Re: Is overall spam volume down?
We're seeing the same here, however they'll probably be back shortly with double the volume ;-) On Sat, Feb 03, 2007 at 09:50:11PM +0100, Michael Beckmann wrote: Date: Sat, 03 Feb 2007 21:50:11 +0100 From: Michael Beckmann [EMAIL PROTECTED] To: Andy Figueroa [EMAIL PROTECTED], users@spamassassin.apache.org Subject: Re: Is overall spam volume down? --On Monday, 29. Januar 2007 08:28 -0500 Andy Figueroa [EMAIL PROTECTED] wrote: My overall spam volume (2 different servers) is off by 1/2 of what it was 2 weeks ago. This has been sustained for over a week. Good for you. I received about 200 Megabytes of spam in the first month of this year, this seems to be more than ever. Most was filtered out by Spamassassin of course. Michael
Re: Command line option to disable AWL?
Matt Kettler writes: Alexis Manning wrote: I use SA as an enduser. In my setup, messages in a certain score range arenât delivered to the mailbox but are held for a few hours so they can be resubmitted, giving DNSBLs/DCC a chance to pick up on new spam. The idea here is that very high scoring messages (for me 15) are dumped in a folder that is never reviewed but intermediate scoring messages are put in a folder that is reviewed, so a recheck allows the effort of manually checking mail to be minimised. This works pretty well for me but the AWL sometimes gets in the way: the second time messages are processed they are often scored higher because of the DNSBL hits but the AWL averaging causes lots of points to be taken off! Is there any way of either undoing the effect of AWL after the message is first processed and I decide it needs to be rescanned later, or a command-line option to stop AWL being applied the second time round? No, there is no command line option at all. But you can use the command-line to force an alternate user_prefs file, and have that file contain a use_auto_whitelist 0. Assuming you're using the spamassassin command line script for your second scan, the -p option will over-ride the user_prefs file with any other file you specify. for what it's worth, in 3.2.0 you can also use a new --cf switch: spamassassin --cf use_auto_whitelist 0 ... --j.
Re: Command line option to disable AWL?
[EMAIL PROTECTED] says... Matt Kettler writes: But you can use the command-line to force an alternate user_prefs file, and have that file contain a use_auto_whitelist 0. Assuming you're using the spamassassin command line script for your second scan, the -p option will over-ride the user_prefs file with any other file you specify. for what it's worth, in 3.2.0 you can also use a new --cf switch: spamassassin --cf use_auto_whitelist 0 ... Do you know if that option will be supported by spamc as well? If so I'll probably hang fire until 3.2.0 is released. -- A.
RE: useful SA on Suse 9.0
-Original Message- From: Sebastian Ries [mailto:[EMAIL PROTECTED] Sent: Friday, February 02, 2007 9:10 AM To: users@spamassassin.apache.org Subject: useful SA on Suse 9.0 Hi there I have an old machine running Suse 9.0 with SA version 2.55 . For certain reasons I am not able to update the whole system but as there is too much undetected Spam I need to update SA. Does anyone have suggestion how to install an up-to date SpamAssassin on this system? Any hints are welcome! Regards Sebastian Ries This is for SA + Amavisd-new: Recompile the following src.rpm (some of the for use with FuzzyOCR), take them from OpenSuse factory: perl-MLDBM-2.01-280.src.rpm perl-Convert-UUlib-1.051-31.src.rpm perl-MLDBM-Sync-0.30-276.src.rpm perl-IO-Multiplex-1.08-14.src.rpm perl-Archive-Tar-1.30-17.src.rpm perl-Net-Server-0.94-18.src.rpm perl-IO-String-1.08-30.src.rpm perl-BerkeleyDB-0.31-12.src.rpm perl-Tie-Cache-0.17-274.src.rpm perl-MIME-tools-5.420-20.src.rpm perl-Compress-Zlib-1.42-20.src.rpm perl-Tie-IxHash-1.21-618.src.rpm perl-IO-Zlib-1.04-29.i586.src.rpm You can compile these from src.rpms taken from Anders Norrbring ftp: amavisd-new-2.4.4-4.i586.rpm perl-spamassassin-3.1.7-3.i586.rpm spamassassin-3.1.7-3.i586.rpm After you compile and install all these make sure your local.cf and amavisd.conf are of the new format (read release notes for SA 3.1) Note: - Due to the database format change, you will want to do something like this when upgrading: - stop running spamassassin/spamd (ie: you don't want it to be running during the upgrade) - run sa-learn --rebuild, this will sync your journal. if you skip this step, any data from the journal will be lost when the DB is upgraded. - upgrade SA to 3.0.0 - run sa-learn --sync, which will cause the db format to be upgraded. if you want to see what is going on, you can add the -D option. - test the new database by running some sample mails through SpamAssassin, and/or at least running sa-learn --dump to make sure the data looks valid. - put new local.cf to its location - check the syntax of SA amavisd-new # spamassassin --lint # su vscan # /usr/sbin/amavisd debug OR su - vscan -c '/usr/sbin/amavisd debug' -- DT Netsolution GmbH - Talaeckerstr. 30 - D-70437 Stuttgart Tel: +49-711-849910-36 Fax: +49-711-849910-936 WEB: http://www.dtnet.de/ email: [EMAIL PROTECTED]
Re: Is overall spam volume down?
I only have a small installation but have seen a 50% increase in SPAM recently :( and a lot of it isn't be caught, even with splenty of rules and FuzzyOCR, due to them being very well worded emails :( :( On Sun, 04 Feb 2007 15:53:23 + Matt Richards [EMAIL PROTECTED] wrote: I would of thought that spammers would just give up and put their efforts into another form of advertising, I guess alot of spam stuff gets to alot of people :( John wrote: We're seeing the same here, however they'll probably be back shortly with double the volume ;-) On Sat, Feb 03, 2007 at 09:50:11PM +0100, Michael Beckmann wrote: Date: Sat, 03 Feb 2007 21:50:11 +0100 From: Michael Beckmann [EMAIL PROTECTED] To: Andy Figueroa [EMAIL PROTECTED], users@spamassassin.apache.org Subject: Re: Is overall spam volume down? --On Monday, 29. Januar 2007 08:28 -0500 Andy Figueroa [EMAIL PROTECTED] wrote: My overall spam volume (2 different servers) is off by 1/2 of what it was 2 weeks ago. This has been sustained for over a week. Good for you. I received about 200 Megabytes of spam in the first month of this year, this seems to be more than ever. Most was filtered out by Spamassassin of course. Michael -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Re: SA-gen'd message report headers appear differently (with/without linebreaks) in different mail clients
Is that the OS X version? yes, it is. Plus what version of t-bird are you using? Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8.1.2pre) Gecko/20070203 BonEcho/2.0.0.2pre I use the linux version and mine has a lot more under that option than yours is showing. Go figure. :-/
Re: SA-gen'd message report headers appear differently (with/without linebreaks) in different mail clients
oops ... that was for FF. this is for TB, Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8.1.2pre) Gecko/20070203 Thunderbird/2.0pre Mnenhy/0.7.4.10005
Re: SA-gen'd message report headers appear differently (with/without linebreaks) in different mail clients
snowcrash wrote: oops ... that was for FF. this is for TB, Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8.1.2pre) Gecko/20070203 Thunderbird/2.0pre Mnenhy/0.7.4.10005 version 1.5.0.9 (20070104) is what I use. I do build it from source but that shouldn't make any difference. I try to avoid pre-releases for things such as T-Bird/Firefox and am not sure you could actually revert back to the 1.5.0.9 stable version. Looks like there are some options gone missing in the 2.x branch. ::sigh:: -- -Doc Penguins: Do it on the ice. 11:04am up 1 day, 2:30, 17 users, load average: 1.16, 0.86, 0.68 SARE HQ http://www.rulesemporium.com/
Re: SA-gen'd message report headers appear differently (with/without linebreaks) in different mail clients
version 1.5.0.9 (20070104) is what I use. I do build it from source but that shouldn't make any difference. i've never successfully managed a build of anything-mozilla. not that it's a priority ... I try to avoid pre-releases for things such as T-Bird/Firefox and am not sure you could actually revert back to the 1.5.0.9 stable version. FF2 Tbird2 have been, generally, far more stable for me than their 15x counterparts ... but, yes, it's a beta. Looks like there are some options gone missing in the 2.x branch. ::sigh:: alas, yes.
Re: Command line option to disable AWL?
On Sun, Feb 04, 2007 at 12:45:31PM -, Alexis Manning wrote: Do you know if that option will be supported by spamc as well? If so I'll probably hang fire until 3.2.0 is released. spamd doesn't take configuration from spamc, so no. -- Randomly Selected Tagline: I don't think Microsoft is evil in itself; I just think they make really crappy operating systems.- Linus Torvalds pgpNJHMeHBnRO.pgp Description: PGP signature
Sender domain must have a DNS MX
I am getting the following as a bounced message when I send mail to this one person: [EMAIL PROTECTED]: host tane-uma.de[81.169.136.73] said: 550 5.2.1 Mailbox unavailable. Sender domain must have a DNS MX or A/CNAME record. (in reply to RCPT TO command) I have never seen anything like this for any other email I send from the same server, and I am wondering if it is something I have set up wrong, or a problem on their end. I assume this is a spam prevention technique. I run several (virtual) domains off my one server, so if they are doing a reverse DNS lookup, it is not going to return the correct domain, but I know a lot of servers do this as well.If this is indeed what they are doing, how can you set up a sever that hosts several domains off a single IP address to not fail this spam test? The other thing that might be complicating this is that server1.net (1.2.3.1) hosts email for email1.net and email2.net. But, when I send email for [EMAIL PROTECTED], server2.net (1.2.3.2) is the outgoing server. I do this so I can just manage one severs that is relaying mail from client apps (thunderbird). I don't think this is that abnormal, if not, how do I make it work correctly for this kind of spam detection? Or is the receiving server just broken? I apologize that this isn't a 100% spamassassin related question. Ron
RE: Sender domain must have a DNS MX
Not enough information. You show the recieving email server, but don't say anything about the sender. 1.2.3.1 is not valid, but we'd need the domain name anyhow. I'm assuming gmail.com is not itg. No, the reverse IP name doesn't have to match the MX server name, but it does have to result in a name with an A record of the same IP. It looks like maybe they are complaining about the sender address being unreachable, but without the sender address, it's hard to research. No, that is normal for multiple domains on the same IP. I don't think the reciever is broken, either. At least, I don't have enough info to say yet. Dan -Original Message- From: Ron [mailto:[EMAIL PROTECTED] Sent: Sunday, February 04, 2007 3:01 PM To: users@spamassassin.apache.org Subject: Sender domain must have a DNS MX I am getting the following as a bounced message when I send mail to this one person: [EMAIL PROTECTED]: host tane-uma.de[81.169.136.73] said: 550 5.2.1 Mailbox unavailable. Sender domain must have a DNS MX or A/CNAME record. (in reply to RCPT TO command) I have never seen anything like this for any other email I send from the same server, and I am wondering if it is something I have set up wrong, or a problem on their end. I assume this is a spam prevention technique. I run several (virtual) domains off my one server, so if they are doing a reverse DNS lookup, it is not going to return the correct domain, but I know a lot of servers do this as well.If this is indeed what they are doing, how can you set up a sever that hosts several domains off a single IP address to not fail this spam test? The other thing that might be complicating this is that server1.net (1.2.3.1) hosts email for email1.net and email2.net. But, when I send email for [EMAIL PROTECTED], server2.net (1.2.3.2) is the outgoing server. I do this so I can just manage one severs that is relaying mail from client apps (thunderbird). I don't think this is that abnormal, if not, how do I make it work correctly for this kind of spam detection? Or is the receiving server just broken? I apologize that this isn't a 100% spamassassin related question. Ron