Re: msrbl.com disappeared
René Berber wrote: mouss wrote: Frank Bures wrote: I could not update SANE Security signatures in the last couple of days. It looks like domain msrbl.com disappeared. Could please anyone shed some light on this? $ host msrbl.com msrbl.com has address 64.22.86.210 msrbl.com mail is handled by 20 newton.8086.net. msrbl.com mail is handled by 30 mxuk.camelnetwork.com. msrbl.com mail is handled by 90 mxus.camelnetwork.com. msrbl.com mail is handled by 1000 mx.fakemx.net. Actually it's rsync.mirror.msrbl.com (alias to same address), but it has been working fine so the original problem must be something else. The problem was probably geographically limited. I tried to resolve msrbl.com from work (toronto.edu) and from home (primus.ca) and I could not. I could not resolve the domain even when contacting its own DNS servers based on whois. It was not working for at least two days, started to work again yesterday (May 11) evening EDT. Cheers Frank -- [EMAIL PROTECTED]
Re: msrbl.com disappeared
On 11.05.08 10:07, Frank Bures wrote: I could not update SANE Security signatures in the last couple of days. It looks like domain msrbl.com disappeared. Could please anyone shed some light on this? as I have already said some time ago (you've probably missed it), the msrbl.com domain contains bad NS record pointing to staff.us01.americas.cameldns.com. that does not respond. The delegation contains NS staff.us00.americas.cameldns.com that works. -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. 99 percent of lawyers give the rest a bad name.
RBLs not functioning
Hoping somebody out there can help. After noticing a dramatic increase in male enhancement spam lately, I started to investigate what was going on and it would appear that none of the default RBLs are getting checked. I've done everything that I can think of and I just can't figure out what is wrong. Any help would be greatly appreciated Regards, Matt Adair [EMAIL PROTECTED] Running FeeBSD 4.4 Spamassassin 3.2.4 Perl 5.8.4 Mail is fed into spamassassin using procmail Here are the (partial) results of feeding a spam email into Spamassassin with -D %spamassassin -D spam.txt [84550] dbg: logger: adding facilities: all [84550] dbg: logger: logging level is DBG [84550] dbg: generic: SpamAssassin version 3.2.4 [84550] dbg: config: score set 0 chosen. [84550] dbg: util: running in taint mode? yes [84550] dbg: util: taint mode: deleting unsafe environment variables, resetting PATH [84550] dbg: util: PATH included '/usr/home/mla', keeping [84550] dbg: util: PATH included '/sbin', keeping [84550] dbg: util: PATH included '/bin', keeping [84550] dbg: util: PATH included '/usr/sbin', keeping [84550] dbg: util: PATH included '/usr/bin', keeping [84550] dbg: util: PATH included '/usr/local/sbin', keeping [84550] dbg: util: PATH included '/usr/local/bin', keeping [84550] dbg: util: PATH included '/usr/local/www/bin', keeping [84550] dbg: util: PATH included '/usr/libexec', keeping [84550] dbg: util: PATH included '/usr/games', keeping [84550] dbg: util: PATH included '/stand', which doesn't exist, dropping [84550] dbg: dns: no ipv6 [84550] dbg: dns: is Net::DNS::Resolver available? yes [84550] dbg: dns: Net::DNS version: 0.58 [84550] dbg: config: using /etc/mail/spamassassin for site rules pre files [84550] dbg: config: read file /etc/mail/spamassassin/init.pre [84550] dbg: config: read file /etc/mail/spamassassin/v310.pre [84550] dbg: config: read file /etc/mail/spamassassin/v312.pre [84550] dbg: config: read file /etc/mail/spamassassin/v320.pre [84550] dbg: config: using /usr/local/share/spamassassin for sys rules pre files [84550] dbg: config: using /usr/local/share/spamassassin for default rules dir [84550] dbg: config: read file /usr/local/share/spamassassin/10_default_prefs.cf [84550] dbg: config: read file /usr/local/share/spamassassin/20_advance_fee.cf [84550] dbg: config: read file /usr/local/share/spamassassin/20_body_tests.cf [84550] dbg: config: read file /usr/local/share/spamassassin/20_compensate.cf [84550] dbg: config: read file /usr/local/share/spamassassin/20_dnsbl_tests.cf [84550] dbg: config: read file /usr/local/share/spamassassin/20_drugs.cf [84550] dbg: config: read file /usr/local/share/spamassassin/20_dynrdns.cf [84550] dbg: config: read file /usr/local/share/spamassassin/20_fake_helo_tests.cf [84550] dbg: config: read file /usr/local/share/spamassassin/20_head_tests.cf [84550] dbg: config: read file /usr/local/share/spamassassin/20_html_tests.cf [84550] dbg: config: read file /usr/local/share/spamassassin/20_imageinfo.cf [84550] dbg: config: read file /usr/local/share/spamassassin/20_meta_tests.cf [84550] dbg: config: read file /usr/local/share/spamassassin/20_net_tests.cf [84550] dbg: config: read file /usr/local/share/spamassassin/20_phrases.cf [84550] dbg: config: read file /usr/local/share/spamassassin/20_porn.cf [84550] dbg: config: read file /usr/local/share/spamassassin/20_ratware.cf [84550] dbg: config: read file /usr/local/share/spamassassin/20_uri_tests.cf [84550] dbg: config: read file /usr/local/share/spamassassin/20_vbounce.cf [84550] dbg: config: read file /usr/local/share/spamassassin/23_bayes.cf [84550] dbg: config: read file /usr/local/share/spamassassin/25_accessdb.cf [84550] dbg: config: read file /usr/local/share/spamassassin/25_antivirus.cf [84550] dbg: config: read file /usr/local/share/spamassassin/25_asn.cf [84550] dbg: config: read file /usr/local/share/spamassassin/25_dcc.cf [84550] dbg: config: read file /usr/local/share/spamassassin/25_dkim.cf [84550] dbg: config: read file /usr/local/share/spamassassin/25_domainkeys.cf [84550] dbg: config: read file /usr/local/share/spamassassin/25_hashcash.cf [84550] dbg: config: read file /usr/local/share/spamassassin/25_pyzor.cf [84550] dbg: config: read file /usr/local/share/spamassassin/25_razor2.cf [84550] dbg: config: read file /usr/local/share/spamassassin/25_replace.cf [84550] dbg: config: read file /usr/local/share/spamassassin/25_spf.cf [84550] dbg: config: read file /usr/local/share/spamassassin/25_textcat.cf [84550] dbg: config: read file /usr/local/share/spamassassin/25_uribl.cf [84550] dbg: config: read file /usr/local/share/spamassassin/30_text_de.cf [84550] dbg: config: read file /usr/local/share/spamassassin/30_text_fr.cf [84550] dbg: config: read file /usr/local/share/spamassassin/30_text_it.cf [84550] dbg: config: read file /usr/local/share/spamassassin/30_text_nl.cf [84550] dbg: config: read file /usr/local/share/spamassassin/30_text_pl.cf [84550] dbg: config: read file
Re: +++Spam+++: ***SPAM*** RBLs not functioning
On Mon, 2008-05-12 at 09:38 -0400, Matt Adair wrote: [84550] dbg: config: score set 0 chosen. Somehow you have turned off network tests. Are you calling spamassassin with -L ? Do you have the following in your local.cf file? dns_available yes skip_rbl_checks 0 dns_available might also be set to test -- Daniel J McDonald, CCIE #2495, CISSP #78281, CNX Austin Energy http://www.austinenergy.com
Trouble with VBounce
Hi all,I am having trouble with VBounce. I think I followed the FAQ to the letter yet most of the backscatter still ends up in my mailbox. For example, if Ianalyzethe attached sample email (which I received this morning), I get the following:[ ]Spam detection software, running on the system "li9-234.members.linode.com", hasidentified this incoming email as possible spam. The original messagehas been attached to this so you can view it (if it isn't spam) or labelsimilar future email. If you have any questions, seeroot for details.Content preview: Your message did not reach some or all of the intended recipients. The e-mail account does not exist. Check the e-mail address or contact the recipient directly to confirm the address. "Devon Roy" [EMAIL PROTECTED]> [...]Content analysis details: (-2.0 points, 3.0 required)pts rule name description -- ---2.3 BAYES_00BODY: Bayesian spam probability is 0 to 1% [score: 0.]0.3 AWL AWL: From: address is in the auto white-listAs you see, no bounce related analysis. However some messages get filtered out as bounce (just not the one attached and quite a few of its bretheren) which tells me it's at least working a bit : X-Spam-Report: * 1.9 URIBL_AB_SURBL Contains an URL listed in the AB SURBL blocklist * [URIs: bambinidimanina.org] * 1.5 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist * [URIs: bambinidimanina.org] * 2.0 URIBL_BLACK Contains an URL listed in the URIBL blacklist * [URIs: bambinidimanina.org] * 0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60% * [score: 0.5000] * 0.1 CRBOUNCE_MESSAGE Challenge-response bounce message * 0.1 ANY_BOUNCE_MESSAGE Message is some kind of bounce messageAny idea for me ?ErikReturn-Path: X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on li9-234.members.linode.com X-Spam-Level: X-Spam-Status: No, score=-1.3 required=3.0 tests=AWL,BAYES_00 autolearn=ham version=3.2.4 X-Spam-Report: * -2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1% * [score: 0.0006] * 1.3 AWL AWL: From: address is in the auto white-list X-Original-To: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] Received: from localhost (localhost [127.0.0.1]) by li9-234.members.linode.com (Postfix) with ESMTP id 59A64F4285 for [EMAIL PROTECTED]; Mon, 12 May 2008 11:07:29 -0400 (EDT) Received: from www2.frenchguys.com [212.37.196.113] by localhost with POP3 (fetchmail-6.2.5) for [EMAIL PROTECTED] (single-drop); Mon, 12 May 2008 11:07:29 -0400 (EDT) Received: from cbxemf01sf.cov.com (smtpsf.cov.com [216.200.93.196]) by dns1.kommando.com (8.12.9/8.12.9) with ESMTP id m4CF6jr2090939 for [EMAIL PROTECTED]; Mon, 12 May 2008 17:06:45 +0200 (CEST) X-WSS-ID: 643683631RK19753055-01-02 Date: Mon, 12 May 2008 08:06:17 -0700 From: iago alamgir [EMAIL PROTECTED] To: iago alamgir [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: multipart/mixed; boundary=_-==643683631RK6487941==-_ Subject: Undeliverable - Recipient does not exist X-UIDL: EY?!%1i!C#j!UL'!! --_-==643683631RK6487941==-_ Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Your message did not reach some or all of the intended recipients. The e-mail account does not exist. Check the e-mail address or contact the recipient directly to confirm the address. Devon Roy [EMAIL PROTECTED] --_-==643683631RK6487941==-_--
Re: RBLs not functioning
Matt Adair wrote: Hoping somebody out there can help. After noticing a dramatic increase in male enhancement spam lately, I started to investigate what was going on and it would appear that none of the default RBLs are getting checked. I've done everything that I can think of and I just can't figure out what is wrong. Any help would be greatly appreciated I looks like they're getting checked. What makes you think they're not? Note: it appears your trust path is broken. You should add a trusted_networks setting manually. The IP your SA box resolves cadfx.com (which is your by clause) to should be in this. And if your SA box can't resolve cadfx.com as an A record, fix that or change what you put in your by clause to something that is resolvable. Having no internal and no trusted hosts is a bad thing. This *WILL* break all dynamic/dialup type RBLs. snip [84550] dbg: conf: trusted_networks are not configured; it is recommended that you configure trusted_networks manually [84550] dbg: received-header: parsed as [ ip=67.76.178.81 rdns=nj-67-76-178-81.sta.embarqhsd.net helo=nj-67-76-178-81.sta.embarqhsd.net by=cadfx.com ident= [EMAIL PROTECTED] intl=0 id=m48FhNO10546 auth= msa=0 ] [84550] dbg: received-header: do not trust any hosts from here on [84550] dbg: received-header: relay 67.76.178.81 trusted? no internal? no msa? no [84550] dbg: metadata: X-Spam-Relays-Trusted: [84550] dbg: metadata: X-Spam-Relays-Untrusted: [ ip=67.76.178.81 rdns=nj-67-76-178-81.sta.embarqhsd.net helo=nj-67-76-178-81.sta.embarqhsd.net by=cadfx.com ident= [EMAIL PROTECTED] intl=0 id=m48FhNO10546 auth= msa=0 ] [84550] dbg: metadata: X-Spam-Relays-Internal: [84550] dbg: metadata: X-Spam-Relays-External: [ ip=67.76.178.81 rdns=nj-67-76-178-81.sta.embarqhsd.net helo=nj-67-76-178-81.sta.embarqhsd.net by=cadfx.com ident= [EMAIL PROTECTED] intl=0 id=m48FhNO10546 auth= msa=0 ] snip Here's SA querying a bunch of RBLs.. spamhaus, dnswl, habeas, dnsbl, etc, etc. So clearly SA's trying. However, it didn't get any positive matches back on the IP address 81.178.76.67. I don't find that IP in any RBLs that SA checks, except sorbs DUL, and that's broken by your lack of a valid trust path. [84550] dbg: dns: checking RBL zen.spamhaus.org., set zen-lastexternal [84550] dbg: dns: IPs found: full-external: 67.76.178.81 untrusted: 67.76.178.81 originating: [84550] dbg: dns: only inspecting the following IPs: 67.76.178.81 [84550] dbg: dns: launching DNS A query for 81.178.76.67.zen.spamhaus.org. in background [84550] dbg: dns: checking RBL list.dnswl.org., set dnswl-firsttrusted [84550] dbg: dns: IPs found: full-external: 67.76.178.81 untrusted: 67.76.178.81 originating: [84550] dbg: dns: only inspecting the following IPs: 67.76.178.81 [84550] dbg: dns: launching DNS A query for 81.178.76.67.list.dnswl.org. in background [84550] dbg: dns: checking RBL sa-accredit.habeas.com., set habeas-firsttrusted [84550] dbg: dns: IPs found: full-external: 67.76.178.81 untrusted: 67.76.178.81 originating: [84550] dbg: dns: only inspecting the following IPs: 67.76.178.81 [84550] dbg: dns: launching DNS A query for 81.178.76.67.sa-accredit.habeas.com. in background [84550] dbg: dns: checking RBL list.dsbl.org., set dsbl-lastexternal [84550] dbg: dns: IPs found: full-external: 67.76.178.81 untrusted: 67.76.178.81 originating: [84550] dbg: dns: only inspecting the following IPs: 67.76.178.81 [84550] dbg: dns: launching DNS TXT query for 81.178.76.67.list.dsbl.org. in background [84550] dbg: dns: checking RBL sa-trusted.bondedsender.org., set bsp-firsttrusted [84550] dbg: dns: IPs found: full-external: 67.76.178.81 untrusted: 67.76.178.81 originating: [84550] dbg: dns: only inspecting the following IPs: 67.76.178.81 [84550] dbg: dns: launching DNS TXT query for 81.178.76.67.sa-trusted.bondedsender.org. in background
SA-3.2.4 overload
Upgrading from 3.1.7 to 3.2.4 resulted in my server becoming seriously overloaded. Normally I see 3 to 6 slaves running with scan times averaging 5-10 seconds. After upgrade, 10 slaves (my max setting) were busy constantly with scan time running 60 to 300 seconds. CPU utilization pegged at 100%. Typical traffic is about 10,000/day. I tried the following, but there was no significant improvement: Disabling RBL checks Disabling bayes Disabling RCVD_IN_WHOIS, RCVD_IN_WHOIS_INVALID, URIBL_COMPLETEWHOIS I installed SA-3.1.9 and processing seemed to return to normal, but I get the following error: Slave 0 stderr: Use of uninitialized value in pattern match (m//) at /usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/Message/Node.pm line 125. Running: Sendmail-8.13.8 Mimedefang-2.64 Clamav-0.92 Uvscan-4.32.0 SA is called by Mimedefang (not using spamd). Standard rulesets. Hardware: HP Proliant DL380 single CPU 2.4GHz, 4G RAM Thanks, Alan Lehman George Butler Associates, Inc. Creating Remarkable Solutions for a Higher Quality of Life Alan Lehman, P.E. Electrical/Critical Facilities Group One Renner Ridge 9801 Renner Boulevard Lenexa, KS 66219-9745 T. 913.577.8829 M. 816.210.8785 F. 913.577.8264 [EMAIL PROTECTED] www.gbutler.com CONFIDENTIALITY NOTICE: This e-mail message including attachments, if any, is intended for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. Thank you.
faked bouncebacks. what the?
I've got those: http://rafb.net/p/q3eZwd93.html anyone can see any sense in it? it uses my hostname to fake a bounceback that claims i sent a message to another faked address, while all doing that from a dialup. what's the point of that? testing spambots? -- best regards/Mit freundlichen Grüßen Arvid Ephraim Picciani
Re: Problems with sa-update
On Sat, May 10, 2008 20:37, Geoff Soper wrote:
Which looked OK from the little I know. I then checked SA and nothing
appeared to be installed:
so its not
[EMAIL PROTECTED] root]# spamassassin 21 -D --lint | grep Zlib
[14245] dbg: diag: module installed: Compress::Zlib, version 1.33
you need this to be updated now as well, from you output this may be the
problem now
[14245] dbg: diag: module not installed: IO::Zlib ('require' failed)
[EMAIL PROTECTED] root]#
Can you suggest what I might do next? I'm not at all experienced in this
so I'm very grateful for your advice and patience!
need to knwo os distro, and why rpm updates not working :/
Benny Pedersen
Need more webspace ? http://www.servage.net/?coupon=cust37098
Re: trusted mailing list subscriber spam
On Sun, May 11, 2008 22:39, mouss wrote: a +all and you are annoying us about forwarding and SPF? he, i have +all and forward nothing :) stop annoying me that spf cant be used Benny Pedersen Need more webspace ? http://www.servage.net/?coupon=cust37098
