Re: Is http://www.rulesemporium.com?
I was not able to access http://www.rulesemporium.com? is this working are moved some where? Works fine from here. Site is reachable and resolves to 72.52.4.74 which pings fine as well. --Blaine
Re: Is http://www.rulesemporium.com?
On Fri, 2008-02-29 at 11:30 +0530, Johnson Jeba Asir wrote: Hi All, First Im realy dont know this is the right forum to ask my doubts? I was not able to access http://www.rulesemporium.com? is this working are moved some where? www.rulesemporium.com resolved to 72.52.4.74, but ping failed for me, Thanks in advance Regards, a.Johnson Apparently yes. Not able to reach rulesemporium from any of my idcs Thanks Ram
Re: Is http://www.rulesemporium.com?
On 2/29/2008 9:01 AM, ram wrote: On Fri, 2008-02-29 at 11:30 +0530, Johnson Jeba Asir wrote: Hi All, First Im realy dont know this is the right forum to ask my doubts? I was not able to access http://www.rulesemporium.com? is this working are moved some where? www.rulesemporium.com resolved to 72.52.4.74, but ping failed for me, Thanks in advance Regards, a.Johnson Apparently yes. Not able to reach rulesemporium from any of my idcs run trace and report to your ISP. possibly a bad route anyway, no SARE rule files have been updated in .months, weeks? its more than enough if you check once a month... if there's an update it will be announced here.
Re: sa-update errors
On 18/02/2008 7:29 AM, Arthur Dent wrote: Gentle Bump... I thought that the approved place to alter scores was in /etc/mail/spamassassin/local.cf so I have not gone rooting around trying to give these rules scores which surely they should have by default? What exactly do you mean. The two halfs of the sentence make no sense when combined. OK Sorry - My lack of understanding of exactly what the error(s) means meant that I made a poor stab at explaining it. The error message says: score undef for rule which I take to mean that there is to score assigned to this particular rule. Is that correct? So my question was - if that's what it means - Why is there no score for these rules? I have not tinkered with anything (that I know of). I have never seen this error before. And I guess, because I was searching for a solution, should I be assigning scores manually?... Are these new rules? Obsolete rules? Altered rules? Why the sudden error? I can't remember right now what exactly you have to break to cause these errors. Does your channel file sare-sa-update-channels.txt, include the channel updates.spamassassin.org? Yup... Have you recently attempted an upgrade of SpamAssassin? Nope... Daryl Or have I misunderstood something? Thanks... Mark Any suggestions gratefully received! Thanks Mark On Thu, Feb 14, 2008 at 02:27:40PM -, Arthur Dent wrote: Hello all, I run a bog-standard out-of-the-box (Fedora 8) SA (v.3.2.4) installation. Every night I run: sa-update --channelfile /etc/mail/spamassassin/sare-sa-update-channels.txt --gpgkey 856AA88A /sbin/service spamassassin restart as a cron job. Never been a problem before. But this morning I find this in my root email: rules: score undef for rule 'MISSING_SUBJECT' in '' 'MISSING_SUBJECT' at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line 2140. rules: score undef for rule 'EMPTY_MESSAGE' in '' 'EMPTY_MESSAGE' at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line 2140. rules: score undef for rule 'NO_RECEIVED' in '' 'NO_RECEIVED' at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line 2140. rules: score undef for rule 'MISSING_SUBJECT' in '' 'MISSING_SUBJECT' at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line 2140. rules: score undef for rule 'EMPTY_MESSAGE' in '' 'EMPTY_MESSAGE' at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line 2140. rules: score undef for rule 'NO_RECEIVED' in '' 'NO_RECEIVED' at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line 2140. rules: score undef for rule 'MISSING_SUBJECT' in '' 'MISSING_SUBJECT' at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line 2140. rules: score undef for rule 'EMPTY_MESSAGE' in '' 'EMPTY_MESSAGE' at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line 2140. rules: score undef for rule 'NO_RECEIVED' in '' 'NO_RECEIVED' at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line 2140. rules: score undef for rule 'MISSING_SUBJECT' in '' 'MISSING_SUBJECT' at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line 2140. rules: score undef for rule 'EMPTY_MESSAGE' in '' 'EMPTY_MESSAGE' at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line 2140. rules: score undef for rule 'NO_RECEIVED' in '' 'NO_RECEIVED' at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line 2140. rules: score undef for rule 'MISSING_SUBJECT' in '' 'MISSING_SUBJECT' at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line 2140. rules: score undef for rule 'EMPTY_MESSAGE' in '' 'EMPTY_MESSAGE' at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line 2140. rules: score undef for rule 'NO_RECEIVED' in '' 'NO_RECEIVED' at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line 2140. rules: score undef for rule 'MISSING_SUBJECT' in '' 'MISSING_SUBJECT' at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line 2140. rules: score undef for rule 'EMPTY_MESSAGE' in '' 'EMPTY_MESSAGE' at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line 2140. rules: score undef for rule 'NO_RECEIVED' in '' 'NO_RECEIVED' at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line 2140. rules: score undef for rule 'MISSING_SUBJECT' in '' 'MISSING_SUBJECT' at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line 2140. rules: score undef for rule 'EMPTY_MESSAGE' in '' 'EMPTY_MESSAGE' at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line 2140. rules: score undef for rule 'NO_RECEIVED' in '' 'NO_RECEIVED' at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line 2140. rules: score undef for rule 'MISSING_SUBJECT' in '' 'MISSING_SUBJECT' at
Re: sa-update errors
On Fri, Feb 29, 2008 at 09:40:24AM -, Arthur Dent wrote: On 18/02/2008 7:29 AM, Arthur Dent wrote: Gentle Bump... I thought that the approved place to alter scores was in /etc/mail/spamassassin/local.cf so I have not gone rooting around trying to give these rules scores which surely they should have by default? What exactly do you mean. The two halfs of the sentence make no sense when combined. OK Sorry - My lack of understanding of exactly what the error(s) means meant that I made a poor stab at explaining it. The error message says: score undef for rule which I take to mean that there is to score assigned to this particular rule. Is that correct? ^^ that there is *no* score assigned... (sorry!) So my question was - if that's what it means - Why is there no score for these rules? I have not tinkered with anything (that I know of). I have never seen this error before. And I guess, because I was searching for a solution, should I be assigning scores manually?... Are these new rules? Obsolete rules? Altered rules? Why the sudden error? I can't remember right now what exactly you have to break to cause these errors. Does your channel file sare-sa-update-channels.txt, include the channel updates.spamassassin.org? Yup... Have you recently attempted an upgrade of SpamAssassin? Nope... Daryl Or have I misunderstood something? Thanks... Mark Any suggestions gratefully received! Thanks Mark On Thu, Feb 14, 2008 at 02:27:40PM -, Arthur Dent wrote: Hello all, I run a bog-standard out-of-the-box (Fedora 8) SA (v.3.2.4) installation. Every night I run: sa-update --channelfile /etc/mail/spamassassin/sare-sa-update-channels.txt --gpgkey 856AA88A /sbin/service spamassassin restart as a cron job. Never been a problem before. But this morning I find this in my root email: rules: score undef for rule 'MISSING_SUBJECT' in '' 'MISSING_SUBJECT' at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line 2140. rules: score undef for rule 'EMPTY_MESSAGE' in '' 'EMPTY_MESSAGE' at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line 2140. rules: score undef for rule 'NO_RECEIVED' in '' 'NO_RECEIVED' at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line 2140. rules: score undef for rule 'MISSING_SUBJECT' in '' 'MISSING_SUBJECT' at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line 2140. rules: score undef for rule 'EMPTY_MESSAGE' in '' 'EMPTY_MESSAGE' at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line 2140. rules: score undef for rule 'NO_RECEIVED' in '' 'NO_RECEIVED' at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line 2140. rules: score undef for rule 'MISSING_SUBJECT' in '' 'MISSING_SUBJECT' at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line 2140. rules: score undef for rule 'EMPTY_MESSAGE' in '' 'EMPTY_MESSAGE' at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line 2140. rules: score undef for rule 'NO_RECEIVED' in '' 'NO_RECEIVED' at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line 2140. rules: score undef for rule 'MISSING_SUBJECT' in '' 'MISSING_SUBJECT' at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line 2140. rules: score undef for rule 'EMPTY_MESSAGE' in '' 'EMPTY_MESSAGE' at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line 2140. rules: score undef for rule 'NO_RECEIVED' in '' 'NO_RECEIVED' at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line 2140. rules: score undef for rule 'MISSING_SUBJECT' in '' 'MISSING_SUBJECT' at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line 2140. rules: score undef for rule 'EMPTY_MESSAGE' in '' 'EMPTY_MESSAGE' at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line 2140. rules: score undef for rule 'NO_RECEIVED' in '' 'NO_RECEIVED' at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line 2140. rules: score undef for rule 'MISSING_SUBJECT' in '' 'MISSING_SUBJECT' at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line 2140. rules: score undef for rule 'EMPTY_MESSAGE' in '' 'EMPTY_MESSAGE' at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line 2140. rules: score undef for rule 'NO_RECEIVED' in '' 'NO_RECEIVED' at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line 2140. rules: score undef for rule 'MISSING_SUBJECT' in '' 'MISSING_SUBJECT' at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line 2140. rules: score undef for rule 'EMPTY_MESSAGE' in '' 'EMPTY_MESSAGE' at
Re: Is http://www.rulesemporium.com?
Thanks, then It must be a ISP issue, will take up with ISP Regards, a.Johnson On Fri, Feb 29, 2008 at 2:10 PM, Yet Another Ninja [EMAIL PROTECTED] wrote: On 2/29/2008 9:01 AM, ram wrote: On Fri, 2008-02-29 at 11:30 +0530, Johnson Jeba Asir wrote: Hi All, First Im realy dont know this is the right forum to ask my doubts? I was not able to access http://www.rulesemporium.com? is this working are moved some where? www.rulesemporium.com resolved to 72.52.4.74, but ping failed for me, Thanks in advance Regards, a.Johnson Apparently yes. Not able to reach rulesemporium from any of my idcs run trace and report to your ISP. possibly a bad route anyway, no SARE rule files have been updated in .months, weeks? its more than enough if you check once a month... if there's an update it will be announced here.
Time to blacklist google.
Ok, google/gmail emails back says 'this didn't come from us because people are forging our domain'. Reverse dns shows it google, dkim sig says its google. Time to blacklist google. Either google lies or they have been hacked and hackers are spamming through them. Either case, till google fixes their network and attitude, we should blacklist them. SA: header GOOGLEISBAD received =~ /google\.com/ score GOOGLEISBAD 100 Postfix ACL: google.com REJECT GOOGLEISBAD Received: from fg-out-1718.google.com (fg-out-1718.google.com [72.14.220.156]) by fl.us.spammertrap.net (Postfix) with ESMTP id ABB5C2E11A for [EMAIL PROTECTED]; Fri, 29 Feb 2008 02:08:33 -0500 (EST) Received: by fg-out-1718.google.com with SMTP id 13so2466562fge.45 for [EMAIL PROTECTED]; Thu, 28 Feb 2008 23:08:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:message-id:date:from:to:subject:mime-version: content-type:content-transfer-encoding:content-disposition:precedence:x-auto reply; bh=sL3vqqwqMdE5yWWphM0o1dUtNuEzLTPRmNUSyn+hD6s=; b=razzMn3uCoyrvZErxj1Nud67bPfwzrESFSZM+Oo06FGxw00Dhg3wvDn7MCloiNk3eHA7zkNr/u 7LjInJ+LCl1KmHOi1AQENVOaVjt82b6o43N6/hUGivDC3HRSSRi9eYFouvmVufkwzxM9Y/Bvbx9Z KnyXtB+ofa/k1SjY+tgbY= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:mime-version:content-type:content-transfer -encoding:content-disposition:precedence:x-autoreply; b=VFo5w/0cZsC3zDwg0h6+rKfTF+UgIcOUinVWWXe1xHzRan7ZkVlYcIrNnjc+KELNRoOyYu8EBg 3/ZgSF+WCoBXyYyipZxpqnr4+wAorfmYth0Kbe4PW4NR//kLL6CvVIRQZ4gkUf/NMccUWBgjRIKB F43RHr0X34LkhbF9sjYm4= Received: by 10.86.3.4 with SMTP id 4mr9872622fgc.69.1204268912528; Thu, 28 Feb 2008 23:08:32 -0800 (PST) Message-ID: [EMAIL PROTECTED] -- Michael Scheidell, CTO |SECNAP Network Security Winner 2008 Network Products Guide Hot Companies FreeBsd SpamAssassin Ports maintainer Charter member, ICSA labs anti-spam consortium _ This email has been scanned and certified safe by SpammerTrap(tm). For Information please see http://www.spammertrap.com _
Re: spamassassin: not scanning mails on port 783
Agnello George wrote: HI I had installed my Spamassassin on a linux box ( cent os ) to scan mails from a windows Smatermail server and so far it was working good, but suddenly it started giving the following error : Fri Feb 29 00:12:49 2008 [27218] info: spamd: handled cleanup of child pid 19811 due to SIGCHLD Fri Feb 29 00:19:18 2008 [27218] warn: prefork: retrying syswrite(): Resource temporarily unavailable at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/SpamdForkScaling.pm line 729. Fri Feb 29 00:19:18 2008 [27218] warn: prefork: syswrite(16) to 15822 failed on try 2 at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/SpamdForkScaling.pm line 697. Fri Feb 29 00:19:19 2008 [27218] warn: prefork: retrying syswrite(): Resource temporarily unavailable at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/SpamdForkScaling.pm line 729. Fri Feb 29 00:19:19 2008 [27218] warn: prefork: syswrite(16) to 15822 failed on try 3 at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/SpamdForkScaling.pm line 697. i then killed the spamd daemon and restarted spamd with the following command /usr/bin/spamd -d -u spamassassin -c -i -A 216.185. -H --max-children=7 --max-conn-per-child=128 -s /var/log/spamd.log --virtual-config-dir=/vhome/%u/spamassassin -r /var/run/spamassassin/spamd.pid -r /var/run/spamassassin/spamd.pid ( following are my logs ) Fri Feb 29 00:28:21 2008 [20110] info: prefork: child states: II Fri Feb 29 00:28:53 2008 [20110] info: spamd: server killed by SIGTERM, shutting down Fri Feb 29 00:28:54 2008 [20180] info: logger: removing stderr method Fri Feb 29 00:28:57 2008 [20182] info: spamd: server started on port 783/tcp (running version 3.2.4) Fri Feb 29 00:28:57 2008 [20182] info: spamd: server pid: 20182 Fri Feb 29 00:28:57 2008 [20182] info: spamd: server successfully spawned child process, pid 20187 Fri Feb 29 00:28:57 2008 [20182] info: spamd: server successfully spawned child process, pid 20188 Fri Feb 29 00:28:57 2008 [20182] info: prefork: child states: IS Fri Feb 29 00:28:57 2008 [20182] info: prefork: child states: II But now the mails are not being scanned , any idea why is this happening ? Are all your connections to spamd coming from hosts in 216.185.*.*, and NONE from the local machine (127.0.0.1)? You might want to change to -A 216.185.,127.0.0.1
Re: Time to blacklist google.
* Michael Scheidell [EMAIL PROTECTED]: Ok, google/gmail emails back says 'this didn't come from us because people are forging our domain'. Reverse dns shows it google, dkim sig says its google. Time to blacklist google. Yep. That's the whole point of DKIM. Either google lies or they have been hacked and hackers are spamming through them. Either case, till google fixes their network and attitude, we should blacklist them. SA: header GOOGLEISBAD received =~ /google\.com/ score GOOGLEISBAD 100 Postfix ACL: google.com REJECT GOOGLEISBAD -- Ralf Hildebrandt (i.A. des IT-Zentrums) [EMAIL PROTECTED] Charite - Universitätsmedizin BerlinTel. +49 (0)30-450 570-155 Gemeinsame Einrichtung von FU- und HU-BerlinFax. +49 (0)30-450 570-962 IT-Zentrum Standort CBF send no mail to [EMAIL PROTECTED]
Re: Spamassassin per user blacklisting is not working
Daryl C. W. O'Shea wrote: On 29/02/2008 1:18 AM, devi_sreem wrote: I am running spamd. When a mail is being sent to mail account [EMAIL PROTECTED] it is automatically taking the user qscand, as you know it the user is of qmail scanner. Oh yeah, qmail scanner. Sorry, I won't touch that -- I'm not sure if it'll do per-user prefs or not. You may want to look for help on the qmail-scanner-general list or wait a few hours for someone here to help (or point you at that list). Agreed, however, the important point is: Spamd does not, and will not attempt to figure out what user to run as using the email contents. It never has, and likely never will. (if nothing else, consider that it would have to scan the headers twice to do this, and at that it could only look at the To: header, which may not be the true recipient.) spamd is told what user to scan as by whatever client connects to it. If qmail scanner is always passing qscand, then spamd will always use qscand. The qmail-scanner FAQ claims that qmail-scanner will call spamc with the -u parameter set to the rcpt to address, however that doesn't look like it's happening. There's nothing in your SA config that would cause spamd to default to the qscand user, so either the -u parameter is missing, or it's not getting the rcpt to address passed to it. Either way, spamd is being told to use qscand, the big question is why, and that's a question for a qmail-scanner expert. http://qmail-scanner.sourceforge.net/FAQ.php - *What about per-user SpamAssassin configs?*. Q-S calls spamc as |spamc -c -u rcpt to| i.e. username is the recipient email address. This means the recipient is passed to spamd - and so you can do per-user options. Note that this only happens when there is /one/ recipient. If you are running spamd with a SQL backend, or the -x --virtual-config-dir option, then this should allow you to do per-user SA settings. See SA documentation for how to configure spamd accordingly
Re: Good rules for SA
On Fri, 2008-02-29 at 11:28 +0500, Shahzad Abid wrote: Dear List How to determine good rules for SA, I am using following rules. [ gigantic output of ls snipped, including lots of cf files, plugins and a bunch of unrelated non-rules ] Please identify which rules are bad? Pretty much *all* of the third party rules you mentioned are bad, IMHO. *Unless* you review their respective documentation, rather than throwing almost anything at your SA you could find... A few notes and things I spotted glimpsing at the list, why I believe you missed this important part: * backhair.cf: Deprecated since SA 3.0.0, which incorporates most of it. See http://wiki.apache.org/spamassassin/CustomRulesets where you got it from. * 7*_sare_redirect: The note particularly mentions to NOT use both rulesets. However, you got both, the pre and post 3.0.0 variant. See http://www.rulesemporium.com/rules.htm Also, you seem to be using RulesDuJour, which AFAIK has not been the recommended way to update for quite a while. Instead, use sa-update with SARE. As a general note, spam is rather different for anyone. You'll have to decide yourself which ones are good or bad in your particular case. Monitor the rules, if they even apply to your spam and remove them after some time of observation, if they aren't worth the additional overhead. Using too many of them usually tends to have some bad impact. Besides pulling in every cf file you can get your hands on, there are quite a few optional, disabled by default rules and plugins shipped with SA itself, which just need to be properly configured or don't apply to all environments. Only you can decide to use them. Hint: language specific stuff and features that depend on optional Perl modules. See the documentation and spamassassin debug output. If you don't want to or can't identify good and bad rulesets yourself, you should stick with a vanilla setup. The developers and the QA process already have done a general decision about good rules -- this is, what the SA distribution includes by default. guenther -- char *t=[EMAIL PROTECTED]; main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;il;i++){ i%8? c=1: (c=*++x); c128 (s+=h); if (!(h=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: Is http://www.rulesemporium.com?
At 12:08 AM Friday, 2/29/2008, blaine wrote -= I was not able to access http://www.rulesemporium.com? is this working are moved some where? Works fine from here. Site is reachable and resolves to 72.52.4.74 which pings fine as well. Something's broken somewhere. From sunny Los Angeles where it was 80 degrees yesterday: traceroute to 72.52.4.74 (72.52.4.74), 30 hops max, 40 byte packets 1 ns5gt.wrenkasky.com (10.10.10.1) 0.620 ms 0.809 ms 1.058 ms 2 router.wrenkasky.com (216.102.129.41) 13.910 ms 19.470 ms 24.269 ms 3 dist4-vlan60.irvnca.sbcglobal.net (67.114.50.66) 29.160 ms 34.044 ms 38.922 ms 4 bb2-g10-0.irvnca.sbcglobal.net (151.164.92.198) 85.450 ms 86.375 ms 87.311 ms 5 151.164.93.167 (151.164.93.167) 70.757 ms 71.946 ms 72.868 ms 6 151.164.251.214 (151.164.251.214) 74.810 ms 76.133 ms 80.781 ms 7 dls-bb1-link.telia.net (213.248.80.14) 144.269 ms 72.000 ms 71.572 ms 8 mai-b1-link.telia.net (80.91.252.62) 100.388 ms 102.816 ms 107.478 ms 9 * * * 10 * * * 11 * * * 12 * * * --snip-- 30 * * * . . . . . . . . . . . . . . . . . . Randomly Generated Quote (1178 of 1364): This world is divided roughly into three kinds of nations: those that spend lots of money to keep their weight down; those whose people eat to live; and those whose people don't know where their next meal is coming from. -David S. Landes, author, professor of economics and history (1924- )
Re: China TLD links
On Thu, 2008-02-28 at 18:04 -0500, Daryl C. W. O'Shea wrote: Of course, now that I've used the word whore three times and quoted it once I'm sure I'll get a deluge of bounces (not rejects) from people running Microsoft's Antigen for SMTP. http://daryl.dostech.ca/blog/2008/02/22/microsoft-antigen-brain-dead-content-filter/ Yes! There's at least one user on this list, somewhere behind an MS Antigen for SMTP, apparently run by psp.com (thank you, Sony), which has been bugging me a couple times already when answering questions. The OP dared to munge private email addresses: Filter name: KEYWORD= spam: xxx I would not have expected anyone on *this* list to run such a stupid single-word content filter. But hey, the subscriber is unlikely to get a lot of traffic from this list anyway passed beyond that wall... I'm curious to see the reason for /dev/null'ing this mail and instead send out a useless and annoying note. Which one will win the race, whore or triple x? :) guenther -- char *t=[EMAIL PROTECTED]; main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;il;i++){ i%8? c=1: (c=*++x); c128 (s+=h); if (!(h=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: China TLD links
On Thu, 2008-02-28 at 11:36 -0800, JP Kelly wrote: any takers on this? On what? The Subject or the not included original post? On Feb 27, 2008, at 2:31 PM, Chip M. wrote: The main thing that stands out (to me) is the China TLD in the URL. We block all those on sight (unless they're in the recipient's domain skip list - so far, none of my users have any China TLDs in theirs). Perhaps one of the regex gurus will whip you up a rule. :) While I understood this comment more generally, aiming at some rules to catch the provided spample -- if you actually are after an RE to score on China TLDs, here you go. That much should be easy: uri TLD_CHINA m,https?://([-\w]+\.)+cn(/|$), guenther -- char *t=[EMAIL PROTECTED]; main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;il;i++){ i%8? c=1: (c=*++x); c128 (s+=h); if (!(h=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: China TLD links
We got a tie! I'm curious to see the reason for /dev/null'ing this mail and instead send out a useless and annoying note. Which one will win the race, whore or triple x? :) Though the photo-finish seems to suggest the whore pipped triple x at the post... Filter name: KEYWORD= profanity: whore;sexual discrimination: whore;spam: xxx guenther -- char *t=[EMAIL PROTECTED]; main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;il;i++){ i%8? c=1: (c=*++x); c128 (s+=h); if (!(h=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: China TLD links
On Fri, 2008-02-29 at 08:54 -0500, Randy Ramsdell wrote: Karsten Bräckelmann wrote: Blocking is one thing, but scoring is another. Aren't single words defined in many rules for spamassassin? I know fsck and v%%gra are which are not part of a meta rule. Exactly my point, and I believe Daryl's, too. After all, this is what scoring is all about in SA. I do agree, however, anything M$ does is stupid. That I did not say, neither imply. Regardless of the fact I don't particularly like MS. Also it is not MS sending these brain-dead bounces. It is the admins duty to pick the right tool for the job and avoid tools like this that doesn't serve any purpose. guenther -- char *t=[EMAIL PROTECTED]; main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;il;i++){ i%8? c=1: (c=*++x); c128 (s+=h); if (!(h=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: Is http://www.rulesemporium.com?
I have the same problem here: traceroute to www.rulesemporium.com (72.52.4.74), 30 hops max, 38 byte packets 1 roxanne.pcez.com (209.102.124.1) 0.179 ms 0.146 ms 0.143 ms 2 52.ATM5-0.GW9.POR3.ALTER.NET (157.130.180.65) 3.016 ms 3.190 ms 2.917 ms 3 0.so-4-3-0.XT2.POR3.ALTER.NET (152.63.104.254) 3.397 ms 3.131 ms 3.121 ms 4 0.so-3-0-0.XL2.SJC7.ALTER.NET (152.63.0.146) 17.919 ms 17.896 ms 17.895 ms 5 POS7-0-0.GW4.SJC7.ALTER.NET (152.63.48.245) 19.365 ms 19.351 ms 19.328 ms 6 teliasonera-test-gw.customer.alter.net (157.130.215.70) 21.223 ms 21.364 ms 21.248 ms 7 las-bb1-link.telia.net (213.248.80.17) 30.684 ms 30.711 ms 30.628 ms 8 dls-bb1-link.telia.net (213.248.80.14) 71.889 ms 71.869 ms 71.875 ms 9 mai-b1-link.telia.net (80.91.252.62) 98.787 ms 98.759 ms 98.765 ms 10 * * * Ken On Fri, 29 Feb 2008, David Filion wrote: Ed Kasky wrote: At 12:08 AM Friday, 2/29/2008, blaine wrote -= I was not able to access http://www.rulesemporium.com? is this working are moved some where? Works fine from here. Site is reachable and resolves to 72.52.4.74 which pings fine as well. Something's broken somewhere. From sunny Los Angeles where it was 80 degrees yesterday: traceroute to 72.52.4.74 (72.52.4.74), 30 hops max, 40 byte packets 1 ns5gt.wrenkasky.com (10.10.10.1) 0.620 ms 0.809 ms 1.058 ms 2 router.wrenkasky.com (216.102.129.41) 13.910 ms 19.470 ms 24.269 ms 3 dist4-vlan60.irvnca.sbcglobal.net (67.114.50.66) 29.160 ms 34.044 ms 38.922 ms 4 bb2-g10-0.irvnca.sbcglobal.net (151.164.92.198) 85.450 ms 86.375 ms 87.311 ms 5 151.164.93.167 (151.164.93.167) 70.757 ms 71.946 ms 72.868 ms 6 151.164.251.214 (151.164.251.214) 74.810 ms 76.133 ms 80.781 ms 7 dls-bb1-link.telia.net (213.248.80.14) 144.269 ms 72.000 ms 71.572 ms 8 mai-b1-link.telia.net (80.91.252.62) 100.388 ms 102.816 ms 107.478 ms 9 * * * 10 * * * 11 * * * 12 * * * --snip-- 30 * * * Half / half here. From one server it doesn't work: traceroute to 72.52.4.74 (72.52.4.74), 30 hops max, 40 byte packets 1 heroine.xprima.com (207.96.225.62) 0.621 ms 0.649 ms 0.695 ms 2 ia-piex-gw06-vl1219.vtl.net (207.253.197.1) 1.667 ms 1.366 ms 0.978 ms 3 216.113.123.9 (216.113.123.9) 1.721 ms 1.593 ms 1.248 ms 4 ia-piex-bb04-pos11-0-0-cpe082.vtl.net (216.113.122.82) 14.211 ms * * 5 sl-tisca1-60020-0.sprintlink.net (144.223.37.150) 11.102 ms 11.099 ms 23.997 ms 6 so-0-0-0.mia11.ip.tiscali.net (89.149.186.45) 46.055 ms 46.032 ms 46.057 ms 7 prolexic-gw.ip.tiscali.net (213.200.73.38) 46.046 ms 46.059 ms 45.550 ms 8 * * * 9 * * * --snip-- 30 * * * From a second server it does: traceroute to 72.52.4.74 (72.52.4.74), 30 hops max, 38 byte packets 1 erx02.tor.pppoe.ca (206.248.154.120) 52.137 ms 47.751 ms 49.089 ms 2 i2110.border1.pppoe.ca (206.248.155.249) 48.226 ms 47.784 ms 47.483 ms 3 65.39.198.249 (65.39.198.249) 46.819 ms 48.314 ms 47.175 ms 4 oc48-po4-0.nyc-telx-dis-2.peer1.net (216.187.115.126) 56.828 ms 57.145 ms 56.887 ms 5 oc48-po3-0.nyc-75bre-dis-1.peer1.net (216.187.115.134) 58.735 ms 57.571 ms 58.153 ms 6 oc48-po2-0.wdc-eqx-dis-1.peer1.net (216.187.115.54) 63.232 ms 64.553 ms 63.534 ms 7 * * * 8 unknown.hwng.net (69.16.190.161) 85.520 ms 86.509 ms 85.609 ms 9 1-1.r1.lo.hwng.net (69.16.191.50) 153.904 ms 154.564 ms 154.897 ms 10 unknown.hwng.net (69.16.189.66) 148.284 ms 148.410 ms 148.168 ms 11 unknown.prolexic.com (209.200.156.34) 147.512 ms 148.232 ms 148.250 ms 12 unknown.prolexic.com (72.52.4.74) 147.229 ms 148.328 ms 148.167 ms David
Re: China TLD links
Karsten Bräckelmann wrote: On Thu, 2008-02-28 at 18:04 -0500, Daryl C. W. O'Shea wrote: Of course, now that I've used the word whore three times and quoted it once I'm sure I'll get a deluge of bounces (not rejects) from people running Microsoft's Antigen for SMTP. http://daryl.dostech.ca/blog/2008/02/22/microsoft-antigen-brain-dead-content-filter/ Yes! There's at least one user on this list, somewhere behind an MS Antigen for SMTP, apparently run by psp.com (thank you, Sony), which has been bugging me a couple times already when answering questions. The OP dared to munge private email addresses: Filter name: KEYWORD= spam: xxx I would not have expected anyone on *this* list to run such a stupid single-word content filter. But hey, the subscriber is unlikely to get a lot of traffic from this list anyway passed beyond that wall... I'm curious to see the reason for /dev/null'ing this mail and instead send out a useless and annoying note. Which one will win the race, whore or triple x? :) guenther Blocking is one thing, but scoring is another. Aren't single words defined in many rules for spamassassin? I know fsck and v%%gra are which are not part of a meta rule. I do agree, however, anything M$ does is stupid.
Re: Is http://www.rulesemporium.com?
User for SpamAssassin Mail List wrote: I have the same problem here: traceroute to www.rulesemporium.com (72.52.4.74), 30 hops max, 38 byte packets 1 roxanne.pcez.com (209.102.124.1) 0.179 ms 0.146 ms 0.143 ms 2 52.ATM5-0.GW9.POR3.ALTER.NET (157.130.180.65) 3.016 ms 3.190 ms 2.917 ms 3 0.so-4-3-0.XT2.POR3.ALTER.NET (152.63.104.254) 3.397 ms 3.131 ms 3.121 ms 4 0.so-3-0-0.XL2.SJC7.ALTER.NET (152.63.0.146) 17.919 ms 17.896 ms 17.895 ms 5 POS7-0-0.GW4.SJC7.ALTER.NET (152.63.48.245) 19.365 ms 19.351 ms 19.328 ms 6 teliasonera-test-gw.customer.alter.net (157.130.215.70) 21.223 ms 21.364 ms 21.248 ms 7 las-bb1-link.telia.net (213.248.80.17) 30.684 ms 30.711 ms 30.628 ms 8 dls-bb1-link.telia.net (213.248.80.14) 71.889 ms 71.869 ms 71.875 ms 9 mai-b1-link.telia.net (80.91.252.62) 98.787 ms 98.759 ms 98.765 ms 10 * * * Ken On Fri, 29 Feb 2008, David Filion wrote: Ed Kasky wrote: At 12:08 AM Friday, 2/29/2008, blaine wrote -= I was not able to access http://www.rulesemporium.com? is this working are moved some where? Works fine from here. Site is reachable and resolves to 72.52.4.74 which pings fine as well. Something's broken somewhere. From sunny Los Angeles where it was 80 degrees yesterday: traceroute to 72.52.4.74 (72.52.4.74), 30 hops max, 40 byte packets 1 ns5gt.wrenkasky.com (10.10.10.1) 0.620 ms 0.809 ms 1.058 ms 2 router.wrenkasky.com (216.102.129.41) 13.910 ms 19.470 ms 24.269 ms 3 dist4-vlan60.irvnca.sbcglobal.net (67.114.50.66) 29.160 ms 34.044 ms 38.922 ms 4 bb2-g10-0.irvnca.sbcglobal.net (151.164.92.198) 85.450 ms 86.375 ms 87.311 ms 5 151.164.93.167 (151.164.93.167) 70.757 ms 71.946 ms 72.868 ms 6 151.164.251.214 (151.164.251.214) 74.810 ms 76.133 ms 80.781 ms 7 dls-bb1-link.telia.net (213.248.80.14) 144.269 ms 72.000 ms 71.572 ms 8 mai-b1-link.telia.net (80.91.252.62) 100.388 ms 102.816 ms 107.478 ms 9 * * * 10 * * * 11 * * * 12 * * * Same result from Indiana USA, dies at telia.net. DAve -- Google finally, after 7 years, provided a logo for veterans. Thank you Google. What to do with my signature now?
Re: Time to blacklist google.
Michael Scheidell wrote: Ok, google/gmail emails back says 'this didn't come from us because people are forging our domain'. Reverse dns shows it google, dkim sig says its google. Time to blacklist google. Either google lies or they have been hacked and hackers are spamming through them. Either case, till google fixes their network and attitude, we should blacklist them. Some people might think you are over reacting I can only imagine what it would be like trying to control outgoing spam at Google. -- Marc Perkel - Sales/Support [EMAIL PROTECTED] http://www.junkemailfilter.com Junk Email Filter dot com 415-992-3401
Re: Time to blacklist google.
Michael Scheidell wrote: Ok, google/gmail emails back says 'this didn't come from us because people are forging our domain'. Reverse dns shows it google, dkim sig says its google. Time to blacklist google. Either google lies or they have been hacked and hackers are spamming through them. Either case, till google fixes their network and attitude, we should blacklist them. SA: header GOOGLEISBAD received =~ /google\.com/ score GOOGLEISBAD 100 Postfix ACL: google.com REJECT GOOGLEISBAD Received: from fg-out-1718.google.com (fg-out-1718.google.com [72.14.220.156]) by fl.us.spammertrap.net (Postfix) with ESMTP id ABB5C2E11A for [EMAIL PROTECTED]; Fri, 29 Feb 2008 02:08:33 -0500 (EST) Received: by fg-out-1718.google.com with SMTP id 13so2466562fge.45 for [EMAIL PROTECTED]; Thu, 28 Feb 2008 23:08:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:message-id:date:from:to:subject:mime-version: content-type:content-transfer-encoding:content-disposition:precedence:x-auto reply; bh=sL3vqqwqMdE5yWWphM0o1dUtNuEzLTPRmNUSyn+hD6s=; b=razzMn3uCoyrvZErxj1Nud67bPfwzrESFSZM+Oo06FGxw00Dhg3wvDn7MCloiNk3eHA7zkNr/u 7LjInJ+LCl1KmHOi1AQENVOaVjt82b6o43N6/hUGivDC3HRSSRi9eYFouvmVufkwzxM9Y/Bvbx9Z KnyXtB+ofa/k1SjY+tgbY= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:mime-version:content-type:content-transfer -encoding:content-disposition:precedence:x-autoreply; b=VFo5w/0cZsC3zDwg0h6+rKfTF+UgIcOUinVWWXe1xHzRan7ZkVlYcIrNnjc+KELNRoOyYu8EBg 3/ZgSF+WCoBXyYyipZxpqnr4+wAorfmYth0Kbe4PW4NR//kLL6CvVIRQZ4gkUf/NMccUWBgjRIKB F43RHr0X34LkhbF9sjYm4= Received: by 10.86.3.4 with SMTP id 4mr9872622fgc.69.1204268912528; Thu, 28 Feb 2008 23:08:32 -0800 (PST) Message-ID: [EMAIL PROTECTED] Are there any X- headers? It's known that the captcha was cracked and that some webmail auto-responders are being abused. There might be a better way to ID this mail. Ken -- Ken Anderson Pacific.Net
Re: Is http://www.rulesemporium.com?
Well, same here, from Argentina 2008/2/29, DAve [EMAIL PROTECTED]: User for SpamAssassin Mail List wrote: I have the same problem here: traceroute to www.rulesemporium.com (72.52.4.74), 30 hops max, 38 byte packets 1 roxanne.pcez.com (209.102.124.1) 0.179 ms 0.146 ms 0.143 ms 2 52.ATM5-0.GW9.POR3.ALTER.NET (157.130.180.65) 3.016 ms 3.190 ms 2.917 ms 3 0.so-4-3-0.XT2.POR3.ALTER.NET (152.63.104.254) 3.397 ms 3.131 ms 3.121 ms 4 0.so-3-0-0.XL2.SJC7.ALTER.NET (152.63.0.146) 17.919 ms 17.896 ms 17.895 ms 5 POS7-0-0.GW4.SJC7.ALTER.NET (152.63.48.245) 19.365 ms 19.351 ms 19.328 ms 6 teliasonera-test-gw.customer.alter.net (157.130.215.70) 21.223 ms 21.364 ms 21.248 ms 7 las-bb1-link.telia.net (213.248.80.17) 30.684 ms 30.711 ms 30.628 ms 8 dls-bb1-link.telia.net (213.248.80.14) 71.889 ms 71.869 ms 71.875 ms 9 mai-b1-link.telia.net (80.91.252.62) 98.787 ms 98.759 ms 98.765 ms 10 * * * Ken On Fri, 29 Feb 2008, David Filion wrote: Ed Kasky wrote: At 12:08 AM Friday, 2/29/2008, blaine wrote -= I was not able to access http://www.rulesemporium.com? is this working are moved some where? Works fine from here. Site is reachable and resolves to 72.52.4.74 which pings fine as well. Something's broken somewhere. From sunny Los Angeles where it was 80 degrees yesterday: traceroute to 72.52.4.74 (72.52.4.74), 30 hops max, 40 byte packets 1 ns5gt.wrenkasky.com (10.10.10.1) 0.620 ms 0.809 ms 1.058 ms 2 router.wrenkasky.com (216.102.129.41) 13.910 ms 19.470 ms 24.269 ms 3 dist4-vlan60.irvnca.sbcglobal.net (67.114.50.66) 29.160 ms 34.044 ms 38.922 ms 4 bb2-g10-0.irvnca.sbcglobal.net (151.164.92.198) 85.450 ms 86.375 ms 87.311 ms 5 151.164.93.167 (151.164.93.167) 70.757 ms 71.946 ms 72.868 ms 6 151.164.251.214 (151.164.251.214) 74.810 ms 76.133 ms 80.781 ms 7 dls-bb1-link.telia.net (213.248.80.14) 144.269 ms 72.000 ms 71.572 ms 8 mai-b1-link.telia.net (80.91.252.62) 100.388 ms 102.816 ms 107.478 ms 9 * * * 10 * * * 11 * * * 12 * * * Same result from Indiana USA, dies at telia.net. Dies at Telia... DAve -- Google finally, after 7 years, provided a logo for veterans. Thank you Google. What to do with my signature now? Luis -- - GNU-GPL: May The Source Be With You... Linux Registered User #448382. When I grow up, I wanna be like Theo... -
Re: Time to blacklist google.
At 06:16 AM 2/29/2008, Marc Perkel wrote: Some people might think you are over reacting I can only imagine what it would be like trying to control outgoing spam at Google. The problem is Google does nothing. I've reported dozens of google groups newsgroup spammers. They take no action. What few spammers they have taken action against, they have a 'defect' in their system where basically for their blogspot services, if they cancel a blogspot webpage for someone who spams, there's nothing to prevent the same person from signing back up and recreating the blogspot site again. Yes, I have spam I've reported to them as far back as 2006, with absolutely no action taken. I drop all Google Groups posts in my usenet client.
Re: Time to blacklist google.
Michael Scheidell wrote: Ok, google/gmail emails back says 'this didn't come from us because people are forging our domain'. Reverse dns shows it google, dkim sig says its google. Time to blacklist google. I read an article the other day about the bad people have cracked gmail's captcha system and are automatically creating gmail accounts with a success rate of 1 in 5. http://www.virusbtn.com/news/2008/02_26.xml -- Mark Johnson http://www.astroshapes.com/information-technology/blog
sa-learn user problem
Hello, my mac os x leopard (10.5.2 with updated amavis-new and spamassassin) runs a script, which calls sa-learn with sudo and user _amavis. In the config files for amavis and clamAV the user is set to _amavis. Now sa-learn always tries to open /var/root/.spamassassin/user_prefs, which of course fails. Where or how can I correct this problem? Thanks and all the best Matthias
Re: Is http://www.rulesemporium.com?
Ed Kasky wrote: At 12:08 AM Friday, 2/29/2008, blaine wrote -= I was not able to access http://www.rulesemporium.com? is this working are moved some where? Works fine from here. Site is reachable and resolves to 72.52.4.74 which pings fine as well. Something's broken somewhere. From sunny Los Angeles where it was 80 degrees yesterday: traceroute to 72.52.4.74 (72.52.4.74), 30 hops max, 40 byte packets 1 ns5gt.wrenkasky.com (10.10.10.1) 0.620 ms 0.809 ms 1.058 ms 2 router.wrenkasky.com (216.102.129.41) 13.910 ms 19.470 ms 24.269 ms 3 dist4-vlan60.irvnca.sbcglobal.net (67.114.50.66) 29.160 ms 34.044 ms 38.922 ms 4 bb2-g10-0.irvnca.sbcglobal.net (151.164.92.198) 85.450 ms 86.375 ms 87.311 ms 5 151.164.93.167 (151.164.93.167) 70.757 ms 71.946 ms 72.868 ms 6 151.164.251.214 (151.164.251.214) 74.810 ms 76.133 ms 80.781 ms 7 dls-bb1-link.telia.net (213.248.80.14) 144.269 ms 72.000 ms 71.572 ms 8 mai-b1-link.telia.net (80.91.252.62) 100.388 ms 102.816 ms 107.478 ms 9 * * * 10 * * * 11 * * * 12 * * * --snip-- 30 * * * Half / half here. From one server it doesn't work: traceroute to 72.52.4.74 (72.52.4.74), 30 hops max, 40 byte packets 1 heroine.xprima.com (207.96.225.62) 0.621 ms 0.649 ms 0.695 ms 2 ia-piex-gw06-vl1219.vtl.net (207.253.197.1) 1.667 ms 1.366 ms 0.978 ms 3 216.113.123.9 (216.113.123.9) 1.721 ms 1.593 ms 1.248 ms 4 ia-piex-bb04-pos11-0-0-cpe082.vtl.net (216.113.122.82) 14.211 ms * * 5 sl-tisca1-60020-0.sprintlink.net (144.223.37.150) 11.102 ms 11.099 ms 23.997 ms 6 so-0-0-0.mia11.ip.tiscali.net (89.149.186.45) 46.055 ms 46.032 ms 46.057 ms 7 prolexic-gw.ip.tiscali.net (213.200.73.38) 46.046 ms 46.059 ms 45.550 ms 8 * * * 9 * * * --snip-- 30 * * * From a second server it does: traceroute to 72.52.4.74 (72.52.4.74), 30 hops max, 38 byte packets 1 erx02.tor.pppoe.ca (206.248.154.120) 52.137 ms 47.751 ms 49.089 ms 2 i2110.border1.pppoe.ca (206.248.155.249) 48.226 ms 47.784 ms 47.483 ms 3 65.39.198.249 (65.39.198.249) 46.819 ms 48.314 ms 47.175 ms 4 oc48-po4-0.nyc-telx-dis-2.peer1.net (216.187.115.126) 56.828 ms 57.145 ms 56.887 ms 5 oc48-po3-0.nyc-75bre-dis-1.peer1.net (216.187.115.134) 58.735 ms 57.571 ms 58.153 ms 6 oc48-po2-0.wdc-eqx-dis-1.peer1.net (216.187.115.54) 63.232 ms 64.553 ms 63.534 ms 7 * * * 8 unknown.hwng.net (69.16.190.161) 85.520 ms 86.509 ms 85.609 ms 9 1-1.r1.lo.hwng.net (69.16.191.50) 153.904 ms 154.564 ms 154.897 ms 10 unknown.hwng.net (69.16.189.66) 148.284 ms 148.410 ms 148.168 ms 11 unknown.prolexic.com (209.200.156.34) 147.512 ms 148.232 ms 148.250 ms 12 unknown.prolexic.com (72.52.4.74) 147.229 ms 148.328 ms 148.167 ms David
Sorry for the duplicate messages
The last two messages I sent were duplicated on this list. I'm not sure why and I hope this one isn't duplicated. I'm using Exim and I'm only seeing one entry in my log. If anyone knows what might be causing this I'd be more than happy to fix the problem. Until then, I apologize for the dups. -- Marc Perkel - Sales/Support [EMAIL PROTECTED] http://www.junkemailfilter.com Junk Email Filter dot com 415-992-3401
Re: sa-learn user problem
Matthias Schmidt escribió: Hello, my mac os x leopard (10.5.2 with updated amavis-new and spamassassin) runs a script, which calls sa-learn with sudo and user _amavis. In the config files for amavis and clamAV the user is set to _amavis. Now sa-learn always tries to open /var/root/.spamassassin/user_prefs, which of course fails. Where or how can I correct this problem? Thanks and all the best Matthias I had a similar problem and Luis Otegui suggested I used # su user -c 'command' ...and it worked. Try it. Regards /Diego
some custom ruleset rule info please
In regards to backhair.cf backhair is a set of rules designed to catch those ugly, unsightly HTML tags. Created by: Jennifer Wheeler are unsightly HTML tags just referring to basic HTML coding or something else we should better understand as spam fighting warriors Thank you - rh
spamass-milter goes to 100% CPU on freebsd 6.3
Hi, I have installed spamassassin on my freebsd 6.3 and everything works great but after some time (it could be couple of days, or hours) the CPU utilization on spamass-milter goes to almost 100%. I have discovered that the following messages cause the 100% utilization: Feb 29 04:22:32 sara sm-mta[27844]: m1T9MQ2W027844: from=[EMAIL PROTECTED], size=1721, class=0, nrcpts=1, msgid=[EMAIL PROTECTED], proto=SMTP, daemon=IPv4, relay=[58.137.142.102] Feb 29 04:22:32 sara sm-mta[27845]: m1T9MQgb027845: from=[EMAIL PROTECTED], size=1737, class=0, nrcpts=1, msgid=[EMAIL PROTECTED], proto=SMTP, daemon=IPv4, relay=[58.137.142.102] Feb 29 04:22:32 sara spamd[27027]: spamd: connection from localhost [127.0.0.1] at port 61494 Feb 29 04:22:32 sara spamd[27027]: spamd: processing message [EMAIL PROTECTED] for root:58 Notice that sendmail receives two messages from the same relay by the same person with almost the same msgid, one is a057... and the other one is a056... You see from the log that the second one is processed by spamd, but the first one causes the high cpu utilization in spam-milter. Since it is spam-milter and not sendmail that is having problem I am thinking that there is something in that message that is not liked by SpamAssassin. How can I get more information logged about the message so I can find the root-cause? Has anyone else come across this problem? I have also posted this problem on bsdforums, because I wasn't sure if it is a problem with freebsd: http://www.bsdforums.org/forums/showthread.php?p=289253#post289253 Many thanks Aflatoon - Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now.
RE: Sorry for the duplicate messages
The last two messages I sent were duplicated on this list. I'm not sure why and I hope this one isn't duplicated. I'm using Exim and I'm only seeing one entry in my log. If anyone knows what might be causing this I'd be more than happy to fix the problem. Until then, I apologize for the dups. Marc Don't feel bad, the list software allowed me to post from an email address I did not subscribe Thing is, I had to unsubscribe that email address. What is going on behind the scenese? :-) - rh
aren't SPF_ rules network?
Hello, I wonder if SPF rules shouldn't be considered network... they require DNS lookups, don't they? -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Micro$oft random number generator: 0, 0, 0, 4.33e+67, 0, 0, 0...
Perl problem (Scalar::Util)
I'm getting the following error from various perl programs: $sa-update Use of uninitialized value in concatenation (.) or string at /usr/lib64/perl5/5.8.8/x86_64-linux-thread-multi/Scalar/Util.pm line 30. OK... maybe we need an update: [EMAIL PROTECTED] ~]# perl -MCPAN -e shell cpan install Scalar::Util CPAN: Storable loaded ok Going to read /root/.cpan/Metadata Database was generated on Fri, 29 Feb 2008 15:31:08 GMT Scalar::Util is up to date. Anyone have a solution?
Re: aren't SPF_ rules network?
On 29/02/2008 1:11 PM, Matus UHLAR - fantomas wrote: Hello, I wonder if SPF rules shouldn't be considered network... they require DNS lookups, don't they? Network, no... the rules just need a suitable message, SA and a Perl interpreter. :) Seriously though, the SPF plugin (in 3.2+) can reuse the results from Received-SPF headers, if present, without doing any lookups itself. So it's not strictly a DNS based test itself. The plugin will not attempt lookups if you do not have network checks enabled (not using scoresets 1 or 3). It will only attempt to reuse results. If you do have network checks enabled, it will attempt to get results from the network if there are no results to reuse. From the M::SA::P::SPF POD: ignore_received_spf_header (0|1) (default: 0) By default, to avoid unnecessary DNS lookups, the plugin will try to use the SPF results found in any Received-SPF headers it finds in the message that could only have been added by an internal relay. Set this option to 1 to ignore any Received-SPF headers present and to have the plugin perform the SPF check itself. Note that unless the plugin finds an identity=helo, or some unsupported identity, it will assume that the result is a mfrom SPF check result. The only identities supported are mfrom, mailfrom and helo. use_newest_received_spf_header (0|1)(default: 0) By default, when using Received-SPF headers, the plugin will attempt to use the oldest (bottom most) Received-SPF headers, that were added by internal relays, that it can parse results from since they are the most likely to be accurate. This is done so that if you have an incoming mail setup where one of your primary MXes doesn't know about a secondary MX (or your MXes don't know about some sort of forwarding relay that SA considers trusted+internal) but SA is aware of the actual domain boundary (internal_networks setting) SA will use the results that are most accurate. Use this option to start with the newest (top most) Received-SPF headers, working downwards until results are successfully parsed. Daryl
Re: aren't SPF_ rules network?
Matus UHLAR - fantomas wrote: Hello, I wonder if SPF rules shouldn't be considered network... they require DNS lookups, don't they? Yes. Network related.
Re: some custom ruleset rule info please
On Fri, 2008-02-29 at 09:43 -0800, Robert - elists wrote: In regards to backhair.cf backhair is a set of rules designed to catch those ugly, unsightly HTML tags. Created by: Jennifer Wheeler are unsightly HTML tags just referring to basic HTML coding or something else we should better understand as spam fighting warriors If I understand your question correctly... The latter. Obfuscation. You did have a look at the rules file and the rules description, right? It's about injected HTML tags inside words or to hide part of the gibberish as a means of preventing plain word matching, IIRC. It's been a while, but if memory serves me right, Jennifer picked the rules name, because these stand out like, well, backhair. ;) Anyway, why are you asking? You're not pondering to use it, are you? guenther -- char *t=[EMAIL PROTECTED]; main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;il;i++){ i%8? c=1: (c=*++x); c128 (s+=h); if (!(h=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: spamass-milter goes to 100% CPU on freebsd 6.3
On 29/02/2008 12:51 PM, Aflatoon Aflatooni wrote: Hi, I have installed spamassassin on my freebsd 6.3 and everything works great but after some time (it could be couple of days, or hours) the CPU utilization on spamass-milter goes to almost 100%. I have discovered that the following messages cause the 100% utilization: Since it is spam-milter and not sendmail that is having problem I am thinking that there is something in that message that is not liked by SpamAssassin. Since it's spamass-milter that is going to 100% and not spamd I would look for a problem with spamass-milter. That said, you've described the reliability I've come to expect from spamass-milter. I would (and do) personally use something else. Daryl
Re: some custom ruleset rule info please
On Fri, 2008-02-29 at 19:57 +0100, Karsten Bräckelmann wrote: On Fri, 2008-02-29 at 09:43 -0800, Robert - elists wrote: backhair is a set of rules designed to catch those ugly, unsightly HTML tags. Created by: Jennifer Wheeler are unsightly HTML tags just referring to basic HTML coding or something else we should better understand as spam fighting warriors If I understand your question correctly... The latter. Obfuscation. You did have a look at the rules file and the rules description, right? It's about injected HTML tags inside words or to hide part of the gibberish as a means of preventing plain word matching, IIRC. It's been Meep. Nope, it is words obfuscated by nonsense html tags, as mentioned at the location pointed to by CustomRulesets. So I overlooked that link, and while I had a glimpse at the REs I overlooked the negation in the lookahead. *sigh* Time to go look at something else than a screen... a while, but if memory serves me right, Jennifer picked the rules name, because these stand out like, well, backhair. ;) Anyway, why are you asking? You're not pondering to use it, are you? This stands. :) guenther -- char *t=[EMAIL PROTECTED]; main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;il;i++){ i%8? c=1: (c=*++x); c128 (s+=h); if (!(h=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: aren't SPF_ rules network?
On Fri, Feb 29, 2008 at 07:11:05PM +0100, Matus UHLAR - fantomas wrote: I wonder if SPF rules shouldn't be considered network... they require DNS lookups, don't they? Yes, DNS is required. What makes you think that SPF isn't considered a network test though? Right in the code is: return unless $scanner-is_dns_available(); which validates the local-only (-L) option, etc: goto done if ($self-{main}-{local_tests_only}); Also, the rules are listed as net rules: tflags SPF_FAIL net [...] tflags SPF_HELO_SOFTFAIL net -- Randomly Selected Tagline: Lotus won't work, it uses a bunch of db files (Microsoft pre-1998) We reorganized Exchange 2000 to scale by using multiple DB files! (Microsoft in 2000). pgpVvsZAhDbLY.pgp Description: PGP signature
Re: Is http://www.rulesemporium.com?
At 05:09 29-02-2008, Ed Kasky wrote: Something's broken somewhere. From sunny Los Angeles where it was 80 degrees yesterday: The traceroute output doesn't mean that something is broken. The web site in the subject line has denial of service protection. It may be reachable by some and unreachable to others. Regards, -sm
Re: aren't SPF_ rules network?
On 29/02/2008 2:05 PM, Theo Van Dinter wrote: On Fri, Feb 29, 2008 at 07:11:05PM +0100, Matus UHLAR - fantomas wrote: I wonder if SPF rules shouldn't be considered network... they require DNS lookups, don't they? Yes, DNS is required. Only if there aren't Received-SPF headers to reuse results from (in 3.2 or later). What makes you think that SPF isn't considered a network test though? Right in the code is: return unless $scanner-is_dns_available(); Which comes after the attempt to reuse the Received-SPF headers. Also, the rules are listed as net rules: tflags SPF_FAIL net [...] tflags SPF_HELO_SOFTFAIL net In trunk they are again (jm's r596095). Before that they weren't, and still aren't in the 3.2 branch (my r588457). Now I'm not sure what to do. We need to generate scores for the rules for set0 (so they shouldn't have tflags net) but those scores probably aren't going to be very accurate since I don't think many of the mass-check contributors have Received-SPF headers in their mail. http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5842 Daryl
Re: aren't SPF_ rules network?
yes. If they're not marked as such, that's a bug... On Fri, Feb 29, 2008 at 6:11 PM, Matus UHLAR - fantomas [EMAIL PROTECTED] wrote: Hello, I wonder if SPF rules shouldn't be considered network... they require DNS lookups, don't they? -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Micro$oft random number generator: 0, 0, 0, 4.33e+67, 0, 0, 0...
Re: Time to blacklist google.
* SM [EMAIL PROTECTED]: Time to blacklist google. The users may complain if you do that. To [EMAIL PROTECTED] Problem solved! -- Ralf Hildebrandt (i.A. des IT-Zentrums) [EMAIL PROTECTED] Charite - Universitätsmedizin BerlinTel. +49 (0)30-450 570-155 Gemeinsame Einrichtung von FU- und HU-BerlinFax. +49 (0)30-450 570-962 IT-Zentrum Standort CBF send no mail to [EMAIL PROTECTED]
Re: Is http://www.rulesemporium.com?
At 11:20 AM Friday, 2/29/2008, SM wrote -= At 05:09 29-02-2008, Ed Kasky wrote: Something's broken somewhere. From sunny Los Angeles where it was 80 degrees yesterday: The traceroute output doesn't mean that something is broken. The web site in the subject line has denial of service protection. It may be reachable by some and unreachable to others. How then would you explain why it worked just fine up until some point this week? Has the denial of serevice protection been tightened up even more?? Ed Kasky ~ Randomly Generated Quote (491 of 576): The greatest of faults, I should say, is to be conscious of none. -Thomas Carlyle, writer (1795-1881)
Re: Time to blacklist google.
Ralf Hildebrandt wrote: * SM [EMAIL PROTECTED]: Time to blacklist google. The users may complain if you do that. To [EMAIL PROTECTED] Problem solved! No. Your users may complain to you that they're unable to receive email from colleagues/friends/etc. who use google. Though, depending on your environment, that may not be a problem.
Re: Time to blacklist google.
The abuse contacts were removed from the Cc to prevent abuse. At 04:51 29-02-2008, Michael Scheidell wrote: Ok, google/gmail emails back says 'this didn't come from us because people are forging our domain'. Reverse dns shows it google, dkim sig says its google. If it passes DKIM verification, then it comes from them. Time to blacklist google. The users may complain if you do that. Regards, -sm
Re: Is http://www.rulesemporium.com?
Hi! The traceroute output doesn't mean that something is broken. The web site in the subject line has denial of service protection. It may be reachable by some and unreachable to others. How then would you explain why it worked just fine up until some point this week? Has the denial of serevice protection been tightened up even more?? In fact, yes, they are doing upgrades and are part of another company. So they might be migrating services. Anyway, its a free service isnt it. If its not there you just have to sit and wait. ;) And like told, none of the SARE sets were changed in 2008 anyway, so no need to check. Bye, Raymond.
RE: some custom ruleset rule info please
If I understand your question correctly... The latter. Obfuscation. You did have a look at the rules file and the rules description, right? It's about injected HTML tags inside words or to hide part of the gibberish as a means of preventing plain word matching, IIRC. It's been a while, but if memory serves me right, Jennifer picked the rules name, because these stand out like, well, backhair. ;) Anyway, why are you asking? You're not pondering to use it, are you? guenther Thank you for the info I looked at the file, yet as a rule making novice it didn't mean a lot to me so I wondered what it does. Yes, I was wondering if it was a good idea to include this ruleset. Should backhair.cf *not* be used anymore with SA or latest SA 3.2.4 or ??? Thanks! - rh
Re: Perl problem (Scalar::Util)
Steven Stern wrote: I'm getting the following error from various perl programs: $sa-update Use of uninitialized value in concatenation (.) or string at /usr/lib64/perl5/5.8.8/x86_64-linux-thread-multi/Scalar/Util.pm line 30. OK... maybe we need an update: [EMAIL PROTECTED] ~]# perl -MCPAN -e shell cpan install Scalar::Util CPAN: Storable loaded ok Going to read /root/.cpan/Metadata Database was generated on Fri, 29 Feb 2008 15:31:08 GMT Scalar::Util is up to date. Anyone have a solution? For some reason yum perl updates on Fedora 8 cause this to happen for me. Even though CPAN reports that you have the latest version of Scalar:Util, you will still need to download, compile, and install Scalar-List-Utils-1.19.tar.gz. This should resolve the issue for you, at least it has worked for me the last few perl updates. GL, Bill
Re: Is http://www.rulesemporium.com?
At 12:39 PM Friday, 2/29/2008, Raymond Dijkxhoorn wrote -= Hi! The traceroute output doesn't mean that something is broken. The web site in the subject line has denial of service protection. It may be reachable by some and unreachable to others. How then would you explain why it worked just fine up until some point this week? Has the denial of serevice protection been tightened up even more?? In fact, yes, they are doing upgrades and are part of another company. So they might be migrating services. Anyway, its a free service isnt it. If its not there you just have to sit and wait. ;) And like told, none of the SARE sets were changed in 2008 anyway, so no need to check. Now that was just too logical of an explanation ;-) Thanks! Ed Kasky ~ Randomly Generated Quote (214 of 576): We should keep so close to the facts that we never have to remember the second time what we said the first time. - F. Marion Smith
RE: some custom ruleset rule info please
On Fri, 2008-02-29 at 13:27 -0800, Robert - elists wrote: Anyway, why are you asking? You're not pondering to use it, are you? I looked at the file, yet as a rule making novice it didn't mean a lot to me so I wondered what it does. Yes, I was wondering if it was a good idea to include this ruleset. Where did you find that ruleset? from http://wiki.apache.org/spamassassin/CustomRulesets Note: SA 3.0.0 documentation indicates that much of this rule set has been incorporated into that version. This file is unnecessary with SA 3.0.0. Should backhair.cf *not* be used anymore with SA or latest SA 3.2.4 or ??? Not with any 3.x version. guenther -- char *t=[EMAIL PROTECTED]; main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;il;i++){ i%8? c=1: (c=*++x); c128 (s+=h); if (!(h=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
RE: some custom ruleset rule info please
Not with any 3.x version. guenther :-) Oops, my fault... I missed that part even though I was looking for it What about this Chinese ruleset, anyone in the USA using it to help with occasional or massive incoming foreign spam? I would guess it puts quite a load on the system eh? :-0 Chinese Rules Rules to catch spams written in Chinese. Created by: Quang-Anh Tran, at CCERT Anti-Spam Team Contact: [EMAIL PROTECTED] License Type: Apache License Status: Active Available at: http://www.ccert.edu.cn/spam/sa/Chinese_rules.cf More information (in Chinese): http://www.ccert.edu.cn/spam/sa/Chinese_rules.htm Note : Rules and scores are updated once a week by using spams reported to the anti-spam service of CCERT in the last 3 months. Sample Results: MasscheckChineserules - rh
Emails passing through SA with valueless headers
Greetings I have utilised Spam Assasin for many years through a couple of hosting accounts, however, over recent months I started getting a large volume of emails that had semingly been passed through by Spam Assasin marked as not spam but with no values in the other SA headers. Below is an example of what the SA headers look like on every single one of these emails... (I've gotten almost 100 in the last 3 days alone!) X-Spam-Status: No, score= X-Spam-Score: X-Spam-Bar: X-Spam-Flag: NO Although spam assassin continued to filter out most spam correctly the volume of these emails being delivered increased until my mailbox was being inundated and my hosting company were either unwilling or unable to deal with the problem. Consequently I recently switched to a different host but after a week or three of smooth running I started receiving emails with identical invalid headers, and now I find myself drowning in them once again with another hosting company seemingly unable to identify or correct the issue. :-/ If anyone can help me with this I would be MOST grateful, thanks! fLaMePr0oF -- View this message in context: http://www.nabble.com/Emails-passing-through-SA-with-valueless-headers-tp15768994p15768994.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
ok_locales (was: Re: some custom ruleset rule info please)
On Fri, 2008-02-29 at 14:42 -0800, Robert - elists wrote: What about this Chinese ruleset, anyone in the USA using it to help with occasional or massive incoming foreign spam? Is there any particular need for additional rules, or are you just fishing for fun? That's quite a jump from backhair... Anyway, do you speak or read Chinese? Japanese, Korean, any Cyrillic language or Thai? I haven't had a look at that particular custom ruleset you mention, but it sounds like simply using 'ok_locales en' would do if you can't decypher any charset but Western [1]. If you can, just add them to the list. See LANGUAGE OPTIONS in the docs. http://spamassassin.apache.org/full/3.2.x/doc/Mail_SpamAssassin_Conf.html guenther [1] Yes, that includes German Umlauts, Swedisch, French, etc. See my recent postings about this the last 2 weeks. -- char *t=[EMAIL PROTECTED]; main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;il;i++){ i%8? c=1: (c=*++x); c128 (s+=h); if (!(h=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
RE: ok_locales (was: Re: some custom ruleset rule info please)
On Fri, 2008-02-29 at 14:42 -0800, Robert - elists wrote: What about this Chinese ruleset, anyone in the USA using it to help with occasional or massive incoming foreign spam? Is there any particular need for additional rules, or are you just fishing for fun? That's quite a jump from backhair... Anyway, do you speak or read Chinese? Japanese, Korean, any Cyrillic language or Thai? I haven't had a look at that particular custom ruleset you mention, but it sounds like simply using 'ok_locales en' would do if you can't decypher any charset but Western [1]. If you can, just add them to the list. See LANGUAGE OPTIONS in the docs. http://spamassassin.apache.org/full/3.2.x/doc/Mail_SpamAssassin_Conf.html guenther Yeah, I am fishing a little... mainly for people with experience with these rulesets to speak up as necessary It is a global world and we have different languages traversing our systems. You mentioned some of them... Bottom line is we are looking for ideas for the short and long term future. We are away of the language setting and are trying to get more well versed in the various integrations available. Some of those rulesets are current and work well in 3.2.4 etc Thank you - rh
Re: Perl problem (Scalar::Util)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 02/29/2008 03:57 PM, Bill Landry wrote: | Steven Stern wrote: | I'm getting the following error from various perl programs: | | $sa-update | Use of uninitialized value in concatenation (.) or string at | /usr/lib64/perl5/5.8.8/x86_64-linux-thread-multi/Scalar/Util.pm line 30. | | OK... maybe we need an update: | | | [EMAIL PROTECTED] ~]# perl -MCPAN -e shell | cpan install Scalar::Util | CPAN: Storable loaded ok | Going to read /root/.cpan/Metadata | Database was generated on Fri, 29 Feb 2008 15:31:08 GMT | Scalar::Util is up to date. | | Anyone have a solution? | | | For some reason yum perl updates on Fedora 8 cause this to happen for | me. Even though CPAN reports that you have the latest version of | Scalar:Util, you will still need to download, compile, and install | Scalar-List-Utils-1.19.tar.gz. This should resolve the issue for you, | at least it has worked for me the last few perl updates. | | GL, | | Bill | I found out this also works: ~ $cpan ~ force install Scalar::Util - -- ~ Steve -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFHyJzyeERILVgMyvARAvdWAJ9Br+Tb2elljt2QiOGIC4peiXgevgCfZ6md DVovqagwclYoUTF3q93YdR8= =dZWU -END PGP SIGNATURE-
RE: ok_locales (was: Re: some custom ruleset rule info please)
Yeah, I am fishing a little... mainly for people with experience with these rulesets to speak up as necessary It is a global world and we have different languages traversing our systems. You mentioned some of them... Which ones? The Western charset ones in the footnote, or the one with entirely different charsets and symbols? If you *do* expect legit mail entirely written in Chinese, ok_locales clearly is not a good way to handle Chinese spam, right. guenther -- char *t=[EMAIL PROTECTED]; main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;il;i++){ i%8? c=1: (c=*++x); c128 (s+=h); if (!(h=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: Emails passing through SA with valueless headers
Hi, This is similar to what I'm seeing. However I get question marks on my spam status. Here is a sample header what I'm seeing: Return-Path: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] X-Spam-Status: No, hits=? required=? Message-ID: [EMAIL PROTECTED] From: Lorena Aguilar [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Autodesk AutoCAD 2008 OEM version Date: Fri, 29 Feb 2008 21:29:50 +0800 Content-Type: text/plain; format=flowed; charset=us-ascii; reply-type=original Content-Transfer-Encoding: 7bit X-Spam: Not detected These are the attributes I see in these messages: 1) They all take long time to process. Longer time than my set timeout of 50 seconds. 2) Most of them have phishing links I'm still trying to out if what is the cause also. Regards, Frank Greetings I have utilised Spam Assasin for many years through a couple of hosting accounts, however, over recent months I started getting a large volume of emails that had semingly been passed through by Spam Assasin marked as not spam but with no values in the other SA headers. Below is an example of what the SA headers look like on every single one of these emails... (I've gotten almost 100 in the last 3 days alone!) X-Spam-Status: No, score= X-Spam-Score: X-Spam-Bar: X-Spam-Flag: NO Although spam assassin continued to filter out most spam correctly the volume of these emails being delivered increased until my mailbox was being inundated and my hosting company were either unwilling or unable to deal with the problem. Consequently I recently switched to a different host but after a week or three of smooth running I started receiving emails with identical invalid headers, and now I find myself drowning in them once again with another hosting company seemingly unable to identify or correct the issue. :-/ If anyone can help me with this I would be MOST grateful, thanks! fLaMePr0oF -- View this message in context: http://www.nabble.com/Emails-passing-through-SA-with-valueless-headers-tp15768994p15768994.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: Time to blacklist google.
On Friday 29 February 2008, SM wrote: The abuse contacts were removed from the Cc to prevent abuse. At 04:51 29-02-2008, Michael Scheidell wrote: Ok, google/gmail emails back says 'this didn't come from us because people are forging our domain'. Reverse dns shows it google, dkim sig says its google. If it passes DKIM verification, then it comes from them. Time to blacklist google. The users may complain if you do that. With all due regard for google all that rot, the one thing they do understand is when 10m customers suddenly start yelling cuz they can't send an email. Like many, I have an email account there, but its like taking 2 baskets to gather eggs in, insurance. And I pop it with fetchmail as has been mentioned on the fedora list just this evening, not by me but as a recommendation to another who had something googlemail did screw with his way of doing things. Should that happen, it will get fixed, take it to the bank. If gmail has a problem, then without a doubt, blacklist them until they fix it. Seems pretty simple to me. Regards, -sm -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) Warp 7 -- It's a law we can live with.
Re: Time to blacklist google.
If gmail has a problem, then without a doubt, blacklist them until they fix it. Seems pretty simple to me. I know that the ISP's I run mail systems for would lose their customers if they stop getting mail from Google. The customer attitude is that the provider should take measures to block spam but don't you dare block a legitimate message for any reason. Of course, every situation is different. Personally, I'd rather put better filters in place at my end than expect Google to control it. Same goes for Yahoo and Microsoft. In theory I think it would be a good idea but just the number of mail systems required to get the point across is too high to actually happen soon. Looking at my mail history there is a lot of legitimate mail from Google and very little spam (so far). I do miss the days when spam filtering was a luxury and nobody really needed it. Now I'm running thousands of dollars of hardware to handle mail that is about 98% spam with a 99.995% successful filtering rate. --Blaine
Re: Emails passing through SA with valueless headers
At 02:48 PM 2/29/2008, fLaMePr0oF wrote: Greetings I have utilised Spam Assasin for many years through a couple of hosting accounts, however, over recent months I started getting a large volume of emails that had semingly been passed through by Spam Assasin marked as not spam but with no values in the other SA headers. Below is an example of what the SA headers look like on every single one of these emails... (I've gotten almost 100 in the last 3 days alone!) X-Spam-Status: No, score= X-Spam-Score: X-Spam-Bar: X-Spam-Flag: NO Although spam assassin continued to filter out most spam correctly the volume of these emails being delivered increased until my mailbox was being inundated and my hosting company were either unwilling or unable to deal with the problem. Consequently I recently switched to a different host but after a week or three of smooth running I started receiving emails with identical invalid headers, and now I find myself drowning in them once again with another hosting company seemingly unable to identify or correct the issue. :-/ Some information like how you're calling spamassassin, what O/S you're running, what the relevant logs say, etc would help.
Re: Emails passing through SA with valueless headers
X-Spam-Status: No, score= X-Spam-Score: X-Spam-Bar: X-Spam-Flag: NO X-Spam-Bar is not a standard SA header. Someone asked about this a few weeks ago, but I don't recall the result of the thread. My best guess at the moment is that whatever integration tool you are using is calling SA and then putting its own results into the mail message after looking at what SA said. In this canse, maybe either it is failing to call SA or for come reason SA itself is failing on these messages, so the tool ends up sticking in empty headers. Tell us what OS you are using and what the mail tools are that you are using. Loren