RE: SQL DB schema issue
On May 28, 2008, at 10:38 AM, Rocco Scappatura wrote: Hello, Hello, I'm using SA with SQL support under Amavid-new. My DBMS is MySQL. I 'm preparing one another Antispam server and I ve installed the latest stable software available. I ve dumped bayes DB (schema + data) from an already working machine and I ve restore them on the new machine. How did you do this dump? Which tables did you get? Thanks for your interesting.. It was a my fault.. Infact I have noted that the 'amavis' user could not access to all bayes DB tables other then 'awl'.. Anyway, now all works fine.. Still thanks, rocsca
Re: Spam from Gmail Blogspot
Joseph Brennan wrote: Just a few months ago we did not get much spam at all from gmail. Something changed. On 28.05.08 20:24, Bob Proulx wrote: One change seems to be that Google's captcha has been broken. http://www.google.com/search?q=google+captcha+broken don't they block found pages yet? ;-) -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Honk if you love peace and quiet.
Lot of unmarked spam
We are getting lot of unmarked spam. The header is as follows: From: Feed Blaster To: [EMAIL PROTECTED] Subject: Feed Blaster puts your ad right to the screens of millions in 15 Minutes ! Date: 26 May 2008 21:42:41 -0700 Message-ID: [EMAIL PROTECTED] And the message contains: More and more people are subscribing to feeds every day and there are millions who are already subscribed. Thus, your ad will reach a very broad range of potential customers with each use of Feed Blaster! Feed Blaster is the first only submitter that can submit your ads to thousands of feeds within a few minutes! Post your ads where people read them! - What if you could place your ad into all these feeds ? Right, that would mean you would have millions of sites linking to your ad - and millions of users reading your message within minutes - and my idea actually works For Full details please read the attached .html file Usually two html files are attached. Are we the only one who are seeing this kind of spam? If not is there any rule that can be applied to stop this kind of spam? Sujit Choudhury ISLS University of Westminster This e-mail and its attachments are intended for the above named only and may be confidential. If they have come to you in error you must not copy or show them to anyone, nor should you take any action based on them, other than to notify the error by replying to the sender. -- The University of Westminster is a charity and a company limited by guarantee. Registration number: 977818 England. Registered Office: 309 Regent Street, London W1B 2UW, UK.
Re: uri rules
Randy Ramsdell wrote: How so? How does spamassassin URI check determine Kuxun.cn in a URI as opposed to someone who forgot to add a space after a sentence end? Well, CN is a rather strange word to start a sentence with, but it doesn't know the difference between an intentional domain and a lack of spacing. SpamAssassin no more selective than some email clients are. There's a word object ending in a . and a valid TLD, so it gets treated as a URI. However, it shouldn't linkify things like : experiment.see because see isn't a valid TLD. Is it because it is located within the a tag? The a tag has nothing to do with it. IIRC, the code that does this runs after all the HTML tags have been stripped out, so it cannot have anything to do with it. (i.e.: it runs on the same text that body rules see).
Re: Lot of unmarked spam
On Thu, 2008-05-29 at 11:52 +0100, Sujit Acharyya-Choudhury wrote: We are getting lot of unmarked spam. The header is as follows: From: Feed Blaster To: [EMAIL PROTECTED] Subject: Feed Blaster puts your ad right to the screens of millions in 15 Minutes ! Date: 26 May 2008 21:42:41 -0700 Message-ID: [EMAIL PROTECTED] These are just few visible headers. see the whole headers. Some email clients ( typically Micro$$oft Outlook/OWA ) do let you see headers easily, you will have to juggle a lot to get the headers Post the *full* mail on some pastebin , we could run tests against it and tell you what scores you might get
Re: can we make AWL ignore mail from self to self?
Please do remember that I am in no way trying to stop or hinder you in implementing your fix. The fact that I have other suggestions does not mean that I'm opposing you. Jo Rhett wrote: I don't trust my users in this context. Nothing I said implied or required trust in your users. A lot of work to hack around a simple problem. The AWL works just fine for mail from my users to other my users. In fact, it works exceedingly well for that. What value is there in separating them? It would create a difference (a regards the AWL) between self-self addressed mail sent from authenticated/local users ans similar mail from other systems. And considering that SpamAssassin doesn't (in many configurations) even know what recipient address a message has, it might actually be easier than having the AWL ignore mail from self-self. It also might (depedning on configuration) not require any changes at all to SpamAssassin. What alternatives? So far I've only heard (a) disable the AWL (b) don't use AWL it sucks and (c) hack the system to use different AWLs. None of which really make any logical sense to solve the problem. I also mentioned the having the AWL include the authentication state in AWL data key. As long as the MSA adds authentication info in it's received header, this could be fetched from X-Spam-Relays-Trusted pseudo header. The changes to do this would not be more difficult or invlolved than the changes necessary to exempt self-self mail from the AWL AFAICS. Also, while the adressee of a mail is often available with PerMsgStatus all_to_addrs, this function is not very reliable. It actually extracts a whole bunch of addresses that might be the recipient from the mail header. There is no guarantee that any of the returned addresses really are the recipient of the mail. So, to implement exemption of self-self-mail you first have to implement a way for SpamAssassin to know what the recipient address is in order to know if a mail is self-self-addressed. If you do implement your fix and submit it, please make it an option. I for one would turn it off since it would not improve things here. You are the first person to say so. Can you explain why? I want the AWL to apply to mail that is addressed from self-self. Since the AWL also takes the IP address into account and since all mail from authenticated/local users here comes from 127.0.0.1 to the software calling SpamAssassin, I do not have your problem here and would not benefit from your fix. While most mail addressed self-self that comes from external systems is spam, every now and then ham addressed from self-self do come in from idiotic systems and sometimes from users who for some reason is not using our servers when sending mail. The AWL as it is now does distinguish between good and bad mail that are or pretends to be from our users, and I see no reason to remove possible benefits of that distinction for mail that happens to be addressed to the same user as it's addressed from. Regards /Jonas -- Jonas Eckerman, FSDB Fruktträdet http://whatever.frukt.org/ http://www.fsdb.org/ http://www.frukt.org/
Re: rDNS none in stats with IPv6
Greg Troxel wrote: In my SA stats, the majority (+90%) of email inbound is classified as rdns_none. I have a suspicion that this is due to the IPv6-IPv4 mapped address being written into the headers when I am speaking to a non-native IPv6 MTA: Received: from unknown (HELO mail.apache.org) (:::140.211.11.2) by pearl.ibctech.ca with SMTP; 28 May 2008 09:13:00 - (I presume you are trying to make this server IPv6 only instead of dual stack. ...well, not intentionally. My intentions were/are to make this a fully dual-stacked machine that hosts my personal domain that is my first fully IPv6 compliant machine that I've configured. When my machine had a globally routable v6 address I got some mail over v6 and some over v4, but didn't used mapped addresses.) Unfortunately, I'm not intently using mapped addresses. :) I've got a hacked version of Qmail that uses Simscan to fire SA (at least I believe this is how it works). I'll need to go through the Qmail sources to find out where it's writing these mapped addresses. To be honest, I think that the work should focus on fixing the resolver (or whatever calls the resolver) to extract the IPv4 address out of the mapped address, instead of eliminating the mapped address entirely. There are legitimate needs to use mapped addresses. It seems that your SMTP listener is not correctly doing reverse dns lookups of mapped addresses, How can I identify *exactly* what is my SMTP 'listener', and how DNS is called, and by what? and I'm not sure what the right fix is. Either the SMTP code should notice the mapped address, pull out the v4 address, and look it up, or the resolver should do this automaticall I agree. I personally think that the mapped address should remain in the header however. Although I've never tested sending to a mapped address directly, I'll have to...it would be interesting to see how a return to a mapped address ends up if my IPv4 BGP peers go down, but my IPv6 stays up. (generally pretty hard core about this sort of thing), Nice to meet you, I am very much as well (particularly IP and routing :) dig -x :::140.211.11.2 returns NXDOMAIN on a query of ;2.0.b.0.3.d.c.8.f.f.f.f.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. IN PTR so I'd guess that it's not a normal expectation for a resolver to extract the mapped address. No, I see the exact same thing via FBSD, but seems right. I've been going over the resolver code itself lately, so I'll have a look. Perhaps it could be fixed right there, and then the SMTP engine (or anything else that relies on DNS) could stay the same. After the lookup issue is fixed, the received header would have the hostname. This is why I didn't know if it were appropriate for the SA list... essentially, I would like to follow up on where in my infrastructure this is broken :) Just think, I set out to set up a simple mail server on IPv6. While doing so, I've written more patches for software in the last week than I have my whole life...and I'm not even a programmer ;) Thanks for the input. Steve
RE: Lot of unmarked spam
As requested full header is as follows: Microsoft Mail Internet Headers Version 2.0 Received: from isls-mx20.wmin.ac.uk ([161.74.14.113]) by isls-exch-be-1.intranet.wmin.ac.uk with Microsoft SMTPSVC(6.0.3790.3959); Tue, 27 May 2008 05:42:34 +0100 Received: from [124.236.241.119] (helo=gmail.com) by isls-mx20.wmin.ac.uk with esmtp (Exim 4.60) (envelope-from [EMAIL PROTECTED]) id 1K0r17-0005Sm-8b for [EMAIL PROTECTED]; Tue, 27 May 2008 05:42:34 +0100 Reply-To: [EMAIL PROTECTED] From: Feed Blaster To: [EMAIL PROTECTED] Subject: Feed Blaster puts your ad right to the screens of millions in 15 Minutes ! Date: 26 May 2008 21:42:41 -0700 Message-ID: [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: multipart/mixed; boundary==_NextPart_000_0012_DAA36BB7.FAA31CFA Return-Path: [EMAIL PROTECTED] X-OriginalArrivalTime: 27 May 2008 04:42:34.0297 (UTC) FILETIME=[14BC6A90:01C8BFB4] --=_NextPart_000_0012_DAA36BB7.FAA31CFA Content-Type: text/plain Content-Transfer-Encoding: 8bit --=_NextPart_000_0012_DAA36BB7.FAA31CFA Content-Type: text/html; name=Full_Details.htm Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=Full_Details.htm --=_NextPart_000_0012_DAA36BB7.FAA31CFA Content-Type: text/html; name=Unsubscribe.htm Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=Unsubscribe.htm --=_NextPart_000_0012_DAA36BB7.FAA31CFA-- Sujit Choudhury ISLS University of Westminster This e-mail and its attachments are intended for the above named only and may be confidential. If they have come to you in error you must not copy or show them to anyone, nor should you take any action based on them, other than to notify the error by replying to the sender. -Original Message- From: ram [mailto:[EMAIL PROTECTED] Sent: 29 May 2008 12:16 To: Sujit Acharyya-Choudhury Cc: users@spamassassin.apache.org Subject: Re: Lot of unmarked spam On Thu, 2008-05-29 at 11:52 +0100, Sujit Acharyya-Choudhury wrote: We are getting lot of unmarked spam. The header is as follows: From: Feed Blaster To: [EMAIL PROTECTED] Subject: Feed Blaster puts your ad right to the screens of millions in 15 Minutes ! Date: 26 May 2008 21:42:41 -0700 Message-ID: [EMAIL PROTECTED] These are just few visible headers. see the whole headers. Some email clients ( typically Micro$$oft Outlook/OWA ) do let you see headers easily, you will have to juggle a lot to get the headers Post the *full* mail on some pastebin , we could run tests against it and tell you what scores you might get -- The University of Westminster is a charity and a company limited by guarantee. Registration number: 977818 England. Registered Office: 309 Regent Street, London W1B 2UW, UK.
Re: rDNS none in stats with IPv6
Received: from unknown (HELO mail.apache.org) (:::140.211.11.2) by pearl.ibctech.ca with SMTP; 28 May 2008 09:13:00 - Can someone inform me if this is an SA thing, and if so, where to begin looking/testing with the source to correct this issue? The Received headers are parsed in Received.pm. Hmmm...just out of curiosity, what is the first entry below used for, if Resolver.pm is used for header checks? pearl# locate Resolver.pm /usr/local/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/DnsResolver.pm /usr/local/lib/perl5/site_perl/5.8.8/mach/Net/DNS/Resolver.pm Steve
Re: rDNS none in stats with IPv6
Hmmm...just out of curiosity, what is the first entry below used for, if Resolver.pm is used for header checks? pearl# locate Resolver.pm /usr/local/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/DnsResolver.pm /usr/local/lib/perl5/site_perl/5.8.8/mach/Net/DNS/Resolver.pm ...nevermind, sorry for the noise. Steve
RE: Lot of unmarked spam
On Thu, May 29, 2008 15:15, Sujit Acharyya-Choudhury wrote: As requested full header is as follows: Microsoft Mail Internet Headers Version 2.0 Received: from isls-mx20.wmin.ac.uk ([161.74.14.113]) by isls-exch-be-1.intranet.wmin.ac.uk with Microsoft SMTPSVC(6.0.3790.3959); Tue, 27 May 2008 05:42:34 +0100 Received: from [124.236.241.119] (helo=gmail.com) by isls-mx20.wmin.ac.uk with esmtp (Exim 4.60) (envelope-from [EMAIL PROTECTED]) id 1K0r17-0005Sm-8b for [EMAIL PROTECTED]; Tue, 27 May 2008 05:42:34 +0100 Reply-To: [EMAIL PROTECTED] From: Feed Blaster To: [EMAIL PROTECTED] Subject: Feed Blaster puts your ad right to the screens of millions in 15 Minutes ! Date: 26 May 2008 21:42:41 -0700 Message-ID: [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: multipart/mixed; boundary==_NextPart_000_0012_DAA36BB7.FAA31CFA Return-Path: [EMAIL PROTECTED] X-OriginalArrivalTime: 27 May 2008 04:42:34.0297 (UTC) FILETIME=[14BC6A90:01C8BFB4] envelope seams to come from gmail.com so spf can reject this spam since its not sent from gmail servers http://www.openspf.org/Why?s=mfrom[EMAIL PROTECTED]ip=161.74.14.113r=westminster.ac.uk Benny Pedersen Need more webspace ? http://www.servage.net/?coupon=cust37098
Re: Lot of unmarked spam
On Thu, May 29, 2008 15:15, Sujit Acharyya-Choudhury wrote: As requested full header is as follows: Microsoft Mail Internet Headers Version 2.0 Received: from isls-mx20.wmin.ac.uk ([161.74.14.113]) by isls-exch-be-1.intranet.wmin.ac.uk with Microsoft SMTPSVC(6.0.3790.3959); Tue, 27 May 2008 05:42:34 +0100 Received: from [124.236.241.119] (helo=gmail.com) by isls-mx20.wmin.ac.uk with esmtp (Exim 4.60) (envelope-from [EMAIL PROTECTED]) id 1K0r17-0005Sm-8b for [EMAIL PROTECTED]; Tue, 27 May 2008 05:42:34 +0100 Reply-To: [EMAIL PROTECTED] From: Feed Blaster To: [EMAIL PROTECTED] Subject: Feed Blaster puts your ad right to the screens of millions in 15 Minutes ! Date: 26 May 2008 21:42:41 -0700 Message-ID: [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: multipart/mixed; boundary==_NextPart_000_0012_DAA36BB7.FAA31CFA Return-Path: [EMAIL PROTECTED] X-OriginalArrivalTime: 27 May 2008 04:42:34.0297 (UTC) FILETIME=[14BC6A90:01C8BFB4] On 29.05.08 15:39, Benny Pedersen wrote: envelope seams to come from gmail.com so spf can reject this spam since its not sent from gmail servers http://www.openspf.org/Why?s=mfrom[EMAIL PROTECTED]ip=161.74.14.113r=westminster.ac.uk which means you should turn on SPF control, and I recommend even DKIM and other newtwork rules (razor, pyzor, uribl and DCC if you can) -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Nothing is fool-proof to a talented fool.
Re: rDNS none in stats with IPv6
I've added debugging code to new_dns_packet() and bgsend() (DnsResolver.pm) to print out $host, $type and $class to a log file. What I found is that the mapped address entries are not even seen by DnsResolver.pm at all, hence, there is no DNS lookup even attempted on them. I'm off to find out where exactly the evaluation/gathering of the IP addresses takes place, and try to design a regex that will take the ::: into consideration properly. What I'd like to have happen is the mapped address sent merrily along all the way to the system resolver, then have the system resolver do what needs to be done. Am I taking the right approach here? Or should I have the IPv4 address stripped out of the v6 mapped address prior to pushing it through the Perl resolver gateways? Steve
Re: rDNS none in stats with IPv6
Steve Bertrand wrote: I've added debugging code to new_dns_packet() and bgsend() (DnsResolver.pm) to print out $host, $type and $class to a log file. What I found is that the mapped address entries are not even seen by DnsResolver.pm at all, hence, there is no DNS lookup even attempted on them. Hmmmwhat's worse that I just found out is that *NO* IPv6 addresses are being seen by DnsResolver.pm at all. Steve
Re: rDNS none in stats with IPv6
First, I would advise you not to use mapped addresses unless you really need to use them. On BSD, there's a sysctl to control whether v4 connections will match v6 sockets: net.inet6.ip6.v6only = 1 Best practice seems to be to have daemons open a v4 and v6 socket separately, and avoid mapped addresses. This will get you out of inverse resolving v6 ipv4-mapped addresses, and get you out of teaching SA to extract v4 addresses for checks from the mapped addresses. Then, there's the issue about getting your MTA to resolve v6 addresses. To be honest, I think that the work should focus on fixing the resolver (or whatever calls the resolver) to extract the IPv4 address out of the mapped address, instead of eliminating the mapped address entirely. There are legitimate needs to use mapped addresses. Well, you are of course welcome to that. I think it will prove harder than avoiding mapped addresses.
Razor timeout
Hello, Did anyone experience razor timeout today ? I saw my spools grew and grew up, and saw that spamassassin took very long time to check messages. I tried to disable plugin after plugin and saw that the problem came from razor. Any feedback would be appreciate. Tanks by advance. Sebastien
Re: Razor timeout
Sébastien AVELINE wrote: Hello, Did anyone experience razor timeout today ? I saw my spools grew and grew up, and saw that spamassassin took very long time to check messages. I tried to disable plugin after plugin and saw that the problem came from razor. Any feedback would be appreciate. Tanks by advance. Sebastien I noticed the same behavior. Decreased the razor timeout to prevent queues from increasing too much. Seems to be back in business now however. /Lukas
Re: Razor timeout
Lukas Garberg a écrit : Sébastien AVELINE wrote: Hello, Did anyone experience razor timeout today ? I saw my spools grew and grew up, and saw that spamassassin took very long time to check messages. I tried to disable plugin after plugin and saw that the problem came from razor. Any feedback would be appreciate. Tanks by advance. Sebastien I noticed the same behavior. Decreased the razor timeout to prevent queues from increasing too much. Seems to be back in business now however. /Lukas Ok thanks, I'll try that on Monday.
Freemail Domains DNS Lookup
I now have a name based DNS lookup for freemail domains. If anyone finds this useful let me know. example: dig yahoo.com.freemaildomains.junkemailfilter.com
DNS ISP Host List Available
I've also created a DNS based list of domains that provide consumer dynamic IP address space. I'm using this list internally but thought I'd make it public in case others can use it. Trying to inspire innovation. Example: dig comcast.com.isphosts.junkemailfilter.com This list was created by grabbing the registry barrier part of the domain name of IPs from other DNS lists that list the IPs as dynamic.
Re: DNS ISP Host List Available
Marc Perkel wrote: I've also created a DNS based list of domains that provide consumer dynamic IP address space. I'm using this list internally but thought I'd make it public in case others can use it. Trying to inspire innovation. Example: dig comcast.com.isphosts.junkemailfilter.com This list was created by grabbing the registry barrier part of the domain name of IPs from other DNS lists that list the IPs as dynamic. how about an rsync access? such lists do not change often, so rsync seems a better API.
Re: DNS ISP Host List Available
On Thu, May 29, 2008 20:52, Marc Perkel wrote: Here's my list in dnsrbl format. I only do rsync so far to paid subscribers or people who I'm trading with. could you atleast stop posting html on maillist ? the list is around 60k and the recieved email here is doubled to 129k :// Benny Pedersen Need more webspace ? http://www.servage.net/?coupon=cust37098
SARE_SPOOF included in base rules?
I just got an email that hit the following:
* 2.0 SPOOF_COM2OTH URI: URI contains .com in middle
* 2.3 SPOOF_COM2COM URI: URI contains .com in middle and end
* 2.5 SARE_SPOOF_COM2OTH URI: a.com.b.c
* 2.5 SARE_SPOOF_COM2COM URI: a.com.b.com
Did the SARE_SPOOF rules get included in the base ruleset while I wasn't
looking?
The rule definitions are almost the same.
uri SARE_SPOOF_COM2OTH m{^https?://(?:\w+\.)+?com\.(?:\w+\.)+?com}i
uri SPOOF_COM2OTH m{^https?://(?:\w+\.)+?com\.(?:\w+\.){2}}i
uri SPOOF_COM2COM m{^https?://(?:\w+\.)+?com\.(?:\w+\.)+?com}i
uri SARE_SPOOF_COM2COM m{^https?://(?:\w+\.)+?com\.(?:\w+\.){2,}}i
--
Bowie
Re: SARE_SPOOF included in base rules?
From: Bowie Bailey [EMAIL PROTECTED] Date: Thu, 29 May 2008 15:25:36 -0400 To: Spamassassin List (E-mail) users@spamassassin.apache.org Subject: SARE_SPOOF included in base rules? SPOOF_COM2OTH Been a couple of weeks I think. You are running sa-update, right. I remember seeing that rule in my list of 'duplicates' when I ran some diagnostics a while back. Also, I downloaded latest 70_sare_spoof.cf and its still there, so I manually removed them from my copy. -- Michael Scheidell, CTO |SECNAP Network Security Winner 2008 Network Products Guide Hot Companies FreeBSD SpamAssassin Ports maintainer _ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.spammertrap.com _
Re: Lot of unmarked spam
We are getting lot of unmarked spam. The header is as follows: From: Feed Blaster To: [EMAIL PROTECTED] Subject: Feed Blaster puts your ad right to the screens of millions in 15 Minutes ! Date: 26 May 2008 21:42:41 -0700 Message-ID: [EMAIL PROTECTED] Reject if the From field has no @ in it. That knocked out the one (1) of these that we saw here yesterday. Joseph Brennan Columbia University Information Technology
Re: Lot of unmarked spam
On Thu, May 29, 2008 21:52, Joseph Brennan wrote: Reject if the From field has no @ in it. That knocked out the one (1) of these that we saw here yesterday. the from was not envelope sender, but yes one could make a header rule for this in spamassassin :-) postfix cant see the From: in header test Benny Pedersen Need more webspace ? http://www.servage.net/?coupon=cust37098
Re: DNS ISP Host List Available
Marc Perkel wrote: Here's my list in dnsrbl format. I only do rsync so far to paid subscribers or people who I'm trading with. snip Dude. Seriously. The data is appreciated but next time please post it on a website or something. Your mail pissed off my smart phone! It might not be the best device out there but it normally works for me. I'm more disgruntled about the frozen device than the email itself so feel free to wallop me with a frozen trout or whatever. --Blaine
Re: Spam from Gmail Blogspot
Matus UHLAR - fantomas wrote: I think it's more about spammers, law and security of (mostly) home computers. In my employer's company we also notice spam increase from our network etc. and google as free mail provider is also just the victim. Victims? IMNTBHO, if a company is going to provide free email services, which are going to be exploited as much as possible by spammers, then they either need to actively police it, secure it from abuse (whatever that takes) or stop. Otherwise they are part of the problem. Relaying spam as they do is unacceptable. If us little guys have a server relaying spam, they will block us in a heartbeat and think nothing of it Chris
Whitelisting via MySQL
How can I set-up a whitelist via MySql.so SA does not check those addresses that are legit. Any help will much appreciated. Jeremy Davila Systems Administrator Direct: 646-205-2136 The LanguageWorks, Inc. 1123 Broadway, Suite 201 New York, NY 10010 The LanguageWorks, Inc. is an ISO 9001:2000 certified company which: Facilitates global communication by providing foreign language translation, editing, proofreading, and cultural analysis. Additional services include on-site interpreting and document review, foreign language page layout, conversion of web sites into multiple languages, and multilingual voice-overs for radio spots and video productions. CONFIDENTIALITY NOTICE: The information in this E-Mail may be confidential and may be legally privileged. It is intended solely for the addressee(s). If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on this E-Mail, is prohibited and may be unlawful. If you have received this E-Mail message in error, notify the sender by reply E-Mail and delete the message.image/gifimage/gifimage/gif
Re: Whitelisting via MySQL
On Thu, 29 May 2008, [EMAIL PROTECTED] wrote: How can I set-up a whitelist via MySql.so SA does not check those addresses that are legit. Any help will much appreciated. If you don't want SA to check legit addresses, then you need to whitelist them in whatever passes the message to SA for scoring (MTA, milter, procmail, etc.). If you use some facility within SA to whitelist, then you can't avoid SA processing the message - you may be able to minimize the processing through shortcutting, but SA is still processing the message. So, what exactly gives the message to SA for scoring in your environment? Tell us that, and we may be able to provide specific suggestions. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ [EMAIL PROTECTED]FALaholic #11174 pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Have you ever seen a more scarily useless group of people running for president?-- [EMAIL PROTECTED] --- 159 days until the Presidential Election
Re: DNS ISP Host List Available
Blaine Fleming wrote: Marc Perkel wrote: Here's my list in dnsrbl format. I only do rsync so far to paid subscribers or people who I'm trading with. snip Dude. Seriously. The data is appreciated but next time please post it on a website or something. Your mail pissed off my smart phone! It might not be the best device out there but it normally works for me. are you using an old imode phone :) The message was about 125Ko. That's less than a small photo (I say this because that's what a smartphone is for, no?). I'm more disgruntled about the frozen device than the email itself so feel free to wallop me with a frozen trout or whatever. --Blaine hope this mail is ok :)
Re: DNS ISP Host List Available
Marc Perkel wrote: I've also created a DNS based list of domains that provide consumer dynamic IP address space. I'm using this list internally but thought I'd make it public in case others can use it. Trying to inspire innovation. Example: dig comcast.com.isphosts.junkemailfilter.com This list was created by grabbing the registry barrier part of the domain name of IPs from other DNS lists that list the IPs as dynamic. NJABL PBL already provide this, AND they are already part of SpamAssassin AND they work quite well. So, while you are 'trying to inspire innovation', you should take note of this potential problem: http://www.rhyolite.com/anti-spam/you-might-be.html Ken -- Ken Anderson Pacific.Net
Re: Whitelisting via MySQL
We use exim as a MTA. But our legit e-mail get tagged as spam . So I wanted to dump our frequent e-mailers and pump into MySql so they can get bypassed. I am using the whitelist_from email command in the local.cf file. and that has over 12K entries . The legit email addresses that I specified are still getting tagged. I am still new to SA and Exim. I hope this answer your question , and I do appreciate your response/help . Thanks again . Jeremy Davila Systems Administrator Direct: 646-205-2136 The LanguageWorks, Inc. 1123 Broadway, Suite 201 New York, NY 10010 The LanguageWorks, Inc. is an ISO 9001:2000 certified company which: Facilitates global communication by providing foreign language translation, editing, proofreading, and cultural analysis. Additional services include on-site interpreting and document review, foreign language page layout, conversion of web sites into multiple languages, and multilingual voice-overs for radio spots and video productions. CONFIDENTIALITY NOTICE: The information in this E-Mail may be confidential and may be legally privileged. It is intended solely for the addressee(s). If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on this E-Mail, is prohibited and may be unlawful. If you have received this E-Mail message in error, notify the sender by reply E-Mail and delete the message. John Hardin [EMAIL PROTECTED] 05/29/2008 05:03 PM To [EMAIL PROTECTED] cc users@spamassassin.apache.org Subject Re: Whitelisting via MySQL On Thu, 29 May 2008, [EMAIL PROTECTED] wrote: How can I set-up a whitelist via MySql.so SA does not check those addresses that are legit. Any help will much appreciated. If you don't want SA to check legit addresses, then you need to whitelist them in whatever passes the message to SA for scoring (MTA, milter, procmail, etc.). If you use some facility within SA to whitelist, then you can't avoid SA processing the message - you may be able to minimize the processing through shortcutting, but SA is still processing the message. So, what exactly gives the message to SA for scoring in your environment? Tell us that, and we may be able to provide specific suggestions. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ [EMAIL PROTECTED]FALaholic #11174 pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Have you ever seen a more scarily useless group of people running for president?-- [EMAIL PROTECTED] --- 159 days until the Presidential Election image/gifimage/gifimage/gif
Re: DNS ISP Host List Available
Ken A wrote: Marc Perkel wrote: I've also created a DNS based list of domains that provide consumer dynamic IP address space. I'm using this list internally but thought I'd make it public in case others can use it. Trying to inspire innovation. Example: dig comcast.com.isphosts.junkemailfilter.com This list was created by grabbing the registry barrier part of the domain name of IPs from other DNS lists that list the IPs as dynamic. NJABL PBL already provide this, AND they are already part of SpamAssassin AND they work quite well. So, while you are 'trying to inspire innovation', you should take note of this potential problem: http://www.rhyolite.com/anti-spam/you-might-be.html Ken They have name based lists? Show me where.
Re: DNS ISP Host List Available
On Thu, 29 May 2008, Ken A wrote: http://www.rhyolite.com/anti-spam/you-might-be.html So how is a proponent of the Hunt down and kill spammers very messily FUSSP classified? -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ [EMAIL PROTECTED]FALaholic #11174 pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Have you ever seen a more scarily useless group of people running for president?-- [EMAIL PROTECTED] --- 159 days until the Presidential Election
Re: Whitelisting via MySQL
On Thu, 29 May 2008, [EMAIL PROTECTED] wrote: We use exim as a MTA. But our legit e-mail get tagged as spam. So I wanted to dump our frequent e-mailers and pump into MySql so they can get bypassed. I am using the whitelist_from email command in the local.cf file. and that has over 12K entries . The legit email addresses that I specified are still getting tagged. 12k whitelisted names?! I would suggest that whitelisting is not the solution you want to be pursuing quite yet. Do you understand _why_ so many of your legitimate correspondents' messages are being scored as spammy by SA? Would it be possible to post a few representative messages (raw format, all headers intact) to a website somewhere so that we can get some idea of whether or not the spammy scores are reasonable? Also, be aware that whitelist_from is a last resort as the From: address is trivially easy to forge. I am still new to SA and Exim. I hope this answer your question , and I do appreciate your response/help . Well, _I_ can't personally help you with exim, but somebody else may if MTA whitelisting turns out to be an appropriate course of action. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ [EMAIL PROTECTED]FALaholic #11174 pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Have you ever seen a more scarily useless group of people running for president?-- [EMAIL PROTECTED] --- 159 days until the Presidential Election
Re: DNS ISP Host List Available
mouss wrote: are you using an old imode phone :) The message was about 125Ko. That's less than a small photo (I say this because that's what a smartphone is for, no?). Samsung SCH-i760 on Verizon that takes forever to download mail so when something longer than about 4k comes in it takes a while. Doesn't really freeze the phone but it doesn't exactly respond well either. It works...mostly. hope this mail is ok :) Not a problem! --Blaine
Re: DNS ISP Host List Available
John Hardin wrote: So how is a proponent of the Hunt down and kill spammers very messily FUSSP classified? In the US, they would be classified as a felon. --Blaine
Re: DNS ISP Host List Available
On Thu, 29 May 2008, Blaine Fleming wrote: John Hardin wrote: So how is a proponent of the Hunt down and kill spammers very messily FUSSP classified? In the US, they would be classified as a felon. Nah, I think that one falls under praiseworthy. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ [EMAIL PROTECTED]FALaholic #11174 pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Have you ever seen a more scarily useless group of people running for president?-- [EMAIL PROTECTED] --- 159 days until the Presidential Election
