfully spawned child process, pid 17528Mon Oct 23 07:02:17 2006 [17427] info: prefork: child states: IIMon Oct 23 07:05:51 2006 [17429] info: spamd: connection from localhost [127.0.0.1] at port 2706Mon Oct 23 07:05:52 2006 [17429] info: spamd: setuid to spamd succeededMon Oct 23 07:05:56 2006 [17429] info: spamd: processing message <[EMAIL PROTECTED]> for spamd:40Mon Oct 23 07:06:14 2006 [17429] info: spamd: clean message (1.6/5.0) for spamd:40 in 23.2 seconds, 1885 bytes.Mon Oct 23 07:06:14 2006 [17429] info: spamd: result: . 1 - INVALID_TZ_EST,UNDISC_RECIPS scantime=23.2,size=1885,user=spamd,uid=40,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=2706,mid=<[EMAIL PROTECTED]>,autolearn=noMon Oct 23 07:06:20 2006 [17427] info: prefork: child states: IIMon Oct 23 07:06:57 2006 [17429] info: spamd: connection from localhost [127.0.0.1] at port 2709Mon Oct 23 07:06:57 2006 [17429] info: spamd: setuid to spamd succeededMon Oct 23 07:
Re: Scoring PTR's
On Mon, 23 Oct 2006, Jo Rhett wrote: > David B Funk wrote: > > On Thu, 19 Oct 2006, Jo Rhett wrote: > > > >> Richard Frovarp wrote: > >>> Or for any machine that hosts more domains than has IPs. Even being able > >>> to edit the reverse doesn't mean it will always be the same. > >> How many different names does your mailserver use in its HELO? > >> > >> And what mailserver is that? That's not possible in qmail, postfix, > >> sendmail, et al... > > > > You're a bit behind the times Jo, check out the 'h' argument to > > 'ClientPortOptions' or the 'HeloName' variable in sendmail 8.13. > > I can find no documentation of either. Googling just gets me lots of > examples of a script called SendMail() Some of us pre-date Sir Timothy & his bright idea, had to make our ones & zeros the hard way by banging two rocks together, had to learn to find and read documentation. (I first ran into sendmail on a VAX-750 running BSD-4.2 in the early 80's). In every sendmail release for the last decade there's been a document "doc/op/op.me" which is the configuration and operations manual. In that doc for 8.13.* you'll find: ClientPortOptions=options [O] Set client SMTP options. The options are key=value pairs separated by commas. Known keys are: Port Name/number of source port for connection (defaults to any free port) Addr Address mask (defaults INADDR_ANY) FamilyAddress family (defaults to INET) SndBufSizeSize of TCP send buffer RcvBufSizeSize of TCP receive buffer Modifier Options (flags) for the client The Address mask may be a numeric address in dot notation or a network name. Modifier can be the following character: h use name of interface for HELO command A don't use AUTH when sending e-mail S don't use STARTTLS when sending e-mail If ``h'' is set, the name corresponding to the outgoing interface address (whether cho- sen via the Connection parameter or the default) is used for the HELO/EHLO command. Now if the only way you can relate to things is via a web-page then look at: http://www.sendmail.org/doc/sendmail-current/doc/op/op.pdf > Looking at the code, heloname would appear to be statically defined, I'm not sure what your strong points are Jo, but reading 'c' code doesn't appear to be one of them. I made no mention of 'heloname' ('c' is case sensitive). In the sendmail source file readcf.c the variable 'HeloName' is assigned a value in the case statement: case O_HELONAME: HeloName = newstr(val); break; where 'val' is the token that has just been parsed out of the config file. (not a static definition). > which brings me back to my original point: how many names does his > mailserver use in helo? > > Sure, if it has 3 interfaces (and uses them all) then he'll need three > names. But he won't need 1000 or however many virtual hosts he has... If that was your point, then why did you make that bogus assertion that it wasn't possible for MTAs (at least sendmail) to use different HELO names? And if he wants to use TLS-SSL then he'll have to have a different interface and matching name for each virtual host. My whole point here was not to make you look foolish but to point out that maybe you should stop and think a bit more before going off and making unsupportable statements. For example, a while back you were complaining about a FP from a bank anti-phisihing rule. It was probably caused by that defective milter you were using. A bit of digging (rather than ranting) might have shown you something that other sendmail-2-SA milter authors found out years ago, the need for that added 'Received:' header. -- Dave Funk University of Iowa College of Engineering 319/335-5751 FAX: 319/384-0549 1256 Seamans Center Sys_admin/Postmaster/cell_adminIowa City, IA 52242-1527 #include Better is not better, 'standard' is better. B{
Regex fot words written over multiple lines
Hi, Spam assassin has for a long time been picking up e-mails with content like the following (I have changed a few letters to prevent Bayesian stuff from picking it up), but it's always based on URIs, HTML structure and such, rather than on a plain text match on the body. V LOST PRCE C T TOP QUITY N A FAT DEVERY WORLDWIDE A O MEY BK GUANTEE L R CETELY SECURE N A Visit our sh op: HERE S In theory I could use the following to detect it: /C\n+[a-zA-Z\s]+I\n+[a-zA-Z\s]+A\n+[a-zA-Z\s]+L\n+[a-zA-Z\s]+I\n+[a-zA-Z\s]+S\n/e Is there a better way? And can use a similar rule for the other word, and can I get around the leading space issue? Any way of making it safer (less likely to generate false positives)? Thanks! Chris M
Re: Scoring PTR's
John Rudd wrote: > Eric A. Hall wrote: >> On 10/23/2006 7:01 PM, John Rudd wrote: >>> Eric A. Hall wrote: http://www.ehsco.com/misc/spamassassin/std_compliance.cf might help or work for what you're doing. Make sure to read the disclaimers and warnings >>> Those helped a lot. There's only three checks I can't do with them >>> (probably need to use a plugin for it): >>> >>> a) does the hostname in the PTR record point to a CNAME instead of >>> an A record >> >> That's not illegal. It's pretty common too, since subnet delegation of >> in-addr space only works on /8, /16 and /24 subnets due to the way that >> octets are mapped to domain name labels in that hierarchy. > > RFC 1912 says "don't do that" :-) > And RFC 2317 says "Do that". http://www.faqs.org/rfcs/rfc2317.html
Re: Wiki page for BLs updated (Was: Concerned with scores for from rfc-ignorant.org)
Jo Rhett wrote: > On the "walk the way you talk" point, I have edited the DNSBL wiki > page to include a list of all the DNSBLs in 20_dnsbl_tests.cf, instead > of the previous comment about "all of the public DNSBLs" which isn't > really true. > > This could probably use some more editing, so everyone is encouraged > to fix any mistakes I made. > > Jo Rhett wrote: Personally I think you mis-read the original text. I don't think it was meant to imply that SA supported "all public DNSBLs". By "All of the free BL services are enabled by default." I believe the original author was not trying to say SA supported all BL services, but that all of the free ones it does support are enabled by default. I might consider re-integrating that statement, perhaps with some revision. It also might be a good idea to include a link to the exact wiki page you changed, so folks don't have to go searching to find it. http://wiki.apache.org/spamassassin/DnsBlocklists
Re: I'm thinking about suing Microsoft
On Monday 23 October 2006 11:17, Duane Hill wrote: > As it is now, Windows is the most widely used platform at > present. That is the reason it is the most widely attacked. Ah, someone else who has drunk the cool-aid poured by Ballmer and Gates. Windows is attacked because its EASY, not necessarily because its popular. Bill would rather you spout the nonsense you did, and for that he thanks you, i'm sure. -- _ John Andersen pgpzCpvrQNOkb.pgp Description: PGP signature
Re: Scoring PTR's
Eric A. Hall wrote: On 10/23/2006 7:01 PM, John Rudd wrote: Eric A. Hall wrote: http://www.ehsco.com/misc/spamassassin/std_compliance.cf might help or work for what you're doing. Make sure to read the disclaimers and warnings Those helped a lot. There's only three checks I can't do with them (probably need to use a plugin for it): a) does the hostname in the PTR record point to a CNAME instead of an A record That's not illegal. It's pretty common too, since subnet delegation of in-addr space only works on /8, /16 and /24 subnets due to the way that octets are mapped to domain name labels in that hierarchy. RFC 1912 says "don't do that" :-) Though, honestly, I've yet to see it actually get triggered in my mimedefang filter, so I don't mind losing it. b) does the hostname contain it's IP address in _hex_ form (instead of in decimal form, which I've already got working) I don't recall ever seeing that. If you create a rule for that you might also want to do octal notations too, which is another valid address encoding syntax that should never appear naturally. I see it in about 10% of cases where the IP address is in the hostname. c) does the hostname in the PTR record actually going to an A record which includes the relay's IP addr that's a reasonable test
Re: Scoring PTR's
On 10/23/2006 7:01 PM, John Rudd wrote: > Eric A. Hall wrote: >> http://www.ehsco.com/misc/spamassassin/std_compliance.cf might help or >> work for what you're doing. >> >> Make sure to read the disclaimers and warnings > > Those helped a lot. There's only three checks I can't do with them > (probably need to use a plugin for it): > > a) does the hostname in the PTR record point to a CNAME instead of an A > record That's not illegal. It's pretty common too, since subnet delegation of in-addr space only works on /8, /16 and /24 subnets due to the way that octets are mapped to domain name labels in that hierarchy. > b) does the hostname contain it's IP address in _hex_ form (instead of > in decimal form, which I've already got working) I don't recall ever seeing that. If you create a rule for that you might also want to do octal notations too, which is another valid address encoding syntax that should never appear naturally. > c) does the hostname in the PTR record actually going to an A record > which includes the relay's IP addr that's a reasonable test -- Eric A. Hallhttp://www.ehsco.com/ Internet Core Protocols http://www.oreilly.com/catalog/coreprot/
Re: Funky spamd error
On Mon, Oct 23, 2006 at 05:43:30PM -0700, Evan Platt wrote: > null string many times in regex; marked by <-- HERE in > m/\G(?:(?<=[\s,]))* <-- HERE \Z/ at > /opt/local/lib/perl5/5.8.7/Text/Wrap.pm line 46.\n > > Any ideas what's causing this? Bug in Text::Wrap. http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5056 -- Randomly Selected Tagline: "I guess just because you drive around in a limo doesn't mean you're not retarded." - Rob Cordrey, The Daily Show, 2003.11.21 pgpOvMliDnWyM.pgp Description: PGP signature
Re: About the SpamHaus lawsuit?
Robert Braver wrote: On Monday, October 23, 2006, 7:52:56 PM, Marc Perkel wrote: MP> The judge should have raised the issue sua sponte. (of his own motion) While the court can decide, sua sponta, that it doesn't have subject matter jurisdiction, I don't believe it can do that with regards to personal jurisdiction (unless, perhaps, the pleadings were blatantly defective). The Plaintiff did plead (alleged) facts that would tend to support personal jurisdiction over the defendant - the defendant did not refute those facts (if I missed something in the record of the case, please correct me) and, once again, the defendant deliberately allowed judgment to be taken against it. Harping on the court for following the law and because the outcome of the case is exactly what the defendant deliberately allowed to happen is non-sensical. MP> Does anyone have the address of the court? I might write the judge a MP> letter myself. It is trivial to look it up on Google or follow the link to the court's web site from www.uscourts.gov. However, I'd respectfully suggest you don't embarrass yourself. You have no standing in the matter, any such letters would be afforded absolutely no consideration, which is as it should be. Your letter would, at best, simply be sent back to you with a note from the clerk explaining this. As I've explained before, I've been on the receiving end of retaliatory lawsuits and counter-claims from the bad guys (telemarketers, junk faxers and spammers), and am clearly sympathetic to Spamhaus' plight here. However, there is nothing I can see in the record to fault the court on in this case. Spamhaus apparently intends to appeal, so we'll just have to see what issues are raised. I get referrals to host web sites than no one else will host. I've been sued twice by lawyers who thought they could intimidate me. In both cases I wrote a letter to the judge and told him that I was in San Francisco and that he didn't have personal jurisdiction and that his court wasn't the proper venue for the lawsuit. And in both cases they dismissed me from the suit.
SA errors
Howdy, I run SA-3.1.7 from MailScanner, on CentOS-4.4 When I run 'maiscanner --lint' it says SA has an error. Output follows: --- Connected to SpamAssassin cache database config: warning: score set for non-existent rule RCVD_IN_XBL config: warning: score set for non-existent rule RCVD_IN_NJABL_SPAM config: warning: score set for non-existent rule RCVD_IN_SORBS_HTTP config: warning: score set for non-existent rule __RCVD_IN_SORBS config: warning: score set for non-existent rule RCVD_IN_SBL config: warning: score set for non-existent rule BAYES_20 config: warning: score set for non-existent rule BAYES_00 config: warning: score set for non-existent rule __RCVD_IN_SBL_XBL config: warning: score set for non-existent rule RCVD_IN_SORBS_ZOMBIE config: warning: score set for non-existent rule RCVD_IN_BSP_TRUSTED config: warning: score set for non-existent rule BAYES_05 config: warning: score set for non-existent rule RCVD_IN_SORBS_WEB config: warning: score set for non-existent rule DNS_FROM_RFC_WHOIS config: warning: score set for non-existent rule __RCVD_IN_NJABL config: warning: score set for non-existent rule DNS_FROM_RFC_DSN config: warning: score set for non-existent rule RCVD_IN_NJABL_RELAY config: warning: score set for non-existent rule RCVD_IN_SORBS_MISC config: warning: score set for non-existent rule RCVD_IN_BL_SPAMCOP_NET config: warning: score set for non-existent rule DNS_FROM_RFC_BOGUSMX config: warning: score set for non-existent rule RCVD_IN_MAPS_RSS config: warning: score set for non-existent rule RCVD_IN_SORBS_SMTP config: warning: score set for non-existent rule RCVD_IN_SORBS_BLOCK config: warning: score set for non-existent rule RCVD_IN_MAPS_DUL config: warning: score set for non-existent rule BAYES_60 config: warning: score set for non-existent rule RCVD_IN_MAPS_RBL config: warning: score set for non-existent rule RCVD_IN_SORBS_SOCKS config: warning: score set for non-existent rule __RFC_IGNORANT_ENVFROM config: warning: score set for non-existent rule BAYES_40 config: warning: score set for non-existent rule RCVD_IN_SORBS_DUL config: warning: score set for non-existent rule RCVD_IN_NJABL_MULTI config: warning: score set for non-existent rule DNS_FROM_RFC_POST config: warning: score set for non-existent rule RCVD_IN_DSBL config: warning: score set for non-existent rule BAYES_99 config: warning: score set for non-existent rule DNS_FROM_AHBL_RHSBL config: warning: score set for non-existent rule RCVD_IN_NJABL_CGI config: warning: score set for non-existent rule RCVD_IN_BSP_OTHER config: warning: score set for non-existent rule DNS_FROM_RFC_ABUSE config: warning: score set for non-existent rule BAYES_80 config: warning: score set for non-existent rule RCVD_IN_MAPS_NML config: warning: score set for non-existent rule RCVD_IN_NJABL_DUL config: warning: score set for non-existent rule BAYES_95 config: warning: score set for non-existent rule RCVD_IN_NJABL_PROXY [28027] info: rules: meta test __SARE_HEAD_FALSE has undefined dependency '__FROM_AOL_COM' [28027] info: rules: meta test __SARE_HEAD_FALSE has undefined dependency '__FROM_AOL_COM' [28027] info: rules: meta test SARE_BOUNDARY_D12 has undefined dependency 'MIME_BOUND_DIGITS_15' [28027] info: rules: meta test SARE_CIT_BLOCKER has undefined dependency 'USER_IN_WHITELIST' [28027] info: rules: meta test HEBREWSPAM_33 has undefined dependency 'HEBREW_SPAM_30' [28027] info: rules: meta test SARE_SUN_BLOCKER has undefined dependency 'USER_IN_WHITELIST' [28027] info: rules: meta test HEBREWSPAM_33H has undefined dependency 'HEBREW_SPAM_3H' [28027] info: rules: meta test SARE_HEAD_SUBJ_RAND has undefined dependency 'SARE_XMAIL_SUSP2' [28027] info: rules: meta test SARE_HEAD_SUBJ_RAND has undefined dependency 'SARE_HEAD_XAUTH_WARN' [28027] info: rules: meta test SARE_HEAD_SUBJ_RAND has undefined dependency 'X_AUTH_WARN_FAKED' [28027] info: rules: meta test SARE_RD_SAFE has undefined dependency 'SARE_RD_SAFE_MKSHRT' [28027] info: rules: meta test SARE_RD_SAFE has undefined dependency 'SARE_RD_SAFE_GT' [28027] info: rules: meta test SARE_RD_SAFE has undefined dependency 'SARE_RD_SAFE_TINY' [28027] info: rules: meta test SARE_FPP_BLOCKER has undefined dependency 'USER_IN_WHITELIST' [28027] info: rules: meta test VIRUS_WARNING_DOOM_BNC has undefined dependency 'VIRUS_WARNING_MYDOOM4' [28027] info: rules: meta test __SARE_SUB_FALSE has undefined dependency '__FROM_AOL_COM' [28027] info: rules: meta test __SARE_SUB_FALSE has undefined dependency '__FROM_AOL_COM' [28027] info: rules: meta test SARE_FEB_BLOCKER has undefined dependency 'USER_IN_WHITELIST' [28027] info: rules: meta test FP_MIXED_PORN3 has undefined dependency 'FP_PENETRATION' SpamAssassin reported an error. --- Anyone met this before? What was the cure? Thanks! Best, -- Arthur Sherman +972-52-4878851 CPTeam
Re: About the SpamHaus lawsuit?
On Monday, October 23, 2006, 7:52:56 PM, Marc Perkel wrote: MP> The judge should have raised the issue sua sponte. (of his own motion) While the court can decide, sua sponta, that it doesn't have subject matter jurisdiction, I don't believe it can do that with regards to personal jurisdiction (unless, perhaps, the pleadings were blatantly defective). The Plaintiff did plead (alleged) facts that would tend to support personal jurisdiction over the defendant - the defendant did not refute those facts (if I missed something in the record of the case, please correct me) and, once again, the defendant deliberately allowed judgment to be taken against it. Harping on the court for following the law and because the outcome of the case is exactly what the defendant deliberately allowed to happen is non-sensical. MP> Does anyone have the address of the court? I might write the judge a MP> letter myself. It is trivial to look it up on Google or follow the link to the court's web site from www.uscourts.gov. However, I'd respectfully suggest you don't embarrass yourself. You have no standing in the matter, any such letters would be afforded absolutely no consideration, which is as it should be. Your letter would, at best, simply be sent back to you with a note from the clerk explaining this. As I've explained before, I've been on the receiving end of retaliatory lawsuits and counter-claims from the bad guys (telemarketers, junk faxers and spammers), and am clearly sympathetic to Spamhaus' plight here. However, there is nothing I can see in the record to fault the court on in this case. Spamhaus apparently intends to appeal, so we'll just have to see what issues are raised. -- Best regards, Robert Braver [EMAIL PROTECTED]
About the SpamHaus lawsuit?
Robert Braver wrote: On Monday, October 23, 2006, 7:07:43 PM, Giampaolo Tomassoni wrote: GT> I would have much more preferred a statement like: 'we can't GT> handle this case since it crosses U.S. borders', but GT> anyway... Me too, but because Spamhaus did not ask that the case be dismissed for lack of personal jurisdiction, that was not an issue that the court had an opportunity to decide. The judge should have raised the issue sua sponte. (of his own motion) Does anyone have the address of the court? I might write the judge a letter myself.
Funky spamd error
Oct 23 17:19:09 espphotography spamd[7320]: (?:(?<=[\s,]))* matches null string many times in regex; marked by <-- HERE in m/\G(?:(?<=[\s,]))* <-- HERE \Z/ at /opt/local/lib/perl5/5.8.7/Text/Wrap.pm line 46.\n Any ideas what's causing this? Coming up pretty frequently in my mail.log. SA 3.1.7 on a os/x box. Thanks. Evan
Re: R: R: Re[4]: Any comments of the SpamHaus lawsuit?
On Monday, October 23, 2006, 7:07:43 PM, Giampaolo Tomassoni wrote: GT> I would have much more preferred a statement like: 'we can't GT> handle this case since it crosses U.S. borders', but GT> anyway... Me too, but because Spamhaus did not ask that the case be dismissed for lack of personal jurisdiction, that was not an issue that the court had an opportunity to decide. -- Best regards, Robert Braver [EMAIL PROTECTED]
RE: Bayes ?
> -Original Message- > From: Noc Phibee [mailto:[EMAIL PROTECTED] > Sent: Sunday, October 22, 2006 12:46 PM > To: users@spamassassin.apache.org > Subject: Bayes ? > > > Hi > > he have a spam file for add to a new SA installation ? for > don't start at 0 > > Thanks for your answer > > Find some existing email. Put it into two folders Spam and ham. Use sa-learn to learn the spam folder as spam and the ham folder as ham. You should have at least 200 emails in each folder.
R: R: Re[4]: Any comments of the SpamHaus lawsuit?
> GT> That's not so good, whether confirmed: it would mean that the > GT> court recognized that Spamhaus is actually running some > GT> unlawful ... > > No, it only means that Spamhaus abandoned the case and allowed a > default judgment and injunction to be entered against it. > > A default judgment is not a determination on the merits. Well, I don't know: you're probably right. I would have much more preferred a statement like: 'we can't handle this case since it crosses U.S. borders', but anyway... giampaolo > -- > Best regards, > Robert Braver > [EMAIL PROTECTED] >
Re: R: Re[4]: Any comments of the SpamHaus lawsuit?
On Monday, October 23, 2006, 5:11:43 PM, Giampaolo Tomassoni wrote: GT> That's not so good, whether confirmed: it would mean that the GT> court recognized that Spamhaus is actually running some GT> unlawful ... No, it only means that Spamhaus abandoned the case and allowed a default judgment and injunction to be entered against it. A default judgment is not a determination on the merits. -- Best regards, Robert Braver [EMAIL PROTECTED]
Re: Scoring PTR's
Eric A. Hall wrote: http://www.ehsco.com/misc/spamassassin/std_compliance.cf might help or work for what you're doing. Make sure to read the disclaimers and warnings Those helped a lot. There's only three checks I can't do with them (probably need to use a plugin for it): a) does the hostname in the PTR record point to a CNAME instead of an A record b) does the hostname contain it's IP address in _hex_ form (instead of in decimal form, which I've already got working) c) does the hostname in the PTR record actually going to an A record which includes the relay's IP addr Short of those things, I think this works the way I want it to: http://people.ucsc.edu/~jrudd/spamassassin/jr_rfc1912.cf Now I just need to decide if getting those other 3 items in place is worth the time I'd spend learning to write a plugin. Probably is, since it's learning... but I'm not sure I have the time to actually do it.
RE: Per Domain Whitelisting
-Original Message- From: jasonegli [mailto:[EMAIL PROTECTED] Sent: Monday, October 23, 2006 5:36 PM To: users@spamassassin.apache.org Subject: Per Domain Whitelisting I'm running multiple domains on one SPAM cleaning server. I'm wondering if there's a way in spamassassin to build a separate whitelist for each domain. If not, can you build a whitelist based on BOTH To and From addresses. For example let's say that domain xyz.com wants to allow all messages from yahoo.com, but domain 123.com does not. Is there a way to allow "FROM [EMAIL PROTECTED] TO [EMAIL PROTECTED]"? Thanks -- View this message in context: http://www.nabble.com/Per-Domain-Whitelisting-tf2497743.html#a6962693 Sent from the SpamAssassin - Users mailing list archive at Nabble.com. I've not implemented or tested it, but I ran across Maia Mailguard a few weeks back. It looks like you can do per user/domain sa settings. http://www.renaissoft.com/maia/ Dylan
R: Re[4]: Any comments of the SpamHaus lawsuit?
> But Kocoras said Thursday that the requested action was too broad and > would cut off all lawful online activities of Spamhaus, not just those > targeted by any court order. That's not so good, whether confirmed: it would mean that the court recognized that Spamhaus is actually running some unlawful activity... giampaolo
Re: CC: in body of email causes message to be blocked
Hello John and Evan, Thanks for your help. I've tried setting the required_score to 1000, but any mail with 'C' 'C' ':' is still not coming through. In addition to not receiving email, I've now tried sending email with this string in the body through webmail and receive a CPanel error: Email delivery error Server replied: 1 Can't execute command '/usr/local/cpanel/bin/sendmail_cpanel -i -t [EMAIL PROTECTED]'. Again, this is only happening when SpamAssassin is enabled, which is why I think it may be the problem, but I am also contacting CPanel to report this error. -Steven John D. Hardin wrote: > On Fri, 20 Oct 2006, Steven Danneman wrote: > > >> I'm guessing SpamAssassin is misconfigured, unfortunately I don't have >> much access to its configuration, only what is available through >> CPanel. Does anybody have any ideas what could be happening here? >> > > Suggestion: > > Use CPanel to set your SA spam score way high (1000) and send a test > message through. You should be able to check the message headers and > see which rules are hitting and what the message is scoring. > > -- > John Hardin KA7OHZICQ#15735746http://www.impsec.org/~jhardin/ > [EMAIL PROTECTED]FALaholic #11174pgpk -a [EMAIL PROTECTED] > key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 > --- > ...the Fates notice those who buy chainsaws... > -- www.darwinawards.com > --- > 8 days until Halloween > > > > . > >
RE: in body of email causes message to be blocked
Its not spamassassin, note the x-spam-level: no. SA didn't block, or attempt to block, or even mark that email spam. > > X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on > server4.virtuosonetsolutions.com > X-Spam-Level: * > X-Spam-Status: No, score=1.0 required=12.0 > tests=AWL,BAYES_05,MISSING_SUBJECT, > NO_RECEIVED,NO_RELAYS,TO_CC_NONE autolearn=no version=3.1.7 > From: "Spam Assassin" > > Spam Assassin has been enabled on this account > > It did however find a blank cc, missing received header, missing subject, no relays... I would suggest that whoever set it up has it messed up.
Per Domain Whitelisting
I'm running multiple domains on one SPAM cleaning server. I'm wondering if there's a way in spamassassin to build a separate whitelist for each domain. If not, can you build a whitelist based on BOTH To and From addresses. For example let's say that domain xyz.com wants to allow all messages from yahoo.com, but domain 123.com does not. Is there a way to allow "FROM [EMAIL PROTECTED] TO [EMAIL PROTECTED]"? Thanks -- View this message in context: http://www.nabble.com/Per-Domain-Whitelisting-tf2497743.html#a6962693 Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
OFF-TOPIC - (Was: I'm thinking about suing Microsoft)
I have no official position with spamassassin, but I am requesting that you please take this thread to another mailing list. It isn't relevant to spamassassin and we don't need to read this. -- Jo Rhett Senior Network Engineer Network Consonance
RE: It works great, but looking for advise...
> > ClamAV blocks a lot of phishing attempts; you might look into that. > In addition to vanilla ClamAV, I would also suggest adding in the SANESECURITY unofficial Phishing and Scam signatures for ClamAV. These are just extra signatures that run in addition to the normal ClamAV signatures and catch a LOT of phishing/scam attempts. Easy to set up and use, too. Remember to update them frequently. http://www.sanesecurity.com/clamav/ CONFIDENTIALITY NOTICE: This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. SPAM-FREE 1.0(2476)
Re: I'm thinking about suing Microsoft
>> >> >> Jo wrote: >> > Duane Hill schreef: >> >> Marc Perkel wrote: >> >>> I'm considering filing a lawsuit against Microsoft to try to get an >> >>> order to make them make public security updates for Windows to >> >>> everyone, registered or not. >> >>> >> >>> The idea is that their product Windows creates a toxic byproduct >> >>> (spam,ddos zombies) that interfere with everyone else's internet >> >>> usage and that they have a responsibility to clean it up. It would >> >>> be similar to a suit where a business that is otherwise legitimate >> >>> attracts crime in a neighborhood or a manufacturer dumping toxic >> >>> waste into a stream. >> >>> >> >>> Virus infected spam zombie are a toxic byproduct of their business >> >>> model and it affects all of us and they have a duty to the public to >> >>> fix it. I'm somewhat of a legal expert, not a lawyer though. But >> >>> just wanted to get some feedback on the idea. >> >>> >> >>> >> >>> >> >> Good luck! As it is now, Windows is the most widely used platform at >> >> present. That is the reason it is the most widely attacked. If Mac >> >> OSX or any other platform were to rise up and be dominant, then guess >> >> what would happen? Yes. That platform would be the one most widely >> >> attacked. >> >> >> >> So, should the other OS platforms start to take action now in >> >> preparing for an OS mainstream shift? >> > I don't buy the hypothesis that if another OS would be more popular it >> > would automatically be such a sieve like Windows. A system can be >> > intrinsically more secure due to the choices that were made during its >> > development. >> > >> > Suing MS, I would say: Go for it! By all means. Maybe they can also >> > die the death of a thousand cuts. >> > >> > Jo >> >> Popularity is a factor. But the real vulnerability is that Windows can >> be more secure if it has the patches. If Linux for example restricted >> it's seurity patches to only licensed users they would have the same >> problem. I'm not saying either that MS should be compelled to distribute >> any upgrades for free. Just secutiry fixes. >> Hi, I believe that some users of illegal copies avoid to download security fixes because - they fear that some info about them might be sent to MS - it is not always clear what an update really does. I have no idea whether the first one is true, but I can say for sure that the ONLY update that windows suggested to install by itself on a specific pc was WGA but nothing security related. This does not necessarily improve confidence in the security update mechanism Side note: some of the "pirated" windows copies only seem to exist due to problems with the system, or strange licensing conditions. If I can trust some recent statistics, the vast majority of systems is sold with windows already installed, and should not be candidates for pirating at all. If these systems are set up such that the average user cannot reinstall after a crash or hardware change, users might prefer to reinstall from a non-restricted version and probably use a pirated one. After all, why should they pay twice for the same OS on the same computer Perhaps this aspect of the computer business should be questioned in court Wolfgang Hamann
Re: It works great, but looking for advise...
On Mon, 23 Oct 2006, Jon D. Slater wrote: >What rule set do you suggest for the spoof Paypal and eBay spam (and >assorted fake links to assorted banks and credit unions). Jon-- ClamAV blocks a lot of phishing attempts; you might look into that. Between ClamAV and an aggressive MTA configuration (blacklists, forcing somewhat RFC-compliant behavior, etc.), I see very little phishing mail. Chris St. Pierre Unix Systems Administrator Nebraska Wesleyan University
RE: I'm thinking about suing Microsoft
But windows patches are free. Even if you are using an illegal copy of windows, you can still manually download and install the patches. It's Microsoft Update where they mostly have the genuine windows verification code. Even Redhat forces you to pay subscriptions for their autoupdate management stuff. -Original Message- From: Marc Perkel [mailto:[EMAIL PROTECTED] Sent: Monday, October 23, 2006 3:59 PM To: Jo Cc: Duane Hill; users@spamassassin.apache.org Subject: Re: I'm thinking about suing Microsoft Popularity is a factor. But the real vulnerability is that Windows can be more secure if it has the patches. If Linux for example restricted it's seurity patches to only licensed users they would have the same problem. I'm not saying either that MS should be compelled to distribute any upgrades for free. Just secutiry fixes.
Re: I'm thinking about suing Microsoft
On Monday 23 October 2006 21:58, Peter H. Lemieux took the opportunity to say: > Magnus Holmgren wrote: > > I thought they did? At least the message from WU/WGA on one computer with > > Windows XP I used recently was that unauthorised installations only get > > critical updates, but they do get those. Is that going to change with > > Vista? > > Yes. See, for instance, http://www.computerworld.com/blogs/node/3665 > > Vista machines that Windows "Genuine Advantage" believes to be pirated > will operate with reduced functionality, including disabling the "Windows > Defender" software that protects against malware. But Windows Defender != patches for security holes? Still, bad move ("security in depth" etc.). We can only pray that, to the extent SPP works, people will either pay up or get rid of Vista, or Windows altogether. > All that said, those of you who think a lawsuit is a good approach should > start by reading the Windows EULA. Like most EULA's it exempts Microsoft > from liability for just about anything it's software does. The EULA isn't binding to third parties, though. The question is whether Microsoft, by willfully denying some computers adequate protection, is liable of contributing to the crimes committed by others, or those installing unauthorised copies are fully responsible. -- Magnus Holmgren[EMAIL PROTECTED] (No Cc of list mail needed, thanks) pgpftWD2JL9Vx.pgp Description: PGP signature
Re: I'm thinking about suing Microsoft
Peter H. Lemieux wrote: Magnus Holmgren wrote: I thought they did? At least the message from WU/WGA on one computer with Windows XP I used recently was that unauthorised installations only get critical updates, but they do get those. Is that going to change with Vista? Yes. See, for instance, http://www.computerworld.com/blogs/node/3665 Vista machines that Windows "Genuine Advantage" believes to be pirated will operate with reduced functionality, including disabling the "Windows Defender" software that protects against malware. What's especially troubling is the large number of false positives that WGA currently generates if the computer's hardware is significantly altered. It also seems to me that this approach leaves these machines ripe for a denial-of-service attack where a virus somehow changes the WGA signature on the machine so it appears that the Windows OS is pirated. Then the next time WGA phones home it switches the infected computer to the reduced functionality state (which generates lots of calls to the help desk!). All that said, those of you who think a lawsuit is a good approach should start by reading the Windows EULA. Like most EULA's it exempts Microsoft from liability for just about anything it's software does. I also suspect most judges wouldn't consider spamming to be a sufficient threat to the public's health and welfare that it would justify taking legal actions against Microsoft. But, if your attorneys think this is a good idea, more power to you! Peter Lots of companies state that they are exempt from liability that they aren't exempt from. Just because an agreement says "we aren't liable" really means nothing. And it doesn't apply to third parties who are affected.
Re: Concerned with scores for from rfc-ignorant.org
Elizabeth Schwartz wrote: JADP - the rfc-ignorant rules lost us some important email today. The customer was throwing away all mail tagged as SPAM after many months of no false positives. I've turned those rules off on my site, and continue as always to encourage my users to check their tagged mail before tossing it. IMO, anyone who is throwing all all mail tagged as spam _deserves_ to lose legit email. Reject it (at the SMTP level) at something like 10+ if your setup allows that, but review it in the range of 5-10. Never throw it away blindly. That's just _stupid_. IMHO if a rule is getting legit email tagged as SPAM it should be toned down. IMNHAAO (in my not humble at all opinion), the problem here isn't the rules. It's how your user was using them.
Wiki page for BLs updated (Was: Concerned with scores for from rfc-ignorant.org)
On the "walk the way you talk" point, I have edited the DNSBL wiki page to include a list of all the DNSBLs in 20_dnsbl_tests.cf, instead of the previous comment about "all of the public DNSBLs" which isn't really true. This could probably use some more editing, so everyone is encouraged to fix any mistakes I made. Jo Rhett wrote: Elizabeth Schwartz wrote: IMHO if a rule is getting legit email tagged as SPAM it should be toned down. Obeying the RFC's is a good thing, but I am trying to tune our spam filter to filter spam, not to be a netcop. Then you should disable these BLs in your configuration. Don't suggest to others that these should be disabled. Do it yourself. Pretty much everyone here is aware that these are policy-enforcement, not spam detection, and if they have them enabled it is because they find that to be useful. You should take this time to go read the objectives of each of the BLs you have enabled and decide if their policy matches your objectives. -- Jo Rhett Senior Network Engineer Network Consonance
Re: I'm thinking about suing Microsoft
Magnus Holmgren wrote: I thought they did? At least the message from WU/WGA on one computer with Windows XP I used recently was that unauthorised installations only get critical updates, but they do get those. Is that going to change with Vista? Yes. See, for instance, http://www.computerworld.com/blogs/node/3665 Vista machines that Windows "Genuine Advantage" believes to be pirated will operate with reduced functionality, including disabling the "Windows Defender" software that protects against malware. What's especially troubling is the large number of false positives that WGA currently generates if the computer's hardware is significantly altered. It also seems to me that this approach leaves these machines ripe for a denial-of-service attack where a virus somehow changes the WGA signature on the machine so it appears that the Windows OS is pirated. Then the next time WGA phones home it switches the infected computer to the reduced functionality state (which generates lots of calls to the help desk!). All that said, those of you who think a lawsuit is a good approach should start by reading the Windows EULA. Like most EULA's it exempts Microsoft from liability for just about anything it's software does. I also suspect most judges wouldn't consider spamming to be a sufficient threat to the public's health and welfare that it would justify taking legal actions against Microsoft. But, if your attorneys think this is a good idea, more power to you! Peter
Re: I'm thinking about suing Microsoft
Jo wrote: Duane Hill schreef: Marc Perkel wrote: I'm considering filing a lawsuit against Microsoft to try to get an order to make them make public security updates for Windows to everyone, registered or not. The idea is that their product Windows creates a toxic byproduct (spam,ddos zombies) that interfere with everyone else's internet usage and that they have a responsibility to clean it up. It would be similar to a suit where a business that is otherwise legitimate attracts crime in a neighborhood or a manufacturer dumping toxic waste into a stream. Virus infected spam zombie are a toxic byproduct of their business model and it affects all of us and they have a duty to the public to fix it. I'm somewhat of a legal expert, not a lawyer though. But just wanted to get some feedback on the idea. Good luck! As it is now, Windows is the most widely used platform at present. That is the reason it is the most widely attacked. If Mac OSX or any other platform were to rise up and be dominant, then guess what would happen? Yes. That platform would be the one most widely attacked. So, should the other OS platforms start to take action now in preparing for an OS mainstream shift? I don't buy the hypothesis that if another OS would be more popular it would automatically be such a sieve like Windows. A system can be intrinsically more secure due to the choices that were made during its development. Suing MS, I would say: Go for it! By all means. Maybe they can also die the death of a thousand cuts. Jo Popularity is a factor. But the real vulnerability is that Windows can be more secure if it has the patches. If Linux for example restricted it's seurity patches to only licensed users they would have the same problem. I'm not saying either that MS should be compelled to distribute any upgrades for free. Just secutiry fixes.
Re: CC: in body of email causes message to be blocked
At 06:21 PM 10/20/2006, you wrote: When we have SpamAssassin enabled, we are unable to receive some messages. I've narrowed down the problem to any message with the three characters 'C' 'C' ':' (I've separated them so I can send this message out) in the body of the message. When any email address sends us a message with this in the body, the message seems to be rejected by our mail server. The original sender of the message is not notified, and no message, not even one with re-written headers and a SPAM score comes to the recipient. When I turn off SpamAssassin, these messages are received fine. So it seems obvious that SpamAssassin is blocking messages with 'C' 'C' ':' in their body, but this doesn't seem to be a filter rule, because no message gets through, even when I have SpamAssassin set to forward all messages. I'm guessing SpamAssassin is misconfigured, unfortunately I don't have much access to its configuration, only what is available through CPanel. Does anybody have any ideas what could be happening here? If you don't get any responses here, check in a cpanel group. Spamassassin cannot 'block' messages. Something else is blocking them.
Re: CC: in body of email causes message to be blocked
On Fri, 20 Oct 2006, Steven Danneman wrote: > I'm guessing SpamAssassin is misconfigured, unfortunately I don't have > much access to its configuration, only what is available through > CPanel. Does anybody have any ideas what could be happening here? Suggestion: Use CPanel to set your SA spam score way high (1000) and send a test message through. You should be able to check the message headers and see which rules are hitting and what the message is scoring. -- John Hardin KA7OHZICQ#15735746http://www.impsec.org/~jhardin/ [EMAIL PROTECTED]FALaholic #11174pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- ...the Fates notice those who buy chainsaws... -- www.darwinawards.com --- 8 days until Halloween
Re: I'm thinking about suing Microsoft
Holding the position of "most widely-attacked" is no reason for it to also be "least secure-due-to-widely-known-and-poorly-corrected-issues". Even if Apple/Posix products were as "widely attacked" as Windows products, the results would be far less damaging to the global infrastructure, despite Posix near stranglehold on server systems worldwide. I'm in favor of investigating a lawsuit such as the one described, because Microsoft is in the same arena as other major manufacturers (automobiles, telephone systems, medical equipment, etc.) that are regularly held accountable for problems with their products that impact safety and economic issues on a broad scale. James *** REPLY SEPARATOR *** On 10/23/06 at 7:17 PM Duane Hill wrote: >Marc Perkel wrote: >> I'm considering filing a lawsuit against Microsoft to try to get an >> order to make them make public security updates for Windows to >> everyone, registered or not. >> >> The idea is that their product Windows creates a toxic byproduct >> (spam,ddos zombies) that interfere with everyone else's internet usage >> and that they have a responsibility to clean it up. It would be >> similar to a suit where a business that is otherwise legitimate >> attracts crime in a neighborhood or a manufacturer dumping toxic waste >> into a stream. >> >> Virus infected spam zombie are a toxic byproduct of their business >> model and it affects all of us and they have a duty to the public to >> fix it. I'm somewhat of a legal expert, not a lawyer though. But just >> wanted to get some feedback on the idea. >> >> >> >Good luck! As it is now, Windows is the most widely used platform at >present. That is the reason it is the most widely attacked. If Mac OSX >or any other platform were to rise up and be dominant, then guess what >would happen? Yes. That platform would be the one most widely attacked. > >So, should the other OS platforms start to take action now in preparing >for an OS mainstream shift?
Re: Does skip_rbl_checks have influence on razor 2 and DCC?
Volker wrote: Hi, does anybody know if disabling "skip_rbl_checks" does stop razor 2 checks and DCC too even if razor2 and dcc are enabled in local.cf? Run spamassassin in debug mode and find out. Daryl
Re: I'm thinking about suing Microsoft
At 12:35 PM 10/23/2006, you wrote: My opinion is that security patches should be available to everyone so as not to create an army of zombies. Aren't OS-X patches openly available? I believe so. But then again, there is no product key for OS/X. It's been a while since I installed OS/X, but if I recall, hypothetically, you could buy one DVD of OS/X, install it on 30 computers, and no one would be the wiser. I mean, unless EVERY DVD is serialized, and the serial is hard coded...
Re: I'm thinking about suing Microsoft
Marc Perkel wrote: > > Duane Hill wrote: > > Marc Perkel wrote: > >> I'm considering filing a lawsuit against Microsoft to try to get an > >> order to make them make public security updates for Windows to > >> everyone, registered or not. > >> > >> The idea is that their product Windows creates a toxic byproduct > >> (spam,ddos zombies) that interfere with everyone else's internet > >> usage and that they have a responsibility to clean it up. It would be > >> similar to a suit where a business that is otherwise legitimate > >> attracts crime in a neighborhood or a manufacturer dumping toxic > >> waste into a stream. > >> > >> Virus infected spam zombie are a toxic byproduct of their business > >> model and it affects all of us and they have a duty to the public to > >> fix it. I'm somewhat of a legal expert, not a lawyer though. But just > >> wanted to get some feedback on the idea. > >> > >> > >> > > Good luck! As it is now, Windows is the most widely used platform at > > present. That is the reason it is the most widely attacked. If Mac OSX > > or any other platform were to rise up and be dominant, then guess what > > would happen? Yes. That platform would be the one most widely attacked. > > > > So, should the other OS platforms start to take action now in > > preparing for an OS mainstream shift? > > My opinion is that security patches should be available to everyone so > as not to create an army of zombies. Aren't OS-X patches openly available? > > It is my understanding that SECURITY patches are still freely available via Windows Update for currently supported Operating Systems. It is feature enhancements and other such downloads that are not available for pirated software.
Re: I'm thinking about suing Microsoft
On Monday 23 October 2006 20:34, Marc Perkel took the opportunity to say: > I'm considering filing a lawsuit against Microsoft to try to get an > order to make them make public security updates for Windows to everyone, > registered or not. I thought they did? At least the message from WU/WGA on one computer with Windows XP I used recently was that unauthorised installations only get critical updates, but they do get those. Is that going to change with Vista? -- Magnus Holmgren[EMAIL PROTECTED] (No Cc of list mail needed, thanks) pgpbYCVWuY4zj.pgp Description: PGP signature
Re: I'm thinking about suing Microsoft
Duane Hill schreef: Marc Perkel wrote: I'm considering filing a lawsuit against Microsoft to try to get an order to make them make public security updates for Windows to everyone, registered or not. The idea is that their product Windows creates a toxic byproduct (spam,ddos zombies) that interfere with everyone else's internet usage and that they have a responsibility to clean it up. It would be similar to a suit where a business that is otherwise legitimate attracts crime in a neighborhood or a manufacturer dumping toxic waste into a stream. Virus infected spam zombie are a toxic byproduct of their business model and it affects all of us and they have a duty to the public to fix it. I'm somewhat of a legal expert, not a lawyer though. But just wanted to get some feedback on the idea. Good luck! As it is now, Windows is the most widely used platform at present. That is the reason it is the most widely attacked. If Mac OSX or any other platform were to rise up and be dominant, then guess what would happen? Yes. That platform would be the one most widely attacked. So, should the other OS platforms start to take action now in preparing for an OS mainstream shift? I don't buy the hypothesis that if another OS would be more popular it would automatically be such a sieve like Windows. A system can be intrinsically more secure due to the choices that were made during its development. Suing MS, I would say: Go for it! By all means. Maybe they can also die the death of a thousand cuts. Jo
Re: I'm thinking about suing Microsoft
Duane Hill wrote: Marc Perkel wrote: I'm considering filing a lawsuit against Microsoft to try to get an order to make them make public security updates for Windows to everyone, registered or not. The idea is that their product Windows creates a toxic byproduct (spam,ddos zombies) that interfere with everyone else's internet usage and that they have a responsibility to clean it up. It would be similar to a suit where a business that is otherwise legitimate attracts crime in a neighborhood or a manufacturer dumping toxic waste into a stream. Virus infected spam zombie are a toxic byproduct of their business model and it affects all of us and they have a duty to the public to fix it. I'm somewhat of a legal expert, not a lawyer though. But just wanted to get some feedback on the idea. Good luck! As it is now, Windows is the most widely used platform at present. That is the reason it is the most widely attacked. If Mac OSX or any other platform were to rise up and be dominant, then guess what would happen? Yes. That platform would be the one most widely attacked. So, should the other OS platforms start to take action now in preparing for an OS mainstream shift? My opinion is that security patches should be available to everyone so as not to create an army of zombies. Aren't OS-X patches openly available?
It works great, but looking for advise...
Hi All, I’m using: 70_sare_adult.cf 70_sare_specific.cf 70_sare_stocks.cf What rule set do you suggest for the spoof Paypal and eBay spam (and assorted fake links to assorted banks and credit unions). Thanks! Jon
Re: I'm thinking about suing Microsoft
Marc Perkel wrote: I'm considering filing a lawsuit against Microsoft to try to get an order to make them make public security updates for Windows to everyone, registered or not. The idea is that their product Windows creates a toxic byproduct (spam,ddos zombies) that interfere with everyone else's internet usage and that they have a responsibility to clean it up. It would be similar to a suit where a business that is otherwise legitimate attracts crime in a neighborhood or a manufacturer dumping toxic waste into a stream. Virus infected spam zombie are a toxic byproduct of their business model and it affects all of us and they have a duty to the public to fix it. I'm somewhat of a legal expert, not a lawyer though. But just wanted to get some feedback on the idea. Good luck! As it is now, Windows is the most widely used platform at present. That is the reason it is the most widely attacked. If Mac OSX or any other platform were to rise up and be dominant, then guess what would happen? Yes. That platform would be the one most widely attacked. So, should the other OS platforms start to take action now in preparing for an OS mainstream shift?
Re: Concerned with scores for from rfc-ignorant.org
Elizabeth Schwartz wrote: IMHO if a rule is getting legit email tagged as SPAM it should be toned down. Obeying the RFC's is a good thing, but I am trying to tune our spam filter to filter spam, not to be a netcop. Our particular contact seems to have gotten onto rfc-ignorant's list because it is rejecting mail from <>, nothing to do with sending spam, and it's a legitimate site, neither a spammer nor an ISP (nor in a computer related field, nor English speaking...) It seems to me you have a couple of different options, Betsy. You can reduce the score attached to all mail that trips the rfc-ignorant rule, you can set it to zero and deactivate the rule entirely, or you can whitelist particular senders in a custom .cf file. I usually choose the latter route, most often based on the Received headers. For instance, header RCVD_FROM_HARVARDReceived =~ /from .*\.harvard\.edu \(/i score RCVD_FROM_HARVARD -5 matches the Received header added by sendmail. If you're using a different MTA, you'll need to write a rule customized to the headers it adds. (Note the escaped periods and parenthesis in the regex.) You might drop a note to the postmaster box at that domain and tell them they're listed in rfc-ignorant. I bet they haven't got a clue, and some of their other legitimate messages aren't being delivered. Peter
CC: in body of email causes message to be blocked
Hello, We have recently changed our email hosting provider and our new provider uses SpamAssassin on our mail server. SpamAssassin is being run through CPanel 10, and when enabling it I receive these configuration details: -- Attempting to enable SpamAssassin... X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on server4.virtuosonetsolutions.com X-Spam-Level: * X-Spam-Status: No, score=1.0 required=12.0 tests=AWL,BAYES_05,MISSING_SUBJECT, NO_RECEIVED,NO_RELAYS,TO_CC_NONE autolearn=no version=3.1.7 From: "Spam Assassin" Spam Assassin has been enabled on this account SpamAssassin is now: enabled -- When we have SpamAssassin enabled, we are unable to receive some messages. I've narrowed down the problem to any message with the three characters 'C' 'C' ':' (I've separated them so I can send this message out) in the body of the message. When any email address sends us a message with this in the body, the message seems to be rejected by our mail server. The original sender of the message is not notified, and no message, not even one with re-written headers and a SPAM score comes to the recipient. When I turn off SpamAssassin, these messages are received fine. So it seems obvious that SpamAssassin is blocking messages with 'C' 'C' ':' in their body, but this doesn't seem to be a filter rule, because no message gets through, even when I have SpamAssassin set to forward all messages. I'm guessing SpamAssassin is misconfigured, unfortunately I don't have much access to its configuration, only what is available through CPanel. Does anybody have any ideas what could be happening here? -- Best regards, Steven Danneman <[EMAIL PROTECTED]> ITTIA - Mobile and Embedded Database Solutions 425 462 0046 | direct 425 462 0048 | fax Download a free evaluation of ITTIA DB at: http://www.ittia.com/community/request/ittiadb
Re: Concerned with scores for from rfc-ignorant.org
Elizabeth Schwartz wrote: IMHO if a rule is getting legit email tagged as SPAM it should be toned down. Obeying the RFC's is a good thing, but I am trying to tune our spam filter to filter spam, not to be a netcop. Then you should disable these BLs in your configuration. Don't suggest to others that these should be disabled. Do it yourself. Pretty much everyone here is aware that these are policy-enforcement, not spam detection, and if they have them enabled it is because they find that to be useful. You should take this time to go read the objectives of each of the BLs you have enabled and decide if their policy matches your objectives. -- Jo Rhett Senior Network Engineer Network Consonance
Re: Concerned with scores for from rfc-ignorant.org
Elizabeth Schwartz wrote: > JADP - the rfc-ignorant rules lost us some important email today. The > customer was throwing away all mail tagged as SPAM after many months of > no false positives. I've turned those rules off on my site, and continue > as always to encourage my users to check their tagged mail before > tossing it. *nod* The *ONLY* mail I autodiscard immediately is mail tagged as a virus - and even there I'm cautious. Spam is tagged, and filed in a separate folder. I *do* have autoexpiry processes set up to keep the spam folders from growing out of control, but the shortest period they run on is 7 days. > IMHO if a rule is getting legit email tagged as SPAM it should be toned > down. And that's one of the real benfits of SpamAssassin; you *can* do just that. If one rule is persistently misfiring on your particular mail flow, you can score it down or zero it out completely. If you're getting really poor scoring across the board, you could even go to the effort of completely rerunning the entire scoreset to customize it to your mail flow. I don't know of many commercial products you could do that with. A few years ago, I was seeing FPs on whitelist_from_rcvd for PayPal (IIRC - it's been a while.) So I temporarily overrode that whitelist entry. Obeying the RFC's is a good thing, but I am trying to tune our > spam filter to filter spam, not to be a netcop. Our particular contact > seems to have gotten onto rfc-ignorant's list because it is rejecting > mail from <> ... which is a *REALLY* bad thing for a mail server to do. I don't reject mail outright from many systems, but rejecting legitimate postmaster notices (which are, by definition, generated with the null sender "<>") is high on my trigger list once a system has been seen doing other unsavoury things to their mail flow. I wonder if they ever read mail sent *to* [EMAIL PROTECTED] I regularly see remote systems refusing mail delivery notices (autogenerated by the server that delivers the message to the appropriate inbox **if requested by the sender** - IIRC Outlook can request this notice). On the other side of this debate, I refuse to let client MUAs use the null sender; I can't think of any reasons they should ever do so. Read receipts should be sent using the usual sender address, so that if the recipient(s server) bounces it, it goes back where it belongs (ie, **NOT** in my postmaster mailbox). -kgd
I'm thinking about suing Microsoft
I'm considering filing a lawsuit against Microsoft to try to get an order to make them make public security updates for Windows to everyone, registered or not. The idea is that their product Windows creates a toxic byproduct (spam,ddos zombies) that interfere with everyone else's internet usage and that they have a responsibility to clean it up. It would be similar to a suit where a business that is otherwise legitimate attracts crime in a neighborhood or a manufacturer dumping toxic waste into a stream. Virus infected spam zombie are a toxic byproduct of their business model and it affects all of us and they have a duty to the public to fix it. I'm somewhat of a legal expert, not a lawyer though. But just wanted to get some feedback on the idea.
RE: CGPSA
> am using CGPro as mail server, and i need some help and advice > I am planning to implement CGPSA on our ingate servers and am > not quite sure if it is a good idea > we recieve almost 7000 email per hour and i don't know if > spamassassin is going to miss anything > another question > for the amount of emails mentioned above am i supposed to configure > CGPSA as in HEADERS or FULL mode > > any help on that regard will be appreciated That's a fairly high volume, but assuming you've set it up to handle that load, it shouldn't be a problem either way. If you're using network tests, you'll probably need local copies of any DNSBL and URIBL zones so there isn't a delay in querying external servers for it. As for headers only vs full mode, there are pros and cons of each. We run in headers-only mode here. Global configuration for everyone, every message gets scanned and tagged. There's a bug in the add-header routine in CGPSA that will try to add more header information to a message than CGPro will allow. I've submitted a code fix for that problem for the next version. In full mode, each domain and user can have individual settings. This can be helpful if you have users who are interested in changing scores, whitelisting people or whatever. Our users just want us to stop the spam without any effort on their part. Full mode requires PWD/CLI access to the server so it can check recipients. By default, only recipients with local accounts are scanned, not forwarders, lists, groups, or any other non-user account recipient. Even so, I think the majority of installations use this mode. I do believe there are some high-volume installations. You might have better luck with feedback if you posted on the CGPSA discussion list instead. HTH, Bret
Re: R: Psst!
On Thu, October 19, 2006 13:41, Giampaolo Tomassoni wrote: >> Place it In your signature e.g. on multiple Mailinglists/Forums? > Well, that way somebody would be tempted to use it. > You mean, I have to write something like: > "Plase, do NOT send here: [EMAIL PROTECTED]" > ? no that will be obivious :-) see the whole mail where @ is hidded, spammers don't care where it is if i tell more spammers will die :-) -- "This message was sent using 100% recycled spam mails."
Re: Anyone had the pleasure of this one?
Yes, I've gotten that one recently.. It's funny, but it's just another virus. The one I got was missed by all 3 AV products I use (clam, bitdefender, command). I submitted it to clamav and it's now caught as a variant of trojan-small. David Baron wrote: > (Virus attachment removed) > > -- Forwarded Message -- > > Subject: Mail server report. > Date: Saturday 21 October 2006 18:42 > From: [EMAIL PROTECTED] > To: [EMAIL PROTECTED] > > Mail server report. > > Our firewall determined the e-mails containing worm copies are being sent > from your computer. > > Nowadays it happens from many computers, because this is a new virus type > (Network Worms). > > > Using the new bug in the Windows, these viruses infect the computer > unnoticeably. After the penetrating into the computer the virus harvests all > the e-mail addresses and sends the copies of itself to these e-mail > addresses > > Please install updates for worm elimination and your computer restoring. > > Best regards, > Customers support service > > --- > >
ixHash Timeout
I've been seeing this quite a bit lately, is the site down or do the timeouts need to be increased? Its currently set for the default 10 seconds. Oct 21 12:28:03 localhost spamd[19162]: ixhash timeout reached at /etc/mail/spamassassin/iXhash.pm line 91. Oct 21 12:28:03 localhost spamd[19162]: ixhash timeout reached at /etc/mail/spamassassin/iXhash.pm line 91. -- Chris pgpOmjhwCz65w.pgp Description: PGP signature
order of precedence for loading configuration?
after running: sa-update --channel updates.spamassassin.org and, reading: % man spamassassin Default configuration data is loaded from the first existing directory in: /usr/local/spamassassin/var/spamassassin/3.001007 /var/MailServer/Conf/SA/Dist /usr/local/spamassassin/share/spamassassin /usr/local/share/spamassassin /usr/share/spamassassin checking in: % ls /usr/local/spamassassin/var/spamassassin/3.001007 updates_spamassassin_org/ updates_spamassassin_org.pre updates_spamassassin_org.cf and, verifying: % cat /usr/local/spamassassin/var/spamassassin/3.001007/updates_spamassassin_org.cf # UPDATE version 431276 include updates_spamassassin_org/10_misc.cf ... % ls -al /usr/local/spamassassin/var/spamassassin/3.001007/updates_spamassassin_org/10_misc.cf -rw-r--r-- 1 root wheel 5500 Oct 21 12:05 /usr/local/spamassassin/var/spamassassin/3.001007/updates_spamassassin_org/10_misc.cf % ls -al /var/MailServer/Conf/SA/Dist/10_misc.cf -rw-r--r-- 1 root wheel 5686 Oct 19 10:46 /var/MailServer/Conf/SA/Dist/10_misc.cf a successful --lint, reports: ... [25198] dbg: config: read file /var/MailServer/Conf/SA/Dist/10_misc.cf ... BUT, per the man page, should not the 10_misc.cf be loaded first/preferentially from /usr/local/spamassassin/var/spamassassin/3.001007? thanks
Net-DNS problem with SpamAssassin.
I have SpamAssassin-3.1.7 with Postfix MTA on RHEL 3.0. I have found following failure message in my postfix log file. I believe that problem is happened when i updated Net::DNS perl module from CPAN. Yet SpamAssassin is working perfectly with postfix MTA without any problem Oct 23 11:07:10 linux spamd[16790]: Can't use string ("Net::DNS::RR::MX") as a HASH ref while "strict refs" in use at /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi/Net/DNS/RR.pm line 724.Oct 23 11:07:10 linux spamd[16790]: Can't use string ("Net::DNS::RR::MX") as a HASH ref while "strict refs" in use at /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi/Net/DNS/RR.pm line 724.Oct 23 11:07:10 linux spamd[16790]: Compilation failed in require at (eval 225) line 3.Oct 23 11:07:10 linux spamd[16790]: Can't use string ("Net::DNS::RR::MX") as a HASH ref while "strict refs" in use at /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi/Net/DNS/RR.pm line 724.Oct 23 11:07:10 linux spamd[16790]: Compilation failed in require at (eval 225) line 3.Oct 23 11:07:10 linux spamd[16790]: plugin: eval failed: Can't use string ("Net::DNS::RR::MX") as a HASH ref while "strict refs" in use at /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi/Net/DNS/RR.pm line 724.Oct 23 11:07:10 linux spamd[16790]: Compilation failed in require at (eval 225) line 3. Oct 23 11:04:37 linux spamd[15293]: spf: lookup failed: Can't use string ("Net::DNS::RR::MX") as a HASH ref while "strict refs" in use at /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi/Net/DNS/RR.pm line 724, line 132. Thanks, Piyush Panchal
[Solved]
I have solved my problem with this. I used CGPSA v 1.4f and the developer has completed v 1.5 that now supports MySQL DB for all the user_auto_whitelist data. --Magnus
Re: Pyzor problem
Mark wrote: In Pyzor.pm, "internal error" is actually a mask for the infamous error: "Traceback (most recent call last): ..." Yeah, there are certain types of input that Pyzor chokes on, like messages with bogus character encodings. Unfortunately, development stopped before it was fixed to gracefully handle these conditions, and no one seems to have picked it up to patch it. -- Kelson Vibber SpeedGate Communications
Re: Custom scores -- how to..
Thanks for confirming that :) "Bowie Bailey" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Debbie D wrote: >> Can someone please remind me how to create custom scores for existing >> rules?? I do not want to manually go in and change any particular >> score, any update will over ride that.. I want to manually change >> them to hit on a higher [or lower as the case might be] score. >> >> If memory serves, I THINK I simply need to add a SCORE rule to my >> customlist and restart exim??? >> >> So as an example.. in sare-stocks the score set is like so: >> scoreSARE_MLH_Stock11.66 >> >> But I want to score that higher.. do I add >> >> scoreSARE_MLH_Stock15.55 >> to my custom list and restart exim?? >> >> thanks > > Yep. > > Usually you just add the new score line to your local.cf file. > > -- > Bowie >
Re: Psst!
On Thu, October 19, 2006 13:19, Giampaolo Tomassoni wrote: > Any suggestion to spread a spamtrap e-mail address? just post on a mail list and your email will be scanned by pfishers into there crap maillists where thay sell all kinds of things, maybe even thay use YOUR email just for sending out spam to pretend is was sent by you so what you need is just post on a mail list then wait :-) > Plase, don't let 'em know... i will -- "This message was sent using 100% recycled spam mails."
SA-Update error messages
Everytime my SA-Update runs the output from the cron job shows these lines: Use of uninitialized value in eval "string" at /usr/bin/sa-update line 91. Use of uninitialized value in eval "string" at /usr/bin/sa-update line 91. Use of uninitialized value in eval "string" at /usr/bin/sa-update line 91. Use of uninitialized value in eval "string" at /usr/bin/sa-update line 92. Use of uninitialized value in eval "string" at /usr/bin/sa-update line 92. Use of uninitialized value in eval "string" at /usr/bin/sa-update line 92. Use of uninitialized value in eval "string" at /usr/bin/sa-update line 93. Use of uninitialized value in eval "string" at /usr/bin/sa-update line 93. Use of uninitialized value in eval "string" at /usr/bin/sa-update line 93. Use of uninitialized value in eval "string" at /usr/bin/sa-update line 94. Use of uninitialized value in eval "string" at /usr/bin/sa-update line 94. Use of uninitialized value in eval "string" at /usr/bin/sa-update line 94. Use of uninitialized value in eval "string" at /usr/bin/sa-update line 95. Use of uninitialized value in eval "string" at /usr/bin/sa-update line 95. Use of uninitialized value in eval "string" at /usr/bin/sa-update line 95. Which refer to these lines in sa-update: eval { use Net::DNS; }; eval { use LWP::UserAgent; }; eval { use HTTP::Date qw(time2str); }; eval { use Archive::Tar 1.23; }; eval { use IO::Zlib 1.04; }; Whats up with that? -- _ John Andersen
Re: Anyone had the pleasure of this one?
It's just some bull. Any good postmaster should know that you will never ever send a return message now a days when it comes to a virus. Seen it, and sent it to the round long-time-burning-and-forget storage. /Micke David Baron wrote: (Virus attachment removed) -- Forwarded Message -- Subject: Mail server report. Date: Saturday 21 October 2006 18:42 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Mail server report. Our firewall determined the e-mails containing worm copies are being sent from your computer. Nowadays it happens from many computers, because this is a new virus type (Network Worms). Using the new bug in the Windows, these viruses infect the computer unnoticeably. After the penetrating into the computer the virus harvests all the e-mail addresses and sends the copies of itself to these e-mail addresses Please install updates for worm elimination and your computer restoring. Best regards, Customers support service --- I received this same one a couple weeks ago. You know, if you go to all the trouble of creating a virus, wouldn't you want to at least do a believable job with your grammar? Gary V _ Add a Yahoo! contact to Windows Live Messenger for a chance to win a free trip! http://www.imagine-windowslive.com/minisites/yahoo/default.aspx?locale=en-us&hmtagline
finish() method on the status objects
Hello everyone! :) Can I get away with this without any memory or resource leaks? Is this OK? Thanks! Joe my $spamtest = Mail::SpamAssassin->new(); my $status = $spamtest->check($spamtest->parse($message)); if ($status->is_spam()) { $message = $status->rewrite_mail(); } else { ... } ... $status->finish(); PLEASE NOTICE the missing lines: my $mail = $spamtest->parse($message); and $mail->finish(); The docs at (http://spamassassin.apache.org/full/3.1.x/doc/Mail_SpamAssassin.html) say the following. my $spamtest = Mail::SpamAssassin->new(); my $mail = $spamtest->parse($message); my $status = $spamtest->check($mail); if ($status->is_spam()) { $message = $status->rewrite_mail(); } else { ... } ... $status->finish(); $mail->finish(); $status = $f->check ($mail) Note that the Mail::SpamAssassin object can be re-used for further messages without affecting this check; in OO terminology, the Mail::SpamAssassin object is a ``factory''. However, if you do this, be sure to call the finish() method on the status objects when you're done with them. //End.
CC: in body of email causes message to be blocked
Hello, We have recently changed our email hosting provider and our new provider uses SpamAssassin on our mail server. SpamAssassin is being run through CPanel 10, and when enabling it I receive these configuration details: -- Attempting to enable SpamAssassin... X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on server4.virtuosonetsolutions.com X-Spam-Level: * X-Spam-Status: No, score=1.0 required=12.0 tests=AWL,BAYES_05,MISSING_SUBJECT, NO_RECEIVED,NO_RELAYS,TO_CC_NONE autolearn=no version=3.1.7 From: "Spam Assassin" Spam Assassin has been enabled on this account SpamAssassin is now: enabled -- When we have SpamAssassin enabled, we are unable to receive some messages. I've narrowed down the problem to any message with the three characters 'C' 'C' ':' (I've separated them so I can send this message out) in the body of the message. When any email address sends us a message with this in the body, the message seems to be rejected by our mail server. The original sender of the message is not notified, and no message, not even one with re-written headers and a SPAM score comes to the recipient. When I turn off SpamAssassin, these messages are received fine. So it seems obvious that SpamAssassin is blocking messages with 'C' 'C' ':' in their body, but this doesn't seem to be a filter rule, because no message gets through, even when I have SpamAssassin set to forward all messages. I'm guessing SpamAssassin is misconfigured, unfortunately I don't have much access to its configuration, only what is available through CPanel. Does anybody have any ideas what could be happening here? -- Best regards, Steven Danneman <[EMAIL PROTECTED]> ITTIA - Mobile and Embedded Database Solutions 425 462 0046 | direct 425 462 0048 | fax Download a free evaluation of ITTIA DB at: http://www.ittia.com/community/request/ittiadb
Re: Anyone had the pleasure of this one?
On 2006-10-21, David Baron <[EMAIL PROTECTED]> wrote: > -- Forwarded Message -- > > Mail server report. > > Our firewall determined the e-mails containing worm copies are being sent > from your computer. > > Nowadays it happens from many computers, because this is a new virus type > (Network Worms). > > > Using the new bug in the Windows, these viruses infect the computer > unnoticeably. After the penetrating into the computer the virus harvests all > the e-mail addresses and sends the copies of itself to these e-mail > addresses > > Please install updates for worm elimination and your computer restoring. > > Best regards, > Customers support service Yes, I remember getting ones like this a couple years ago already. Amusing, since they implied that I should apply their Windows updates to my FreeBSD system. -- John ([EMAIL PROTECTED])
Re: auto-whitelist and MySQL Problems
On Sat, October 21, 2006 21:18, Magnus Anderson wrote: > The Bayes are working, but the AWL are not. is AWL plugin loaded in ? > Is there some problem in SA 3.14 for this? not to what i know of -- "This message was sent using 100% recycled spam mails."
Re: a
On Friday 20 October 2006 02:53, Angel L. Mateo wrote: > Hello, > > I am using spamassassin with postfix and amavis on a debian sarge > server. The versions I use are: > > * postfix: 2.1.5 > * amavisd-new > * spamassassin: 3.1.0a > > The problem I have is that emails sent by one of my users is always > tagged as spam, although messages aren't spam. The spamassassin flags in > the received email are: > > X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at telemat.um.es > X-Spam-Status: Yes, hits=9.5 tagged_above=0.0 required=5.0 > tests=ALL_TRUSTED, AWL > X-Spam-Level: * > X-Spam-Flag: YES > > As you can see, the only matching tests are: > > * ALL_TRUSTED: because the mail has only pass through trusted servers > (in fact, just my mail server). > * AWL: auto whitelist. According to the documentation, I think that this > is just a history of the score of his mails. > > Why could be the reason for this wrong tagging? > > As far as I can guess, the problem could be the AWL (I think that this > user is the same that had a problem some months ago with a worm virus > sending a lot of emails), but I run: > > spamassassin --remove-addr-from-whitelist= > > And the problem was still there. > > Any help? Do you use global AWL or per user? If it's per user then perhaps you ran spamassassin --remove-addr-from-whitelist= from your root account, in which case only e-mails sent to the root account will have the AWL reset. -- Take care, Chris
Re: Scoring PTR's
David B Funk wrote: On Thu, 19 Oct 2006, Jo Rhett wrote: Richard Frovarp wrote: Or for any machine that hosts more domains than has IPs. Even being able to edit the reverse doesn't mean it will always be the same. How many different names does your mailserver use in its HELO? And what mailserver is that? That's not possible in qmail, postfix, sendmail, et al... You're a bit behind the times Jo, check out the 'h' argument to 'ClientPortOptions' or the 'HeloName' variable in sendmail 8.13. I can find no documentation of either. Googling just gets me lots of examples of a script called SendMail() Looking at the code, heloname would appear to be statically defined, which brings me back to my original point: how many names does his mailserver use in helo? Sure, if it has 3 interfaces (and uses them all) then he'll need three names. But he won't need 1000 or however many virtual hosts he has... -- Jo Rhett Network/Software Engineer Net Consonance
Spam using local newspapers
Hello, I receive some spam today using parts of local newspapers. Just a mixup from some articals put together so my Bayes won't mark it as spam. This is my first time I see spam using local (Dutch) newspapers for this. Normally it is a English random text. Am I the only one seeing this or are there more (Dutch) users seeing this. -- With kind regards, Maurice Lucas TAOS-IT
Re: This image is turning frequent..
Steve Lake raiden.net> writes: > Yeah, I'm seeing that too. Any ideas on how to do that? I just wrote a little program which - examines a GIF animation and stores its size - stores delay time, size, left offset, and top offset of each single picture - calls gifasm to extract the single pictures - calls giftopnm to convert them into PNM files - creates one empty PNM according to the size of the GIF file - copies the content of each single PNM file according to its offsets into the empty PNM file - stops working if the delay time is much bigger then the previous ones - saves the PNM file After that I got a PNM file which looks exactly like the GIF animation when it has finished to move. This PNM file can be passed to GOCR and converted into plain text with good results. Paul Lenz
SA barfing on some messages?
Do you guys ever get parse() to bail out on a message? I seem to get that every once in a while. my $mail = $spamtest->parse($message); Thanks! Joe
Re: Spamassassin effectiveness, BAYES_99
Michael Beckmann schrieb: Greetings! Hello! In the past few weeks, I have noticed significant amounts of spam passing through my filter. It is reaching a level that annoys me. I use Spamassassin 3.1.7. I used to get maybe one or two spam messages a day earlier this year with 200+ spams filtered. Now I get 10 to 20 spams per day that are not automatically filtered (while something like 300+ are filtered.) Did anybody else notice this? Are spammers becoming more effective in working around SpamAssassin? I examined the spam, and it seems that the majority of the messages score BAYES_99 and nothing or hardly anything else. BAYES_99 is not enough to filter the messages. I use the standard threshold of 5. Oh you are lucky, often such messages here only score BAYES_80 or BAYES_50 (bayes is trained nearly daily ...). I have been tempted to increase the BAYES_99 score to 5. I have seen that only very few ham messages of the newsletter type ever score BAYES_99 in my inbox. Do others make similar observations? How do you deal with this? As others suggested i would try to set the treshold near 4.0. (I had some false-positives with list-mails see bottom, (but bayes was BAYES_00) but with no "regular-off-list-mails"). I am considering a "custom rule" to give messages with urls e.g. a score of say 1.0, to get those message which hit no other rules but bayes_99 over the treshold. How do you think about this (i know it would also affect many ham-mails but since these usually dont get "other scores" it might not be dangerous?) Is someone using such a rule and can give an example? Thanks, Michael Greetings and hth MH a "false-positive" list-mail: Content preview: Yes, spamassassin definitely RULES! ;-D RE: Spamassassin Rules Yes, spamassassin definitely RULES! ;-D [...] Content analysis details: (4.3 points, 5.0 required) pts rule name description -- -- 1.7 RCVD_NUMERIC_HELO Received: contains an IP address used for HELO -2.3 BAYES_00 BODY: Bayesian spam probability is 0 to 1% [score: 0.0020] 1.5 HTML_SHORT_LENGTH BODY: HTML is extremely short 0.0 HTML_MESSAGE BODY: HTML included in message 3.5 FORGED_OUTLOOK_TAGSOutlook can't send HTML in this format -0.1 AWLAWL: From: address is in the auto white-list
Does skip_rbl_checks have influence on razor 2 and DCC?
Hi, does anybody know if disabling "skip_rbl_checks" does stop razor 2 checks and DCC too even if razor2 and dcc are enabled in local.cf? Best regards Volker
Bayes ?
Hi he have a spam file for add to a new SA installation ? for don't start at 0 Thanks for your answer
click here
Subject: Need software? Click here. right click in subject line to see the webpage, with browsers support this :-) -- "This message was sent using 100% recycled spam mails."
Re: Concerned with scores for from rfc-ignorant.org
JADP - the rfc-ignorant rules lost us some important email today. The customer was throwing away all mail tagged as SPAM after many months of no false positives. I've turned those rules off on my site, and continue as always to encourage my users to check their tagged mail before tossing it. IMHO if a rule is getting legit email tagged as SPAM it should be toned down. Obeying the RFC's is a good thing, but I am trying to tune our spam filter to filter spam, not to be a netcop. Our particular contact seems to have gotten onto rfc-ignorant's list because it is rejecting mail from <>, nothing to do with sending spam, and it's a legitimate site, neither a spammer nor an ISP (nor in a computer related field, nor English speaking...) Betsy
Re: Anyone had the pleasure of this one?
I had several of them. The first one apparently was the one I forwarded. The others all got flagged by clamav so the updated signatures must have come in between the posts. > Yes, I've gotten that one recently.. It's funny, but it's just another > virus. > > The one I got was missed by all 3 AV products I use (clam, bitdefender, > command). I submitted it to clamav and it's now caught as a variant of > trojan-small. > > David Baron wrote: > > (Virus attachment removed) > > > > -- Forwarded Message -- > > > > Subject: Mail server report. > > Date: Saturday 21 October 2006 18:42 > > From: [EMAIL PROTECTED] > > To: [EMAIL PROTECTED] > > > > Mail server report. > > > > Our firewall determined the e-mails containing worm copies are being sent > > from your computer. > > > > Nowadays it happens from many computers, because this is a new virus type > > (Network Worms). > > > > > > Using the new bug in the Windows, these viruses infect the computer > > unnoticeably. After the penetrating into the computer the virus harvests > > all the e-mail addresses and sends the copies of itself to these e-mail > > addresses > > > > Please install updates for worm elimination and your computer restoring. > > > > Best regards, > > Customers support service > > > > ---
Re: Installing URIDNSBL
Terry Allen wrote: > Hi all, > I'm a long time SA user - my system runs Mac OSX 10.4.x, running > Postfix, Maia Mailguard, ClamAV, Amavisd-new & now SpamAssassin 3.1.7 > since upgrading 4 days ag, the SA installation intercepts all inbound > mail for scanning prior to delivery. > Recently, I've discovered the URIDNSBL plugin & I am wondering if > this is installed as part of the SA installation procedure or if it's > an optional extra. Part of all versions of SA 3.0.0 or higher. Just make sure the plugin line for it is not commented out in your init.pre, and make sure you have a fairly recent Net::DNS.
Re: DNS lookup plugin?
Chris St. Pierre wrote: I use Postfix and, for a while, I had reject_unknown_hostname as part of my smtpd_helo_restrictions. For those who aren't familiar, reject_unknown_hostname will: Reject the request when the hostname in the client HELO (EHLO) command has no DNS A or MX record. This was insanely effective; SpamAssassin started to get lonely while I had this enabled. I was dropping massive amounts of spam at connection time -- but, unfortunately, I had a fair number of FPs as well, due to misconfigurations, or, more frequently than I'd hoped, mail outsourcing firms giving a bogus HELO. (That is, mail from foobar.com, outsourced to sendmailstupidly.com, would give "HELO mail.foobar.com" -- which doesn't exist.) I'd love to get this behavior in a SpamAssassin plugin so that the FPs would have a better chance of getting through. Does something like this exist, or do I need to rev up my Perl? try policyd-weight. it's a score based policy server for postfix.
rules to catch mangled phone numbers
Is it possible to write a quick rule to catch phone numbers mangled with [\- *] in between Like these 1--314--414---4001 If someone is writing phonenumbers this way there is enough reason to believe he is a spammer Thanks Ram
Re: Installing URIDNSBL
On Friday, October 20, 2006, 9:26:29 PM, Terry Allen wrote: Hi all, I'm a long time SA user - my system runs Mac OSX 10.4.x, running Postfix, Maia Mailguard, ClamAV, Amavisd-new & now SpamAssassin 3.1.7 since upgrading 4 days ag, the SA installation intercepts all inbound mail for scanning prior to delivery. Recently, I've discovered the URIDNSBL plugin & I am wondering if this is installed as part of the SA installation procedure or if it's an optional extra. If it's an optional extra, can anyone let me know how to install it or point me to a how-to to get it running successfully with SA - many thanks for any help with this. Hi Terry, uridnsbl is a standard part of SA starting with version 3. To enable it you need to install a recent version of the perl module Net::DNS and you need to enable network tests. Some references are at: http://www.surbl.org/faq.html#nettest Jeff C. Hi again, Thanks for the reply Jeff - Net::DNS is installed on my server - is there some way to determine whether the URIDNSBL plugin is working? -- Bye for now, Terry Allen ___ hEARd Postal Address: hEARd, 26B Glenning Rd, Glenning Valley, NSW 2261, Australia Internet - WWW: http://heard.com.au http://itavservices.com EMAIL: [EMAIL PROTECTED] Phone: Australia - 02 4388 1400 / International - + 61 2 43881400 Mobile: Australia - 04 28881400 / International - 61 4 28881400 --- Non profit promotion for new music - since 1994 ---
Re: Spamassassin effectiveness, BAYES_99
R Lists06 wrote: From: Benny Pedersen > i have changed bayes scores to catch most spam here, and changed threshold to learn spam / ham with less range so it more accurate and prevents bayes poinson on the same time, just have them at scores so spam is still autolearned, and ham is still autolearned, check that you don't have whitelist with -100 for spam mails :) if you use whitelist from or whitelist at all make sure it will not trigger the bayes ham learnning on its own if your bayes have nearly same count of spam / ham msgs its good manualy learn helps aswell -- Im not sure I am following the whitelist comments above. What do you mean and how do we prevent whitelisting from triggering the bayes on its own. If you have bayes auto-learning enabled, you can disable it for messages that are in your whitelist. It is especially useful for the spamassassin mailing list, which often contains examples of spam, so you whitelist the mailing list, but you don't want those message to be auto-learned as ham. In your local.cf: whitelist_from_rcvd [EMAIL PROTECTED] apache.org # SA List bayes_ignore_from [EMAIL PROTECTED] perldoc Mail::SpamAssassin::Conf for more bayes_ignore info -- Chris
Re: This image is turning frequent..
Steve Lake raiden.net> writes: > Yeah, I'm seeing that too. Any ideas on how to do that? For now > I've been falling back on a procmail hack to toss all messages with > images embedded in the HTML of the message into their own folder. I just wrote a little program which - examinates GIF animation files - detects the left and top offsets and the delay times - calls gifasm to extract the single pictures - calls giftopnm to convert the single pictures - creates one PNM file according to the global width and height - copies all the extracted PNM pictures into the big file according to the detected offsets - stops working when the delay time of the current picture is much bigger than the previous delay times - saves the big PNM file This PNM file looks exactly like the animation after it has finished moving, and can be passed to GOCR with a good result. Paul Lenz
RE: Psst!
On Sat, October 21, 2006 17:04, Maurice Lucas wrote: > So one stupid spammer did put smtp before the usernames. spammer tested if the domain have catch all now you can "grep User /var/log/maillog" if using postfix :-) and then block the ip -- "This message was sent using 100% recycled spam mails."
Re: Psst!
On Thu, October 19, 2006 13:41, Matt Kettler wrote: > Another thing I've been noticing recently.. some idiot has been culling > the web archives of mailing lists, and is trying to send spam emails to > MESSAGE ID's of posts I've made. Check your mail logs! damm don't tell :-) i have a whole subdomain as a spamtrap so [EMAIL PROTECTED] policyd[1] have .example.tld as spamtrap > One or more of those would make a great spamtrap. one should be enough :-) [1] http://policyd.sourceforge.net/ -- "This message was sent using 100% recycled spam mails."
Re: FuzzyOCR and Animated GIFs
On Saturday 14 October 2006 02:24, Lee Manevitch wrote: > I think I already know the answer to this, but does FuzzyOCR process > all frames of an animated GIF? Not out of the box, but it can do if you have a recent version of netpbm which supports "giftopnm -image=all". There are two calls to giftopnm in FuzzyOCR.pm, add that option to them both. I'm not sure when this option cam in: version 10.0 on Debian doesn't have it but version 10.25 on RHEL/CentOS does. You will also want to change all occurrences of "$image_count gt" to say "$image_count >", and of "$image_count lt" to say "$image_count <" Nick
Re: Anyone had the pleasure of this one?
David Baron wrote: (Virus attachment removed) -- Forwarded Message -- Subject: Mail server report. Date: Saturday 21 October 2006 18:42 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Mail server report. Our firewall determined the e-mails containing worm copies are being sent from your computer. Nowadays it happens from many computers, because this is a new virus type (Network Worms). Using the new bug in the Windows, these viruses infect the computer unnoticeably. After the penetrating into the computer the virus harvests all the e-mail addresses and sends the copies of itself to these e-mail addresses Please install updates for worm elimination and your computer restoring. Best regards, Customers support service --- Yep. It hit a few of our clients a week or so ago. Caused confusion for a while. We still get some, but the AV catches them now so they are dropped by our front end MTAs.
Re: Re[4]: Any comments of the SpamHaus lawsuit?
I got this on my google alerts Can anyone confirm http://www.mercurynews.com/mld/mercurynews/business/technology/15809465.htm CHICAGO - A federal judge presiding over a spam dispute rejected a marketing company's request to suspend the domain name of an anti-spam group that ignored an $11.7 million judgment against it. U.S. District Court Judge Charles P. Kocoras denied a proposed motion from e360 Insight, which sued the Spamhaus Project over its "black list" of spammers. Wheeling, Ill.-based e360 Insight contends it is improperly on the list because it is a direct marketer that does not send unsolicited e-mail. The Spamhaus Project did not bother defending itself and refused to recognize Kocoras' $11.7 million judgment against it, saying the court had no jurisdiction over the U.K.-based group. So e360 Insight asked that the judge order the spamhaus.org domain suspended. But Kocoras said Thursday that the requested action was too broad and would cut off all lawful online activities of Spamhaus, not just those targeted by any court order. Service providers and others use Spamhaus' list to help identify which messages to block, send to a "junk" folder or accept. Spamhaus claims that more than 650 million Internet users benefit from its list of spammers.
Horribly corrupted spam or new exploit attempt?
I've seen a couple different events in my logs where it would appear the spam was so corrupted that postfix thought it had dozens of message IDs and went into a cleanup frenzy: Oct 21 15:40:06 pen postfix/cleanup[13571]: 3965B176A0: message-id=<[EMAIL PROTECTED]> Oct 21 15:40:06 pen postfix/cleanup[13571]: 3965B176A0: message-id=<[EMAIL PROTECTED]> Oct 21 15:40:06 pen postfix/cleanup[13571]: 3965B176A0: message-id=<[EMAIL PROTECTED]> ... huge snippage Oct 21 15:40:06 pen postfix/cleanup[13571]: 3965B176A0: message-id= Oct 21 15:40:06 pen postfix/cleanup[13571]: 3965B176A0: message-id=<[EMAIL PROTECTED]> Oct 21 15:40:06 pen postfix/cleanup[13571]: 3965B176A0: message-id=Human Growth Hormone Oct 21 15:40:06 pen postfix/cleanup[13571]: 3965B176A0: message-id=<[EMAIL PROTECTED]> Oct 21 15:40:06 pen postfix/cleanup[13571]: 3965B176A0: message-id=Hangover Pills Oct 21 15:40:06 pen postfix/cleanup[13571]: 3965B176A0: message-id=<[EMAIL PROTECTED]> It went on that way for what appears to be an entire html message. [Un]fortunately that ever it was scored so high (37) it went to /dev/null and I never saw the source. Has anyone else seen this? -- _ John Andersen
Re: Installing URIDNSBL
On Sat, October 21, 2006 06:26, Terry Allen wrote: if it's an optional extra, can anyone let me know how to install it or point me to a how-to to get it running successfully with SA - many thanks for any help with this. find /etc/mail/spamassassin/ look for any file there ends with pre there you can anable this plugin if needed hope its same path on mac :-) Hi again, Thanks Benny - hopefully as Jeff Chen's emailed indicates, it's a standard & I won't have to do anything to add it in. -- Bye for now, Terry Allen ___ hEARd Postal Address: hEARd, 26B Glenning Rd, Glenning Valley, NSW 2261, Australia Internet - WWW: http://heard.com.au http://itavservices.com EMAIL: [EMAIL PROTECTED] Phone: Australia - 02 4388 1400 / International - + 61 2 43881400 Mobile: Australia - 04 28881400 / International - 61 4 28881400 --- Non profit promotion for new music - since 1994 ---