Re: Experimental - use my server for your high fake MX record
Jo Rhett wrote: On May 21, 2008, at 1:44 PM, mouss wrote: Good. Time for qmail to die ;-) start by updating the RFCs. The RFCs are, and have always been clear on how MX records are supposed to be used. Different people interpret when a delivery attempt succeeds differently. [Insults removed]
Re: AW: Re: MailChannels Traffic Control (fwd)
Jo Rhett wrote: On May 21, 2008, at 1:08 PM, mouss wrote: I read every document on their website, and saw zero mentions of this feature. if you can't find the docs that others have read, and still accuse them of lack of research, there is a word for this: ridiculous. There's nothing on that site. It's on another site nobody mentioned. It's not my job to find all references. And I'm not saying people should find *ALL* references, I'm saying that people should taking 1-2 minutes to read what the person is actually suggesting/implementing, rather than disregarding the product/idea/whatever publically without any clear understanding of what it does. and who told you I did not check what they do? I may have got it wrong as I said before, but this is no reason for you to jump into insults.
Re: MailChannels Traffic Control
Personally, I am tired of this entire thread. It has nothing to do with SA, so PLEASE move it to the MailChannels discussion forums or lists. Jo Rhett wrote: I'm tired of wasting time with this pointless conversation. Just stop making authoritative statements about products you haven't researched.
Re: dsbl.org dying?
Robert - elists writes: From: mouss http://www.dnsbl.com/ I have never paid attention to it so... questions.. Was dsbl.org widely used? In general, is it considered a major and necessary dnsbl tool for the war against spam? Does anyone have any idea how much sustained bandwidth in and out that it took to run the main dsbl.org host? Just wondering if it might be worth throwing an some cold spare commercial server hardware we have laying around at it... I would suggest that'd be a great idea, if they're interested in using it. ;) Here's my take on dsbl nowadays. Going by http://ruleqa.spamassassin.org/20080517-r657323-n/RCVD_IN_DSBL/detail , it appears that it's still quite worthwhile: 6.18% of spam hit with 0.01% of nonspam, for 99.8% effectiveness. It's also good at hitting low-scoring spam if you look at the score-map; the peak is at a score of 4 SpamAssassin points. The overlaps with other rules are interesting, too: OVERLAP WITH FULL RULES: overlap spam: 83% of RCVD_IN_DSBL hits also hit RAZOR2_CHECK; 6% of RAZOR2_CHECK hits also hit RCVD_IN_DSBL overlap spam: 83% of RCVD_IN_DSBL hits also hit RCVD_IN_PBL; 7% of RCVD_IN_PBL hits also hit RCVD_IN_DSBL overlap spam: 83% of RCVD_IN_DSBL hits also hit URIBL_BLACK; 6% of URIBL_BLACK hits also hit RCVD_IN_DSBL overlap spam: 81% of RCVD_IN_DSBL hits also hit RAZOR2_CF_RANGE_51_100; 6% of RAZOR2_CF_RANGE_51_100 hits also hit RCVD_IN_DSBL overlap spam: 76% of RCVD_IN_DSBL hits also hit RAZOR2_CF_RANGE_E8_51_100; 6% of RAZOR2_CF_RANGE_E8_51_100 hits also hit RCVD_IN_DSBL overlap spam: 75% of RCVD_IN_DSBL hits also hit URIBL_JP_SURBL; 6% of URIBL_JP_SURBL hits also hit RCVD_IN_DSBL overlap spam: 66% of RCVD_IN_DSBL hits also hit HTML_MESSAGE; 6% of HTML_MESSAGE hits also hit RCVD_IN_DSBL overlap spam: 62% of RCVD_IN_DSBL hits also hit RCVD_IN_BL_SPAMCOP_NET; 6% of RCVD_IN_BL_SPAMCOP_NET hits also hit RCVD_IN_DSBL overlap spam: 61% of RCVD_IN_DSBL hits also hit RCVD_IN_XBL; 6% of RCVD_IN_XBL hits also hit RCVD_IN_DSBL overlap spam: 59% of RCVD_IN_DSBL hits also hit URIBL_OB_SURBL; 6% of URIBL_OB_SURBL hits also hit RCVD_IN_DSBL overlap spam: 58% of RCVD_IN_DSBL hits also hit RCVD_IN_SORBS_DUL; 9% of RCVD_IN_SORBS_DUL hits also hit RCVD_IN_DSBL overlap spam: 58% of RCVD_IN_DSBL hits also hit URIBL_SC_SURBL; 6% of URIBL_SC_SURBL hits also hit RCVD_IN_DSBL overlap spam: 52% of RCVD_IN_DSBL hits also hit RDNS_DYNAMIC; 7% of RDNS_DYNAMIC hits also hit RCVD_IN_DSBL So it's definitely providing useful data for SpamAssassin. --j.
Re: Transition to new server - internal_networks?
On 20.05.08 12:46, Shelley Waltz wrote: I am moving from old smtp(MX)/amavisd/spamassassin server to a new smtp(MX)/amavisd/spamassassin server I will be forwarding particular users email from the old server to the new server as they are moved by using an alias in /etc/postfix/aliases. I wish the new server to receive the forwarded mail from the old server and treat it as though it was external, ie., filter it and deliver to mailbox on new server. It was suggested by the postfix users to use the internal_networks configuration to accomplish this. Do you really understand the concept of internal and trusted networks? I have old server which is a trusted host(relays spam, but does not originate spam) which has IP aaa.bbb.ccc.11. This host is also a MX for my domain. I have a new server which is a trusted host and a MX for my domain which has IP aaa.bbb.ccc.12. so, in the /etc/mail/spamassassin/local.cf on new server I would put trusted_networks 127.0.0.1 trusted_networks aaa.bbb.ccc.0/24 !my class C internal_networks 127.0.0.1 internal_networks aaa.bbb.ccc.11! old server/MX putting localhost into those is not needed. the new server should have in trusted and internal networks everything the old server has, plus IP address of the old server. -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. I intend to live forever - so far so good.
Re: Google docs spam
Arvid Ephraim Picciani wrote: On Wednesday 21 May 2008 12:12:11 ram wrote: Spammer is using the docs page with a id from google. Atleast google should have a decent abuse reporting s ystem this is new. spammers are fast :( This mail went by almost clean, Are there any rules I am missing https://ecm.netcore.co.in/tmp/spamgd.txt same here. 0.0 points. (without bayes) The spamsource is still not listet anywhere. Reporting to spamcop might be an option. Looks like a czech dialup, i wonder why they are not listet in the PBL. Maybe one can write a rule for those: Received: from [77.48.35.201] (unknown [10.10.1.25]) by smtp-sfn.sitkom.cz (atre there any dnsbls for reserved IPS?) do you means bogons. There is bogons.cymru.org. See http://www.team-cymru.org/Services/Bogons/
RE: AW: Re: AW: Re: MailChannels Traffic Control (fwd)
http://www.snertsoft.com/smtp/smtpf/ Okay, this link wasn't available to me. I googled the term you provided and only found the FLS site. They had no links to this data. Possible. Next time you want to suggest that someone didn't research, you should be explicit with your links. Up to this point in time I tried to be very nice. Not sure I will be any longer. At least try to follow your own thread. There is one person who started pointing fingers and suggested that the rest of the world is not doing research. Unless I am missing a lot of mails this person was/is you. You could not find the information, ok. Granted. You asked and got the pointer from me. However, not finding the necessary detailed information you jumped to conclusions and claimed that BarricadeMX was not able to do things. Note the difference: I (and others) say things like I can find no information on MailChannels site indicating that they do xyz. You say BarricadeMX is not able to do xyz. Clear now? Probably not I am afraid. Funny: Now that you have the information proving you are wrong you do not say so. Interesting move. As afar as the slowdown is concerned, there aren't false positives. That is true in theory. Maybe you define false positives differently than others. There are tons of damn stupid MTAs out there (and stupid e-mail admins as well) that are not able to communicate according to the RFCs. These MTAs sometimes are not able to deliver mail into tarpitting/slowdown systems. Technically that is not a false positive. In reality a perfectly valid mail is not able to be delivered. Mangers tend to think of those as false positives. Saying slowdown does never under any circumstances cause false positives is plain wrong. Moreover you yourself keep pointing out that they are not only slowing down and tarpitting. So there are other techniques (e.g. their reputation system) that can cause false positives. Oh and thanks for not answering my backscatter problem. No answer sometimes is an answer. :-) Read the text! Which one? I was kind enough to provide the links you asked for. Return the favour: What text on their website will enlighten me and tell me exactly (!) what they are doing so I can judge their efforts without having to try it? People: maybe. I did not do so. So if you want to accuse them, go ahead but leave me out of this loop. Please provide a link which describes what exactly they are doing. The things I could find justify peoples statements a bit since most of what I read can indeed be done with standard MTAs. Then they use a reputation network (in the commercial version only?) so they do not have to do the interesting tests themselve on the box. If I failed to see the magic of the product please enlighten me and please apologize. Apologize for what? Oh my god. Where to start? For starters: - Your tone? - Your accusation that I and others are not doing any sort of research? The top-level links on the website provided the Information you claim isn't there. You asked and got the detailed information. What else do you want? All I am saying is: Do not jump to conclusions and tell me that a product (in this case BarricadeMX) does not have specific features. Say could not find the information. Do not say cannot do xyz. I accept your accusation about my research IF you can please point me to a document on FSL's website which addresses slowing down TCP sessions. I can't find it. So I provided the link. This means you accept my accusation? Fine. Your memory wasn't laid out to anyone else. Lacking your memory in my search pool, I used Google. Even Google might have pointed out the site btw. But that is beside the point and I agree they could make the documentation more easily available. I'm tired of wasting time with this pointless conversation. Agreed. Just stop making authoritative statements about products you haven't researched. Strange. I thought I keep telling you exactly this! I did do research. I keep asking questions you do not answer. I say probably is not able to (not authoritative) while you make false authoritative statements. You really do not see this, do you? Let's stop this here before it unnecessarily get's messy. You believe in MailChannel, I do not (maybe some more detailed information will convince me). That's fine. Everybody is free to use whatever we like. Cheer up and enjoy the day. Regards, JP
RE: MailChannels Traffic Control (fwd)
2: can be bypassed in greylist on that fact #1 Both of these are addressed by Mailchannels. But what to do when an unknown mail server contacts you is different in the approach. greylist effectiveness is down to less than 10% effective at this point, because the botnets know to retry now. FYI: Use intelligent greylisting with hashing functionality. I even know of a product supporting this. Take a wild guess. :-) And it's effectiveness with greylisting is far beyond 10% even with retrying botnets.
RE: AW: Re: MailChannels Traffic Control (fwd)
And Mailchannels isn't implementing slow replies. That's what I'm trying to say. It is slowing the TCP session, not slowing the responses. FYI: So are other products (at least one). And slowing down TCP sessions will hit ISPs as well btw. but that's a different stories. Oh and btw: Putting me on your personal blacklist is really mature! :-) It shows how interested you are in a discussion.
Re: How to use private rules?
On Wed, 2008-05-21 at 01:17 +0200, Michelle Konzack wrote:
I am ongoing to install a new server for (currently) 43 users
[...]
I can not use private rules and if I call it with
|/usr/bin/spamassassin
incoming batch-spam can kill the server which must be responsible under
any circumstands...
True. Using spamc is *much* more efficient, and highly recommended.
However, allow_user_rules 1 isn't an option in this case, and not
recommended anyway.
How can I solv this problem?
Note: Some of the $USER have tonns of custom rules and since
they are working for them, they wan to use it... :-)
Given the small-ish number of users, there is a way to do this. However,
it may result in quite some administrative overhead, depending on the
frequency of changes.
You simply could aggregate these custom rules in server wide $user.cf
files, with a *default* score of 0. Each user now can enable the rules
he wants by assigning it a non-zero score in user_prefs.
Since you mentioned tons of custom rules per user, I assume there are
third party, non user-written rules as well. If so, there is the
additional benefit of not maintaining (und updating) multiple copies.
HTH
guenther -- barely awake, having his first coffee
--
char *t=[EMAIL PROTECTED];
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;il;i++){ i%8? c=1:
(c=*++x); c128 (s+=h); if (!(h=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Vars for Custom Plugins
Can someone point me to a list and description of vars available to plugins. I know a couple like $pms-get(to) , etc but there's also to:addr. I'm looking for some sort of reference that tell me what the differences are? Also how to just get a clean to address. I've notice that may mailing lists will put their name in the to which screw me up. Any help would be much appreciated. Rick
Re: Vars for Custom Plugins
On Thu, May 22, 2008 at 08:57:37AM -0400, Rick Duval wrote: Can someone point me to a list and description of vars available to plugins. I know a couple like $pms-get(to) , etc but there's also to:addr. I'm looking for some sort of reference that tell me what the differences are? $pms-get() is a function, not a variable. :) Take a look at perldoc Mail::SpamAssassin::PerMsgStatus for the functions from PerMsgStatus. -- Randomly Selected Tagline: Only your father could take a part-time job at a small town paper, and wind up the target of international assassins. - Marge Simpson, Guess Who's Coming to Criticize Dinner pgp0POGkYVqUA.pgp Description: PGP signature
Re: can we make AWL ignore mail from self to self?
Jo Rhett wrote: I'm not -- my Treo delivers mail directly to my mail server. From DHCP-assigned addresses all over the world. I enjoy travel ;-) Then I guess you use authenticated SMTP for that. The easiest way to handle this probably is to simply avoid calling SA for authenticated mail. Another way to do it would be to use different AWLs, or disabling AWL, for mail from your own users (either authenticated or locally submitted). This makes a lot of sense to me. A more involved change would be to have the AWL store the authentication state as well as mail address and relay IP/16. When scanning mail from your own users using the same AWL database as for for mail to your users, this seems necessary to me. Regards /Jonas -- Jonas Eckerman, FSDB Fruktträdet http://whatever.frukt.org/ http://www.fsdb.org/ http://www.frukt.org/
Splitting cc:'s
If I have customer per user filtering I need ot have separate emails to work upon but if a email comes cc'd to 3 people at the same domain is there a way to handle that? Exim is my MTA, perhaps a way to have it generated multiple copies? Rick
RE: Splitting cc:'s
You can do this with an incestuous call to exim. Make this your first
router:
split:
driver = accept
domains = the.domains.you.want.to.do.this.for
condition = ${if eq {$received_protocol}{split}{no}{yes}}
transport = send_to_self
no_verify
Add this transport:
send_to_self:
driver = pipe
batch_max = 1
use_bsmtp
command = /usr/sbin/exim -oMr split -bS
user = exim
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick
Duval
Sent: 22 May 2008 16:29
To: users@spamassassin.apache.org
Subject: Splitting cc:'s
If I have customer per user filtering I need ot have separate emails to
work upon but if a email comes cc'd to 3 people at the same domain is
there a way to handle that?
Exim is my MTA, perhaps a way to have it generated multiple copies?
Rick
**
Confidentiality : This e-mail and any attachments are intended for the
addressee only and may be confidential. If they come to you in error
you must take no action based on them, nor must you copy or show them
to anyone. Please advise the sender by replying to this e-mail
immediately and then delete the original from your computer.
Opinion : Any opinions expressed in this e-mail are entirely those of
the author and unless specifically stated to the contrary, are not
necessarily those of the author's employer.
Security Warning : Internet e-mail is not necessarily a secure
communications medium and can be subject to data corruption. We advise
that you consider this fact when e-mailing us.
Viruses : We have taken steps to ensure that this e-mail and any
attachments are free from known viruses but in keeping with good
computing practice, you should ensure that they are virus free.
Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU,
United Kingdom
**
Re: Multiple X-Envelope-From and SPF
On Fri, May 9, 2008 08:55, ram wrote: On Fri, 2008-05-09 at 01:44 +0200, Benny Pedersen wrote: On Thu, May 8, 2008 23:19, mouss wrote: configure postfix to replace previous ones /^(X\-Envelope\-From:.*)/ REPLACE X-$1 envelope from can here be forged Precisely what I am afraid of. But the issue is whatever header I use for envelope-from all of them can be trivially forged I am trying replacing all the X-Envelope headers before sending them to scan servers what mta do you use ? postfix uses Return-Path as envelope sender header Benny Pedersen Need more webspace ? http://www.servage.net/?coupon=cust37098
Re: can we make AWL ignore mail from self to self?
On May 22, 2008, at 7:29 AM, Jonas Eckerman wrote: Jo Rhett wrote: I'm not -- my Treo delivers mail directly to my mail server. From DHCP-assigned addresses all over the world. I enjoy travel ;-) Then I guess you use authenticated SMTP for that. The easiest way to handle this probably is to simply avoid calling SA for authenticated mail. That's a hack with consequences. Like just disable the firewall. Uh, no ;-) Lots of users of this host have Windows PCs, and running SA on all outbound mail has both alerted them quickly to the problem and avoided nailing other people with spam and/or virus runs. Another way to do it would be to use different AWLs, or disabling AWL, for mail from your own users (either authenticated or locally submitted). This makes a lot of sense to me. Have no my own users except me ;-) And disabling AWL entirely is again a hack. Let's focus on a fix. A more involved change would be to have the AWL store the authentication state as well as mail address and relay IP/16. When scanning mail from your own users using the same AWL database as for for mail to your users, this seems necessary to me. Again, this seems to be a lot of work for no real gain. What I have proposed makes sense for widespread use. Why hack/slash/burn when a good fix would improve it for everyone? -- Jo Rhett Net Consonance : consonant endings by net philanthropy, open source and other randomness
Re: can we make AWL ignore mail from self to self?
Jo Rhett wrote: That's a hack with consequences. Like just disable the firewall. Uh, no ;-) Lots of users of this host have Windows PCs, and running SA on all outbound mail has both alerted them quickly to the problem and avoided nailing other people with spam and/or virus runs. Something seems out of order here. First, even if this isn't what you meant, I must set the record straight... requiring SMTP password-authentication is NOT a hack. Instead, that is a security feature. I'm not sure if you meant that differently, but I state this just to be on the safe side. Second, you do require SMTP authentication, right? Because not doing so would likely open up your server as an open relay. Additionally, the vast majority of the spams and viruses that you referred to would not have a chance of using your server to nail other people with spams or viruses if you required SMTP authentication. Most not-large-isp mail servers do just fine NOT spam filtering SMTP password-authenticated messages with many years going by between any single incident of a spam or virus being sent from that server. The main reason larger ISPs must do some spam filtering on their outbound mail sent from members of that ISP is because (a) they do NOT use SMTP password-authentication and, instead, allow relaying simply based on the message originating from a particular block of IPs (very bad form... but the large ISPs can't find an easy way to convert millions of users over to SMTP authentication). If that is your situation, then I probably stand corrected as far as your situation is concerned. ..OR.. (b) they are a heavily abused service.. such as freemail providers where criminals sign up to try to send spam. Therefore, they should do outbound filtering even on authenticated mail. Otherwise, SMTP password-authenticated e-mail should almost always not be filtered, or be minimally filtered. Rob McEwen
Re: can we make AWL ignore mail from self to self?
On Thu, 22 May 2008, Jo Rhett wrote:
Then I guess you use authenticated SMTP for that.
The easiest way to handle this probably is to simply avoid calling SA for
authenticated mail.
That's a hack with consequences. Like just disable the firewall. Uh, no
;-)
Lots of users of this host have Windows PCs, and running SA on all outbound
mail has both alerted them quickly to the problem and avoided nailing other
people with spam and/or virus runs.
Genuine curiosity Jo, have you seen instances of viruses/trojans sending
-authenticated- mail? Have they learned how to read users' passwords, etc?
We require our PC users to authenticate when sending and I had assumed
that would stop viruses/trojans. Am I being naive?
--
Dave Funk University of Iowa
dbfunk (at) engineering.uiowa.eduCollege of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_adminIowa City, IA 52242-1527
#include std_disclaimer.h
Better is not better, 'standard' is better. B{
trying allow email from a specific email address
hi, i had a look for this issue but (surprisingly) couldn't find an answer in the forum i have this rule: header toSupport_MYCORP To =~ /[EMAIL PROTECTED]/i describe toSupport_MYCORP Sent to our support alias score toSupport_MYCORP -2 but i get this in my logs: [16923] warn: Possible unintended interpolation of @mycorp in string at /etc/mail/spamassassin/myRules.cf, rule toSupport_MYCORP, line 1. [16923] warn: rules: failed to compile head tests, skipping: isn't escaping the @ enough to get this rule functional thx! -- View this message in context: http://www.nabble.com/trying-allow-email-from-a-specific-email-address-tp17412748p17412748.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: can we make AWL ignore mail from self to self?
At 13:23 22-05-2008, Dave Funk wrote: We require our PC users to authenticate when sending and I had assumed that would stop viruses/trojans. Am I being naive? No. But it's only one extra step for malware to capture SMTP authentication information. Regards, -sm
Re: trying allow email from a specific email address
smcbutler wrote: header toSupport_MYCORP To =~ /[EMAIL PROTECTED]/i [16923] warn: Possible unintended interpolation of @mycorp in string at /etc/mail/spamassassin/myRules.cf, rule toSupport_MYCORP, line 1. isn't escaping the @ enough to get this rule functional It should be enough. Therefore I have to ask the question. Did you restart your spamd after making that change? It appears that it is still running using the unescaped configuration from before your last edit. This would be a common trap for people. Try restarting your spamd. Try running spamassassin --lint to check the current rules. Hope that is it! :-) Bob
Re: How to output Debugged Lint to file
Is it possible that this --allowplugins was somehow disrupting the sa-update as now that I have removed it my rules are being used again (which may mean that they are back up to day?) Kate Theo Van Dinter wrote: On Thu, May 22, 2008 at 09:57:49AM +1200, Kathryn Kleinschafer wrote: Any reason for the non-default --allowplugins? One of the channels - Open Protect required it If you use SA versions 3.2.0 or above, use the following command: *sa-update --allowplugins --gpgkey D1C035168C1EBC08464946DA258CDB3ABDE9DC10 --channel saupdates.openprotect.com*, That doesn't mean they require it, that just means they told you to use it. It also means you open yourself up to possible security attacks, which is why it's disabled by default. I'm not saying it's bad if you trust the channel to not screw you, but ...
Re: Message-ID validation rule
Which rule is checking to see that the Message-ID line has a TLD after the @ ?
Re: can we make AWL ignore mail from self to self?
On May 22, 2008, at 12:42 PM, Rob McEwen wrote: First, even if this isn't what you meant, I must set the record straight... requiring SMTP password-authentication is NOT a hack. Instead, that is a security feature. I'm not sure if you meant that differently, but I state this just to be on the safe side. Second, you do require SMTP authentication, right? Because not doing so would likely open up your server as an open relay. Rob, please read what you reply to. I've been doing SMTP AUTH since before we got it standardized. I said that disabling running SA for SMTP-AUTH users is a hack much like disabling a firewall and I won't do it. -- Jo Rhett Net Consonance : consonant endings by net philanthropy, open source and other randomness
Re: can we make AWL ignore mail from self to self?
On May 22, 2008, at 1:23 PM, Dave Funk wrote: Lots of users of this host have Windows PCs, and running SA on all outbound mail has both alerted them quickly to the problem and avoided nailing other people with spam and/or virus runs. Genuine curiosity Jo, have you seen instances of viruses/trojans sending -authenticated- mail? Have they learned how to read users' passwords, etc? We require our PC users to authenticate when sending and I had assumed that would stop viruses/trojans. Am I being naive? Yes, you are. Most of the viri use the existing Outlook configuration, which includes the user's saved SMTP AUTH passwords. Like I said, SA has saved our butt each time it happened. I wouldn't say that without it having happened multiple times... -- Jo Rhett Net Consonance : consonant endings by net philanthropy, open source and other randomness
Re: AW: Re: MailChannels Traffic Control (fwd)
On May 21, 2008, at 1:08 PM, mouss wrote: I read every document on their website, and saw zero mentions of this feature. if you can't find the docs that others have read, and still accuse them of lack of research, there is a word for this: ridiculous. Jo Rhett wrote: There's nothing on that site. It's on another site nobody mentioned. It's not my job to find all references. And I'm not saying people should find *ALL* references, I'm saying that people should taking 1-2 minutes to read what the person is actually suggesting/implementing, rather than disregarding the product/idea/ whatever publically without any clear understanding of what it does. On May 22, 2008, at 1:18 AM, mouss wrote: and who told you I did not check what they do? I may have got it wrong as I said before, but this is no reason for you to jump into insults. mouss, read your own words. You threw insults (there's a word for this). There isn't a single insult in what I said? I'm sorry, but you are effing nuts. Not an insult, a factual observation of your psychopathic behavior. -- Jo Rhett Net Consonance : consonant endings by net philanthropy, open source and other randomness
Razor suddenly throwing errors.
Anyone have any ideas? Just started cropping up a few ago. James May 22 16:05:32 myshield spamd[2914]: razor2: razor2 check failed: Invalid argument razor2: razor2 had unknown error during get_server_info at /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Plugin/Razor2.pm line 188. at /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Plugin/Razor2.pm line 326.
Re: trying allow email from a specific email address
Bob Proulx wrote: smcbutler wrote: header toSupport_MYCORP To =~ /[EMAIL PROTECTED]/i [16923] warn: Possible unintended interpolation of @mycorp in string at /etc/mail/spamassassin/myRules.cf, rule toSupport_MYCORP, line 1. isn't escaping the @ enough to get this rule functional It should be enough. Therefore I have to ask the question. Did you restart your spamd after making that change? It appears that it is still running using the unescaped configuration from before your last edit. This would be a common trap for people. Try restarting your spamd. Try running spamassassin --lint to check the current rules. Hope that is it! :-) yes, that seemed to be problem :( thx Bob! -- View this message in context: http://www.nabble.com/trying-allow-email-from-a-specific-email-address-tp17412748p17415251.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: trying allow email from a specific email address
On Thu, May 22, 2008 22:27, smcbutler wrote: header toSupport_MYCORP To =~ /[EMAIL PROTECTED]/i header toSupport_MYCORP To =~ /[EMAIL PROTECTED]/i Benny Pedersen Need more webspace ? http://www.servage.net/?coupon=cust37098
Re: trying allow email from a specific email address
On Fri, May 23, 2008 00:58, smcbutler wrote: yes, that seemed to be problem :( no the regexp is olso wroung since . oldso need \. Benny Pedersen Need more webspace ? http://www.servage.net/?coupon=cust37098
Re: Experimental - use my server for your high fake MX record
Marc Perkel wrote: Jo Rhett wrote: On May 7, 2008, at 9:17 AM, mouss wrote: what if he comes back later to the same MX, again and again (AFAIK, this is the case with qmail)? mail will be lost. snarky comment Good. Time for qmail to die ;-) /snarky comment Agreed. Qmail should die! Why? R.
Re: Razor suddenly throwing errors.
On Thursday 22 May 2008 5:08 pm, James Lay wrote: Anyone have any ideas? Just started cropping up a few ago. James May 22 16:05:32 myshield spamd[2914]: razor2: razor2 check failed: Invalid argument razor2: razor2 had unknown error during get_server_info at /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Plugin/Razor2.pm line 188. at /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Plugin/Razor2.pm line 326. I also had been getting razor2.pm errors as shown below, however, I upgraded to version 2.84 of razor-agents this week and the errors seemed to have stopped. Maybe an upgrade would help? [16283] warn: reporter: razor2 report failed: No such file or directory reporter: razor2 had unknown error during authenticate at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Plugin/Razor2.pm line 217, GEN2 line 1. at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Plugin/Razor2.pm line 326. -- Chris KeyID 0xE372A7DA98E6705C pgpNI9Z7OEvnY.pgp Description: PGP signature
Temp fail not working...
Hello all. My spamass-milter INPUT_MAIL_FILTER config in sendmail is as follows: INPUT_MAIL_FILTER(`spamassassin',`S=local:/var/run/spamass.sock,F=T, ...)dnl Yet when I test this feature by manually shutting down spamassassin (service spamassassin stop), I still receive messages. Shouldn't they be temp failed? What I see in the logs is 3 failed attempts by spamass-milter (spamc) to connect to spamassassin (spamd) after which sendmail delivers the message to the recipient: May 23 13:57:43 mail spamc[10285]: connect(AF_INET) to spamd at 127.0.0.1 failed, retrying (#1 of 3): Connection refused May 23 13:57:44 mail spamc[10284]: connect(AF_INET) to spamd at 127.0.0.1 failed, retrying (#3 of 3): Connection refused May 23 13:57:44 mail spamc[10285]: connect(AF_INET) to spamd at 127.0.0.1 failed, retrying (#2 of 3): Connection refused May 23 13:57:45 mail spamc[10284]: connection attempt to spamd aborted after 3 retries May 23 13:57:45 mail spamc[10285]: connect(AF_INET) to spamd at 127.0.0.1 failed, retrying (#3 of 3): Connection refused May 23 13:57:46 mail sendmail[10287]: STARTTLS=client, relay=server.mydomain.local., version=TLSv1/SSLv3, verify=FAIL, cipher=RC4-MD5, bits=128/128 May 23 13:57:46 mail sendmail[10287]: m4N3va6b010268: to=[EMAIL PROTECTED], delay=00:00:06, xdelay=00:00:00, mailer=smtp, pri=127244, relay=server.mydomain.local. [10.1.1.2], dsn=2.0.0, stat=Sent ( [EMAIL PROTECTED] Queued mail for delivery) I absolutely need to have all messages scanned for SPAM - too much of it in our domains! What can I do to rectify this issue? Server config: OS - Red Hat Enterprise Linux AS 4 (Nahant) Sendmail - 8.13.1-2 spamass-milter - 0.3.1 spamassassin - 3.1.7 (2006-10-05) Perl - 5.8.5-12 Cheers, AK.
RE: Temp fail not working...
-Original Message- From: Anthony Kamau [mailto:[EMAIL PROTECTED] Sent: Friday, 23 May 2008 2:07 PM To: users@spamassassin.apache.org Subject: Temp fail not working... I absolutely need to have all messages scanned for SPAM - too much of it in our domains! What can I do to rectify this issue? After further diagnosis, it appears that if I keep spamassassin running but busy enough not to respond to new connections, then new connections will be temp failed. Maybe I have it all wrong, but I'd think that one would like it to temp fail whether or not spamassassin is running!!! Can someone please set me on the straight and narrow, please? It is killing me when I get all sorts of complaints from my users when they get spam that is not tagged! Company policy dictates that all mail is delivered as long as it is scanned for spam and viruses! Cheers, AK.
Re: trying allow email from a specific email address
hi, i had a look for this issue but (surprisingly) couldn't find an answer in the forum i have this rule: header toSupport_MYCORP To =~ /[EMAIL PROTECTED]/i describe toSupport_MYCORP Sent to our support alias score toSupport_MYCORP -2 SA does that with settings: more_spam_to [EMAIL PROTECTED] or all_spam_to [EMAIL PROTECTED]
Re: Temp fail not working...
-Original Message- From: Anthony Kamau [mailto:[EMAIL PROTECTED] Sent: Friday, 23 May 2008 2:07 PM To: users@spamassassin.apache.org Subject: Temp fail not working... I absolutely need to have all messages scanned for SPAM - too much of it in our domains! What can I do to rectify this issue? After further diagnosis, it appears that if I keep spamassassin running but busy enough not to respond to new connections, then new connections will be temp failed. Maybe I have it all wrong, but I'd think that one would like it to temp fail whether or not spamassassin is running!!! Can someone please set me on the straight and narrow, please? It is killing me when I get all sorts of complaints from my users when they get spam that is not tagged! Company policy dictates that all mail is delivered as long as it is scanned for spam and viruses! Cheers, AK. Do you have -x in your call to spamc? man spamc -x, --no-safe-fallback Disables the 'safe fallback' error-recovery method, which passes through the unaltered message if an error occurs. Instead, exit with an error code, and let the MTA queue up the mails for a retry later. See also EXIT CODES.
