Re: Fighting ham
On Wed, 18 Apr 2007, Faisal N Jawdat wrote: On Apr 18, 2007, at 4:26 PM, Robert Fitzpatrick wrote: Thanks, we are rebuilding bayes and now have in SQL with auto learn on, is that good? Now has over 25K spam, but just 180 ham. You *really* want to train with more ham than spam. I have a hard time believing auto learn could be so off-balance. I had auto learn turned on here once and the two were usually within 200-300 messages. Before I turned auto learn off, the bayes_token table had over 85 million records in just over three weeks. We ended up letting our customers choose whether they wanted to use auto learn or not through using the sasql plugin for SquirrelMail.
Re: Fighting ham
Does this really mean that auto-learn is "out of balance"? My first guess is that this site probably relies only on SA to combat spam and does little at the MTA level to reject UBE mail. They may even run a catch-all account which would markedly increase his spam count if he is not rejecting for non-existent users. At my small mail server even with MTA restrictions, conservative ones, in place our spam hits out number ham by probably 4-5 to 1. It is just the nature of the beast. I do agree that he needs to manually train his bayes bases and probably keep feeding ham into the bayes engine. after it starts to fire. As an aside do you use any MTA restrictions and/or greylisting? Best Duane Hill wrote: > On Wed, 18 Apr 2007, Faisal N Jawdat wrote: > >> On Apr 18, 2007, at 4:26 PM, Robert Fitzpatrick wrote: >>> Thanks, we are rebuilding bayes and now have in SQL with auto learn >>> on, is that good? Now has over 25K spam, but just 180 ham. >> >> You *really* want to train with more ham than spam. > > I have a hard time believing auto learn could be so off-balance. I had > auto learn turned on here once and the two were usually within 200-300 > messages. Before I turned auto learn off, the bayes_token table had > over 85 million records in just over three weeks. We ended up letting > our customers choose whether they wanted to use auto learn or not > through using the sasql plugin for SquirrelMail. >
Rules report
I've seen some others on the list here show reports of the different rules and how much they hit. How can I produce these reports? And is it possible to produce a report like this by domain name? -- Robert
Re: Fighting ham
On Thu, 19 Apr 2007, Craig Carriere wrote: Does this really mean that auto-learn is "out of balance"? My first guess is that this site probably relies only on SA to combat spam and does little at the MTA level to reject UBE mail. They may even run a catch-all account which would markedly increase his spam count if he is not rejecting for non-existent users. At my small mail server even with MTA restrictions, conservative ones, in place our spam hits out number ham by probably 4-5 to 1. It is just the nature of the beast. I do agree that he needs to manually train his bayes bases and probably keep feeding ham into the bayes engine. after it starts to fire. As an aside do you use any MTA restrictions and/or greylisting? I'm using Postfix+ClamAV+SA on our two border filter servers. Roughly 95% of all inbound is messages are weeded out before getting to our internal server our customers use. I have a couple internal blacklists used and greylisting. And, I had set the following values within the local.cf: bayes_auto_learn_threshold_nonspam 0.01 bayes_auto_learn_threshold_spam 18.0 Their normal defaults are 0.1 and 12.0 respectively. I had set a higher value for auto learn as you don't have hardly any control over what messages get learned in either direction. Some others on this list have the auto learn values set even higher. As far as the numbers mentioned by the OP, 25,000 spam to 180 ham? That is a lot more than your ~5 to 1. I would not have suspected auto learn to be that far off.
Re: Rules report
Robert Fitzpatrick wrote: > I've seen some others on the list here show reports of the different > rules and how much they hit. Most of them are quoting the ones out of the official ruleset mass-check results. Those are in the tarball under the rules directory as STATISTICS*.txt > How can I produce these reports? Generate a hand sorted set (corpus) of spam and nonspam messages and then feed them into the mass-check tool. Note: this is really a developer tool, so its use should be considered "advanced" See also: http://wiki.apache.org/spamassassin/MassCheck > And is it > possible to produce a report like this by domain name? > By domain? Sure, create a separate corpus for each. That said, it sounds like you're thinking of using this to monitor your live mail feeds. It's impossible to produce these reports accurately on live email. You must have a hand-sorted set of spam and nonspam to work with, that way the tool knows for sure when a rule is matching spam, or nonspam. If you try to build it off a live feed and use SA's marking as the spam criteria, your statistics are useless. Any rule with a high enough score would get "perfect" results.. all the mail it matched would be spam, and no nonspam. You have, essentially, created a "self fulfilling prophecy". The higher-scoring a rule is, the more likely messages that match it will be tagged as spam, even if they're not really spam.
Re: Rules report
Matt Kettler wrote: > If you try to build it off a live feed and use SA's marking as the spam > criteria, your statistics are useless. Any rule with a high enough score > would get "perfect" results.. all the mail it matched would be spam, and > no nonspam. You have, essentially, created a "self fulfilling prophecy". > The higher-scoring a rule is, the more likely messages that match it > will be tagged as spam, even if they're not really spam. > Self correction. Such stats aren't "useless", it depends on what you want out of them. If you want to know how accurate a particular rule is, by comparing the spam vs nonspam hit rates, those stats are useless, because of the bias. You need a manually sorted corpus to get this kind of information. If you want to see which rules are getting used a lot, vs those that are rarely getting used, these stats are quite useful. If you want a "top x rules" list, sa-stats can do that for you: http://www.rulesemporium.com/programs/sa-stats.txt It will parse a spamd logfile and report the most-frequently used spam and nonspam rules (and you can configure how many it will list for each) > > >
Re: Rules report
* Matt Kettler wrote (19/04/07 14:49): Matt Kettler wrote: If you try to build it off a live feed and use SA's marking as the spam criteria, your statistics are useless. Any rule with a high enough score would get "perfect" results.. all the mail it matched would be spam, and no nonspam. You have, essentially, created a "self fulfilling prophecy". The higher-scoring a rule is, the more likely messages that match it will be tagged as spam, even if they're not really spam. Self correction. Such stats aren't "useless", it depends on what you want out of them. If you want to know how accurate a particular rule is, by comparing the spam vs nonspam hit rates, those stats are useless, because of the bias. You need a manually sorted corpus to get this kind of information. If you want to see which rules are getting used a lot, vs those that are rarely getting used, these stats are quite useful. If you want a "top x rules" list, sa-stats can do that for you: http://www.rulesemporium.com/programs/sa-stats.txt http://www.rulesemporium.com/programs/sa-stats-1.0.txt is probably a bit better in this case. It will parse a spamd logfile and report the most-frequently used spam and nonspam rules (and you can configure how many it will list for each) The 1.0 version can do per-domain and per-user info, given a 3.1 log. Chris
Re: Rules report
On Thu, 2007-04-19 at 15:03 +0100, Chris Lear wrote: > * Matt Kettler wrote (19/04/07 14:49): > > If you want to know how accurate a particular rule is, by comparing the > > spam vs nonspam hit rates, those stats are useless, because of the bias. > > You need a manually sorted corpus to get this kind of information. > > > > If you want to see which rules are getting used a lot, vs those that are > > rarely getting used, these stats are quite useful. > > > > If you want a "top x rules" list, sa-stats can do that for you: > > > > http://www.rulesemporium.com/programs/sa-stats.txt > > http://www.rulesemporium.com/programs/sa-stats-1.0.txt is probably a bit > better in this case. > > > > > It will parse a spamd logfile and report the most-frequently used spam > > and nonspam rules (and you can configure how many it will list for each) > > The 1.0 version can do per-domain and per-user info, given a 3.1 log. Yes, this is all I'm after, but we use Amavisd-new to pass off to SA, not spamd. The amavisd logs don't seem to show that information. Will it work? Or is there a way to do this with amavisd? -- Robert
Re: Rules report
I utilize amavisd-maia (Maia Mailguard) which provides updated rules stats. The program also provides an easy method to constantly train your bayes filters. You might want to take a look at it. Best Robert Fitzpatrick wrote: On Thu, 2007-04-19 at 15:03 +0100, Chris Lear wrote: * Matt Kettler wrote (19/04/07 14:49): If you want to know how accurate a particular rule is, by comparing the spam vs nonspam hit rates, those stats are useless, because of the bias. You need a manually sorted corpus to get this kind of information. If you want to see which rules are getting used a lot, vs those that are rarely getting used, these stats are quite useful. If you want a "top x rules" list, sa-stats can do that for you: http://www.rulesemporium.com/programs/sa-stats.txt http://www.rulesemporium.com/programs/sa-stats-1.0.txt is probably a bit better in this case. It will parse a spamd logfile and report the most-frequently used spam and nonspam rules (and you can configure how many it will list for each) The 1.0 version can do per-domain and per-user info, given a 3.1 log. Yes, this is all I'm after, but we use Amavisd-new to pass off to SA, not spamd. The amavisd logs don't seem to show that information. Will it work? Or is there a way to do this with amavisd?
RE: Rules report
Matt Kettler wrote: > > If you want a "top x rules" list, sa-stats can do that for you: > > http://www.rulesemporium.com/programs/sa-stats.txt > > It will parse a spamd logfile and report the most-frequently used spam > and nonspam rules (and you can configure how many it will list for > each) I was looking for that, but I didn't have the link and I can't find it on the site. It would be really useful if whoever is in charge of that site would put a link to this program on the Tools page. -- Bowie
SpamAssassin Client for Outlook
Hello List, I'd like to start off with a little background information to help you understand my question. I currently use Sylpheed-Claws as my email client under Linux. I have it configured so that I can select any message and press a hot key (F5, this was assigned by myself via GTK), which will execute a script on my filesystem and pass it (as a command line argument) the complete path and file name to the email that I selected. This script will then pass the complete filename of the email to spamc, which will then send the email message to a remote SpamAssassin server (spamd) and then display the complete SPAM Score (whether it is spam or not) on my local console. I set this up as an "instant feedback" mechanism so that I can easily make tweaks to my remote SpamAssassin (spamd) servers and verify that those tweaks have the intended results. This setup works like this: 1. Find a piece of email which is spam, but has not yet been tagged as spam. 2. Highlight that email. 3. Press (F5). 3a. A window will open on my computer which contains the running script. 3b. The email path / file name is passed to my script 3c. The script runs and passes the path / file name to spamc 3d. Spamc runs and passes the contents of the file to the remote spamd server. 3e. The remote spamd server analyzes the message and scores it based on its current setup. 3f. The remote spamd server returns the Spam Score report. 3g. Spamc displays the Spam Score report in the already open window on my computer. I also have a script which I can run manually (and pass the emai file as an argument) which allows me to submit the message to the remote SpamAssassin (spamd) server for learning as HAM / SPAM. Now for my question. I have a client who is running Outlook 2003. She would like the same functionality in her Outlook that I have in my mail client for processing of Spam. She is accessing her email from the network via IMAP. Does anyone know of a plugin for Outlook that will do this for her? If such a plugin does not exist, is there anyone that can help me write this plugin? I would think the procedure would go like this: 1. User selects message. 2. If the message is a email message (not calendar, contact, task, etc), then enable the 'Spam Score' button on the tool bar. 3. User clicks the 'Spam Score' button on the tool bar. 4. The message is extracted from Outlook and saved to a temp file on the file system. 5. SpamC is run against that temp file. 6. The Spam Score from SpamC is displayed on her screen. There should also be a 'Learn SPAM' and 'Learn HAM' buttons on the tool bar. Somewhere there should be a setup screen to specify the remote server name and the various options to be passed to spamc when it is called. If someone could help me out on this, that would be much appreciated! Thanks! NOTE: I am getting married on May 26, 2007. :) NOTE: I will be on my honeymoon from May 26, 2007 through June 3, 2007. NOTE: I will be on vacation from June 23, 2007 through July 8, 2007. -- Lee Leahu RICIS, Inc. Internet Technology Specialist 866-RICIS-77 Toll Free Voice (US) [EMAIL PROTECTED] 708-444-2690 Voice (International) http://www.ricis.com/ 866-99-RICIS Toll Free Fax (US) 708-444-2697 Fax (International) RICIS, Inc. is a member of the Public Safety Alliance Group This email and any attachments that are included in it have been scanned for malicious or inappropriate content and are believed to be safe.
Re: SpamAssassin Client for Outlook
>>Re: SpamAssassin Client for Outlook SpamAssassin Client for OutlookSpamAssassin Client for Outlookhttp://sawin32.sourceforge.net/ Here you'll find a POP3 proxy that is basically a Win32 edition of SA. It runs on your computer, between your mail server and outlook. And, as I said, it is fully win32 "native", no unix emulation. Might not be exactly what you wanted, but very, very close. Rob McEwen PowerView Systems [EMAIL PROTECTED]
Re: And still it fails
jpff wrote: I tried switching bayes off and it has run for 4 hrs before the failing starts again Apr 18 08:16:37 snout spamd[29102]: spamd: copy_config timeout, respawning child process after 1 messages at /usr/bin/spamd line 968. Apr 18 08:16:46 snout spamd[29096]: spamd: copy_config timeout, respawning child process after 1 messages at /usr/bin/spamd line 968. 2007-04-18 08:17:16 1He4JI-0007Z8-MA spam acl condition: error reading from spamd socket: Connection timed out 2007-04-18 08:17:41 1He4JI-0007Z8-MA H=lists9.rootsweb.com [66.43.27.45] F=<[EMAIL PROTECTED]> temporarily rejected after DATA Apr 18 08:17:54 snout spamd[27089]: prefork: child states: BIBBB Apr 18 08:17:54 snout spamd[27089]: prefork: child states: BIBBB Apr 18 08:17:54 snout spamd[29101]: spamd: copy_config timeout, respawning child process after 1 messages at /usr/bin/spamd line 968. Apr 18 08:17:56 snout spamd[27089]: prefork: child states: BIBBB Apr 18 08:19:51 snout spamd[27089]: prefork: cannot ping 29102, file handle not defined, child likely to still be processing SIGCHLD handler after killing itself Apr 18 08:19:52 snout spamd[27089]: prefork: killing failed child 29102 fd=undefined at /usr/local/share/perl/5.8.4/Mail/SpamAssassin/SpamdForkScaling.pm line 137. Apr 18 08:19:52 snout spamd[27089]: prefork: killed child 29102 Apr 18 08:19:52 snout spamd[27089]: prefork: cannot ping 29101, file handle not defined, child likely to still be processing SIGCHLD handler after killing itself Apr 18 08:19:52 snout spamd[27089]: prefork: killing failed child 29101 fd=undefined at /usr/local/share/perl/5.8.4/Mail/SpamAssassin/SpamdForkScaling.pm line 137. Apr 18 08:19:52 snout spamd[27089]: prefork: killed child 29101 Apr 18 08:19:52 snout spamd[27089]: prefork: cannot ping 29096, file handle not defined, child likely to still be processing SIGCHLD handler after killing itself Apr 18 08:19:52 snout spamd[27089]: prefork: killing failed child 29096 fd=undefined at /usr/local/share/perl/5.8.4/Mail/SpamAssassin/SpamdForkScaling.pm line 137. Apr 18 08:19:52 snout spamd[27089]: prefork: killed child 29096 Apr 18 08:19:54 snout spamd[27089]: spamd: handled cleanup of child pid 29096 due to SIGCHLD Apr 18 08:19:54 snout spamd[27089]: spamd: handled cleanup of child pid 29101 due to SIGCHLD Apr 18 08:19:54 snout spamd[27089]: spamd: handled cleanup of child pid 29102 due to SIGCHLD Is it really that case that I am the only one with this kind of problem? ==John ffitch FWIW, I've only ever been able to reproduce this by getting a system to seriously swap thrash and/or by driving the load average above a few hundred. Note that the copy_config timeout is causing the child to kill itself (intentionally) and then the "likely to still be processing SIGCHLD handler after killing itself" messages indicate that the child hadn't finished killing itself off (and hadn't yet told the parent it was doing so) before the parent initiated a child ping. As the message suggests, though, the parent knows how to handle this so it isn't a problem. So... there's nothing in your log snippet that indicates a fatal error or that spamd was doing anything that it wouldn't recover from. Your log does indicate that your system is under some major load though. 2 minutes and 34 seconds to kill off a child is an insane amount of time. Deal with the system load and SA will likely oblige to doing things in a timely manner. Daryl
Re: SpamAssassin Client for Outlook
Hey Rob / List, > Here you'll find a POP3 proxy that is basically a Win32 edition of SA. > It runs on your computer, between your mail server and outlook. > And, as I said, it is fully win32 "native", no unix emulation. > > Might not be exactly what you wanted, but very, very close. That looks pretty nice. I'd like to take a moment to share the business objectives / goals that I am trying to meet. The company that my client works for has an "archive account". Every email sent / received is copied to this account. Spam Emails are put into one folder, and Ham emails are put into another folder. Every day my client goes through this account and looks for any false positives and false negatives. If she finds any she wants to be able to find out why it was considered ham or spam, and then tweak / train the mail server's SpamAssassin daemon appropriately. The high level business objective is to provide a simple to use interface which can be used to fine-tune the company-wide spam filter. Thanks! NOTE: I am getting married on May 26, 2007. :) NOTE: I will be on my honeymoon from May 26, 2007 through June 3, 2007. NOTE: I will be on vacation from June 23, 2007 through July 8, 2007. -- Lee Leahu RICIS, Inc. Internet Technology Specialist 866-RICIS-77 Toll Free Voice (US) [EMAIL PROTECTED] 708-444-2690 Voice (International) http://www.ricis.com/ 866-99-RICIS Toll Free Fax (US) 708-444-2697 Fax (International) RICIS, Inc. is a member of the Public Safety Alliance Group This email and any attachments that are included in it have been scanned for malicious or inappropriate content and are believed to be safe.
Question on use of SpamCop plugin
loadplugin Mail::SpamAssassin::Plugin::SpamCop SA 3.1.8 + Sendmail + spamassmilter I added to init.pre with no lint errors loadplugin Mail::SpamAssassin::Plugin::SpamCop spamcop_to_address [EMAIL PROTECTED] spamcop_max_report_size 300 I just don't know what it is that I should expect to see. Should I see messages automatically going to spamcop.net? (I don't) TIA -- Time flies like the wind. Fruit flies like a banana. Stranger things have .0. happened but none stranger than this. Does your driver's license say Organ ..0 Donor?Black holes are where God divided by zero. Listen to me! We are all- 000 individuals! What if this weren't a hypothetical question? steveo at syslang.net
Re: Question on use of SpamCop plugin
"Steven W. Orr" <[EMAIL PROTECTED]> writes: > I just don't know what it is that I should expect to see. Should I see > messages automatically going to spamcop.net? (I don't) No. But when you run 'spamassassin -r' to report spam, it will send the report to spamcop.
unable to open database
Guys, When I ran this command # sudo -u vpopmail -H spamassassin -D --lint and I check the output I saw below error [27427] dbg: bayes: tie-ing to DB file R/O /home/vpopmail/.spamassassin/bayes_toks [27427] warn: bayes: cannot open bayes databases /home/vpopmail/.spamassassin/bayes_* R/O: tie failed: [27427] dbg: bayes: untie-ing DB file toks [27427] dbg: bayes: not scoring message, returning undef [27427] dbg: bayes: opportunistic call attempt failed, DB not readable # sudo -u vpopmail -H sa-learn --dump magic bayes: cannot open bayes databases /home/vpopmail/.spamassassin/bayes_* R/O: tie failed: bayes: cannot open bayes databases /home/vpopmail/.spamassassin/bayes_* R/O: tie failed: ERROR: Bayes dump returned an error, please re-run with -D for more information I have another machine when I ran the same command I didn't display the error the permission I think correct drwx-- 2 vpopmail vchkpw 16384 Apr 20 01:27 .spamassassin ls -ail .spamassassin/ total 2440 14385296 drwx-- 2 vpopmail vchkpw 16384 Apr 20 01:27 . 14385153 drwx-- 9 vpopmail vchkpw4096 Jan 24 13:50 .. 14385300 -rw--- 1 vpopmail vchkpw 704512 Apr 20 01:20 auto-whitelist 14388610 -rw--- 1 vpopmail vchkpw 67032 Apr 20 01:27 bayes_journal 14385238 -rw--- 1 vpopmail vchkpw 720896 Apr 20 01:01 bayes_seen 14385237 -rw--- 1 vpopmail vchkpw 1343488 Apr 20 01:20 bayes_toks what cause it? and how to fix it ? thx
Re: Question on use of SpamCop plugin
On Thursday, Apr 19th 2007 at 19:21 +0100, quoth Graham Murray: =>"Steven W. Orr" <[EMAIL PROTECTED]> writes: => =>> I just don't know what it is that I should expect to see. Should I see =>> messages automatically going to spamcop.net? (I don't) => =>No. But when you run 'spamassassin -r' to report spam, it will send the =>report to spamcop. Thanks for responding. What I've currently been using is this script: #! /bin/bash exec tee >(mail [EMAIL PROTECTED]) | sa-learn --spam Is there an advantage to using -r over what I have? (something like) exec tee >(spamassassin -r) | sa-learn -- Time flies like the wind. Fruit flies like a banana. Stranger things have .0. happened but none stranger than this. Does your driver's license say Organ ..0 Donor?Black holes are where God divided by zero. Listen to me! We are all- 000 individuals! What if this weren't a hypothetical question? steveo at syslang.net
Re: Question on use of SpamCop plugin
Steven W. Orr wrote: > What I've currently been using is this script: > > #! /bin/bash > exec tee >(mail [EMAIL PROTECTED]) | sa-learn --spam > > Is there an advantage to using -r over what I have? (something like) > exec tee >(spamassassin -r) | sa-learn > -r will also perform the sa-learn portion for you so no need to call it separately. Michael
Re: whitelist_from ip_range
Benny Pedersen wrote: > On Tue, April 17, 2007 01:57, Duane Hill wrote: > > >> http://wiki.apache.org/spamassassin/TrustPath >> > > to me a bit hardcore to read, but it have all ip that is known forwards mails > to me as trusted_networks even if its still not my servers, and have maked the > complete rfc1918 in trusted_networks and internal_networks added to this i > have my own wan ip's in both > > should be it :-) > > trusted_networks 10.0.0.0/8 > trusted_networks 172.16.0.0/12 > trusted_networks 192.168.0.0/16 > trusted_networks 127.0.0.0/8 > > internal_networks 10.0.0.0/8 > internal_networks 172.16.0.0/12 > internal_networks 192.168.0.0/16 > internal_networks 127.0.0.0/8 > > and last my wan ips as trusted_networks and internal_networks > > after this all known forward ips as trusted_networks > Given the number of ISP's that don't have rDNS configured, whitelist_from_rcvd should probably be extended to support IP/CIDR addresses as well... Let's not overload the meanings of trusted_networks and internal_networks. These latter two are already confusing enough for most newbies without having them take on additional unintended meanings. -Philip
OT: Dealing w/ poor network citizens like Yahoo!
Hi. This isn't so much a technical question as a philosophical one. We're tired of dealing with Yahoo! which seems to either (a) have the poorest trained "abuse" staff of any large email service provider on the planet, or (b) they have a malicious corporate culture of flat-out denying any email originated from their networks, no matter how compelling the evidence. I'm out of ideas, so I thought I'd turn to the group. I recently had a message with the following headers: Return-Path: <[EMAIL PROTECTED]> Received: from smtp105.biz.mail.mud.yahoo.com (smtp105.biz.mail.mud.yahoo.com [68.142.200.253]) by mail.redfish-solutions.com (8.13.8/8.13.8) with SMTP id l2V1kkqG009611 for <[EMAIL PROTECTED]>; Fri, 30 Mar 2007 19:46:52 -0600 Received: (qmail 65061 invoked from network); 31 Mar 2007 01:46:46 - Received: from unknown (HELO localhost) ([EMAIL PROTECTED]@4.79.181.240 with plain) by smtp105.biz.mail.mud.yahoo.com with SMTP; 31 Mar 2007 01:46:46 - X-YMail-OSG: 4SuIk60VM1mrOGBAKk3UQSIGXvsb4QmL0rwvi97gE9mIpViIsNyNpLnGy2BQbmYSCoUdeywpxW25RWzcK6ECZbX37ayshFDwIXNvRKxXqW3hqhkRMIw- Date: Sat, 31 Mar 2007 01:46:45 -0400 From: "Monster.com" <[EMAIL PROTECTED]> X-Mailer: Microsoft Outlook, Build 10.0.2627 Reply-To: "Monster.com" <[EMAIL PROTECTED]> X-Priority: 3 (Normal) Message-ID: <[EMAIL PROTECTED] To: Philip Prindeville <[EMAIL PROTECTED]> Subject: Money-Investment Mime-Version: 1.0 Content-Type: multipart/mixed;boundary="--" If someone can prove to me that this message didn't come from Yahoo!, I will eat my shorts. But until then, my next course of action seems to be blacklisting Yahoo!, because I'm tired of their not investigating messages that pretty obviously seem to be coming from them. Any collective wisdom? -Philip
RE: Dealing w/ poor network citizens like Yahoo!
Us too. I'm sick of yahoo with their free email service allowing spam through. Today yahoo's network is #1 in spam: http://www.senderbase.org/ If a wide group starts blacklisting them maybe they would get their act together and fix the problem. -L -- Larry Ludwig Empowering Media 1-866-792-0489 x600 Have you visited our customer service blog? http://www.supportem.com/blog/ > -Original Message- > From: Philip Prindeville [mailto:[EMAIL PROTECTED] > Sent: Thursday, April 19, 2007 3:26 PM > To: users@spamassassin.apache.org > Subject: OT: Dealing w/ poor network citizens like Yahoo! > > Hi. > > This isn't so much a technical question as a philosophical one. > We're tired of dealing with Yahoo! which seems to either > (a) have the poorest trained "abuse" staff of any large email > service provider on the planet, or (b) they have a malicious > corporate culture of flat-out denying any email originated > from their networks, no matter how compelling the evidence. > > I'm out of ideas, so I thought I'd turn to the group. > > I recently had a message with the following headers: > > Return-Path: <[EMAIL PROTECTED]> > Received: from smtp105.biz.mail.mud.yahoo.com > (smtp105.biz.mail.mud.yahoo.com [68.142.200.253]) > by mail.redfish-solutions.com (8.13.8/8.13.8) with SMTP > id l2V1kkqG009611 > for <[EMAIL PROTECTED]>; Fri, 30 Mar > 2007 19:46:52 -0600 > Received: (qmail 65061 invoked from network); 31 Mar 2007 > 01:46:46 - > Received: from unknown (HELO localhost) > ([EMAIL PROTECTED]@4.79.181.240 with plain) > by smtp105.biz.mail.mud.yahoo.com with SMTP; 31 Mar 2007 > 01:46:46 - > X-YMail-OSG: > 4SuIk60VM1mrOGBAKk3UQSIGXvsb4QmL0rwvi97gE9mIpViIsNyNpLnGy2BQbm > YSCoUdeywpxW25RWzcK6ECZbX37ayshFDwIXNvRKxXqW3hqhkRMIw- > Date: Sat, 31 Mar 2007 01:46:45 -0400 > From: "Monster.com" <[EMAIL PROTECTED]> > X-Mailer: Microsoft Outlook, Build 10.0.2627 > Reply-To: "Monster.com" <[EMAIL PROTECTED]> > X-Priority: 3 (Normal) > Message-ID: <[EMAIL PROTECTED] > To: Philip Prindeville <[EMAIL PROTECTED]> > Subject: Money-Investment > Mime-Version: 1.0 > Content-Type: multipart/mixed;boundary="--" > > > > If someone can prove to me that this message didn't come from > Yahoo!, I will eat my shorts. > > But until then, my next course of action seems to be blacklisting > Yahoo!, because I'm tired of their not investigating messages that > pretty obviously seem to be coming from them. > > Any collective wisdom? > > -Philip > >
Re: Dealing w/ poor network citizens like Yahoo!
Larry Ludwig wrote: Us too. I'm sick of yahoo with their free email service allowing spam through. Today yahoo's network is #1 in spam: http://www.senderbase.org/ If a wide group starts blacklisting them maybe they would get their act together and fix the problem. -L The question is how much of that is Yahoo's free email service and how much of that is SBC Yahoo the DSL ISP.
RE: Dealing w/ poor network citizens like Yahoo!
I just sent myself a Yahoo email, and it relayed thru: 68.142.236.156. dig -x sez: web58303.mail.re3.yahoo.com. Larry's spam was via 68.142.200.253. dig -x sez: smtp105.biz.mail.mud.yahoo.com. I wonder if there's any way to find out all the various names each system uses. Then we could downgrade some yahoo.com (SBC/DSL) sources and not hurt yahoo.com (web mail) sources. >From a truly "it's not my problem" point of view, if Yahoo abuse ONLY handles web mail servers, that SBC/DSL email actually did not originate on their server. Poor customer support, for sure, but we should be able to figure out the magic. Maybe as simple as "mud" = "spam" Dan -Original Message- From: Richard Frovarp [mailto:[EMAIL PROTECTED] Sent: Thursday, April 19, 2007 3:51 PM To: users@spamassassin.apache.org Subject: Re: Dealing w/ poor network citizens like Yahoo! Larry Ludwig wrote: > Us too. I'm sick of yahoo with their free email service allowing spam > through. > > Today yahoo's network is #1 in spam: > > http://www.senderbase.org/ > > If a wide group starts blacklisting them maybe they would get their act > together and fix the problem. > > -L The question is how much of that is Yahoo's free email service and how much of that is SBC Yahoo the DSL ISP.
Re: whitelist_from ip_range
On Thu, April 19, 2007 21:20, Philip Prindeville wrote: > Given the number of ISP's that don't have rDNS configured, i reject them, atleast spf can help them > whitelist_from_rcvd should probably be extended to support > IP/CIDR addresses as well... why not spf ? > Let's not overload the meanings of trusted_networks and > internal_networks. These latter two are already confusing > enough for most newbies without having them take on > additional unintended meanings. there can be better ways of deailing with it yes, so far i have not seen side effects of managed trusted_networks and or internal_networks that works -- This message was sent using 100% recycled spam mails.
Re: OT: Dealing w/ poor network citizens like Yahoo!
On Thursday 19 April 2007, Philip Prindeville wrote: >Hi. > >This isn't so much a technical question as a philosophical one. >We're tired of dealing with Yahoo! which seems to either >(a) have the poorest trained "abuse" staff of any large email >service provider on the planet, or (b) they have a malicious >corporate culture of flat-out denying any email originated >from their networks, no matter how compelling the evidence. > >I'm out of ideas, so I thought I'd turn to the group. > >I recently had a message with the following headers: > >Return-Path: <[EMAIL PROTECTED]> >Received: from smtp105.biz.mail.mud.yahoo.com > (smtp105.biz.mail.mud.yahoo.com [68.142.200.253]) by > mail.redfish-solutions.com (8.13.8/8.13.8) with SMTP id l2V1kkqG009611 for > <[EMAIL PROTECTED]>; Fri, 30 Mar 2007 19:46:52 -0600 > Received: (qmail 65061 invoked from network); 31 Mar 2007 01:46:46 - > Received: from unknown (HELO localhost) > ([EMAIL PROTECTED]@4.79.181.240 with plain) by > smtp105.biz.mail.mud.yahoo.com with SMTP; 31 Mar 2007 01:46:46 - > X-YMail-OSG: > 4SuIk60VM1mrOGBAKk3UQSIGXvsb4QmL0rwvi97gE9mIpViIsNyNpLnGy2BQbmYSCoUdeywpxW2 >5RWzcK6ECZbX37ayshFDwIXNvRKxXqW3hqhkRMIw- Date: Sat, 31 Mar 2007 01:46:45 > -0400 >From: "Monster.com" <[EMAIL PROTECTED]> >X-Mailer: Microsoft Outlook, Build 10.0.2627 >Reply-To: "Monster.com" <[EMAIL PROTECTED]> >X-Priority: 3 (Normal) >Message-ID: <[EMAIL PROTECTED] >To: Philip Prindeville <[EMAIL PROTECTED]> >Subject: Money-Investment >Mime-Version: 1.0 >Content-Type: multipart/mixed;boundary="--" > > > >If someone can prove to me that this message didn't come from >Yahoo!, I will eat my shorts. > >But until then, my next course of action seems to be blacklisting >Yahoo!, because I'm tired of their not investigating messages that >pretty obviously seem to be coming from them. > >Any collective wisdom? > >-Philip I tried that in a procmail recipe, hitting about 5 of their server boxes. Killed traffic for 6 or so of the mailing lists I'm on so I eventually nuked them. Solution? Damnifiknow. Suggestions, Kozinsky style mail bombs to yahoo via uspo, whathaveyou come to mind. In my NSHO, they're bigger jerks than AOL in their heyday. -- Cheers, Gene "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) Whatever you do will be insignificant, but it is very important that you do it. -- Gandhi
Re: Dealing w/ poor network citizens like Yahoo!
On Thursday 19 April 2007, Richard Frovarp wrote: >Larry Ludwig wrote: >> Us too. I'm sick of yahoo with their free email service allowing spam >> through. >> >> Today yahoo's network is #1 in spam: >> >> http://www.senderbase.org/ >> >> If a wide group starts blacklisting them maybe they would get their act >> together and fix the problem. >> >> -L > >The question is how much of that is Yahoo's free email service and how >much of that is SBC Yahoo the DSL ISP. Do they share machines? Here, the X-Originating-IP: is the giveaway, and killing by that address (there are about 6 of them) kills most of the 'groups' lists. -- Cheers, Gene "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) Kindness is a language which the deaf can hear and the blind can read. -- Mark Twain
Excluding recipient domains from rules
I asked this question related to BOTNET the other day, but I don't think I was clear. We run a transport server that ultimately delivers mail to off-server destinations. I was wondering is it is possible to bypass rules based on a recipients domain name? For instance, not apply BOTNET scores to messages where the recipient is someone at example.com. -- Robert
Re: Dealing w/ poor network citizens like Yahoo! - Solution?
For what it's worth, what would be nice is if yahoo had some kind of automated complaint mailbox so that if complaints about a particular account were coming in at a high rate it would disable the account. Same for Hotmail, Gmail, and other free mailers. If automated complaint features were standard we could fix a lot of spam.
Re: Dealing w/ poor network citizens like Yahoo! - Solution?
Aggh. I think Thunderbird 2 changed the menu layout a bit. I hit "Reply to Sender" instead of "Reply to All." Marc Perkel wrote: For what it's worth, what would be nice is if yahoo had some kind of automated complaint mailbox so that if complaints about a particular account were coming in at a high rate it would disable the account. Same for Hotmail, Gmail, and other free mailers. If automated complaint features were standard we could fix a lot of spam. Sure... until spammer-pwned botnets start sending hundreds of complaints about the addresses of spamfighters, getting their ISPs to disable their accounts automatically. Sorry, that one's just too easy to abuse. -- Kelson Vibber SpeedGate Communications
Re: Dealing w/ poor network citizens like Yahoo! - Solution?
On Fri, April 20, 2007 01:25, Marc Perkel wrote: > For what it's worth, what would be nice is if yahoo had some kind of > automated complaint mailbox so that if complaints about a particular > account were coming in at a high rate it would disable the account. Same > for Hotmail, Gmail, and other free mailers. > > If automated complaint features were standard we could fix a lot of spam. just make a sender_bcc [EMAIL PROTECTED] [EMAIL PROTECTED] :-) if you want to complain send complete header and body no attachments to this email abuse@ is working atleast for there yahoogroups maillists, don't know if there is problems with dialup spammers :( -- This message was sent using 100% recycled spam mails.
Re: Dealing w/ poor network citizens like Yahoo! - Solution?
Kelson wrote: Aggh. I think Thunderbird 2 changed the menu layout a bit. I hit "Reply to Sender" instead of "Reply to All." Marc Perkel wrote: For what it's worth, what would be nice is if yahoo had some kind of automated complaint mailbox so that if complaints about a particular account were coming in at a high rate it would disable the account. Same for Hotmail, Gmail, and other free mailers. If automated complaint features were standard we could fix a lot of spam. Sure... until spammer-pwned botnets start sending hundreds of complaints about the addresses of spamfighters, getting their ISPs to disable their accounts automatically. Sorry, that one's just too easy to abuse. But perhaps with domain keys or some other encoding trick they could verify that the forwarded emails were authentic. I think it would be doable.
