Re: Long scan times with ctyme.ixhash.net
Wolfgang Zeikat schrieb: > Do others also see that effect with ctyme.ixhash.net? yes, thats why i added ixhash_timeout 10 to my configuration (maybe hardware/bandwith on ctyme will be upgraded) regards jd signature.asc Description: OpenPGP digital signature
Re: Replies from Yahoo rejected by SA
dougp23 schrieb: I'm stumped!! Here's some headers from our most recent test: look at your sendmail configuration or maybe some of your milter settings ... thats not spamassassin ... /jd
Re: iXhash zone transfer?
Rosenbaum, Larry M. schrieb: Is it possible to get zone transfers of the iXhash data? you can get the zone, if you made it available to the hole world ... and you need to handle ixfr ... just ask them for more information! \jd
Re: RDJ 404's
hi Leigh, Leigh Sharpe schrieb: I'm getting 404 errors on my RulesDuJour, for whatever rule I have listed first in the config. If I remove the offending rule from the config, I get a 404 on whatever rule is next in the list. All other rules are OK. Can anybody offer any explanation of why? Just an Idea Download Policy: You can download each and every ruleset once per 24 hour period per IP address. If you try to download the rulesets too often, you will receive an error message. If you are downloading rulesets from many locations behind a proxy, please set up your own ruleset repository for your clients. Again: One single download of every file per 24 hours per IP address. \jd
Re: Scantime on messages
Per Jessen schrieb: It could be caused by DNS lookups taking longer. That would be my guess for anything taking more than 5 seconds. try to use a local dns cache ... helps here to fasten up mail scanning! \jd
Re: Writing a rule to access SA ClamAV Plugin Header
Hi there, OliverScott schrieb: > There is a SpamAssassin plugin which checks messages with ClamAV, which adds > the following header to emails it processes: > > X-Spam-Virus: Yes ($VirusName) > > http://wiki.apache.org/spamassassin/ClamAVPlugin the plugin is running here too, but it doesn't add this header, might there a problem with my Spamassassin Version? SpamAssassin version 3.1.7 running on Perl version 5.8.4 cause i'm not able to use Scoring depending on the String in Scoring. kind regards \jd signature.asc Description: OpenPGP digital signature
Re: Spamassassin memory problem
just an idea, did you use awl ? if so, try it and disable it ... that was probleme here some time before ... \jd signature.asc Description: OpenPGP digital signature
Re: Rule that negative scores emails from blackberry.com, not spoofers
Hiya, Kelly Jones schrieb: > Reason I want to do this: by default, Blackberry sends text email > MIME-encoded and its timezone is +. This means it gets dinged by > the MIME_BASE64_TEXT rule AND the LW_STOCK_SPAM4 which is defined as: > > meta LW_STOCK_SPAM4 __RATWARE_0_TZ_DATE && MIME_BASE64_TEXT If Timezone differs from Blackberry Server, it will also Trigger INVALID_DATE cause the Header will look like this: --- cut --- Date: Fri, 8 Dec 2006 14:58:27 + GMT --- cut --- > Has anyone else run into this issue and/or written a rule to compensate? I'm just a little bit frustrated that a company can constrain technicans to find a way that there "broken" things are going to work ... Maybe i'll use whitelist_from or something like this. Not sure quit at the moment if i realy want this ... why not try to force blackberry to send "good" mails ? \jd signature.asc Description: OpenPGP digital signature
Re: SPF detection making mistakes
Bret Miller wrote: > Huh?? 223.1.1.12? Is 213.165.64.20 part of your trusted networks? no, it's not .. this is Dial-UP IP from T-Online, Second Line is the "normal" gmx network, "my" Network start an mx0.webpack.hosteurope.de > Actually the doc for the SPF module says "trusted_networks" but > shouldn't it be checking "internal_networks" instead? on the mx0.webpack.hosteurope.de is the Spamassassin running, and the hole IP-Range is in internal_network. Should it be in trusted_networks too ? > Anyway, it fails because it's checking the wrong IP because it thinks > you received it at one stage earlier that you did. That's likely because > either or both of trusted_networks and internal_networks are not > correctly set. As I understand this correct the IP-Range of mx0.webpack.hosteurope.de should announce in the config as internal an trusted network ? \jd signature.asc Description: OpenPGP digital signature
SPF detection making mistakes
Hi there, i'm getting some problems with the spamassassin spf modul (Mail::SpamAssassin::Plugin::SPF) maybe i can resolve this problem by asking the list. Please take a look at this header: --- start cut --- Return-path: <[EMAIL PROTECTED]> Delivery-date: Sun, 17 Dec 2006 10:45:20 +0100 Received: by wp030.webpack.hosteurope.de running Exim 4.43 using esmtp from mi012.mc1.hosteurope.de ([80.237.138.243]); id 1Gvsa8-0007VG-JW; Sun, 17 Dec 2006 10:45:20 +0100 Received: by mx0.webpack.hosteurope.de (80.237.138.5, mi012.mc1.hosteurope.de) running EXperimental Internet Mailer (even more power) using smtp from mail.gmx.net ([213.165.64.20]) id 1Gvsa6-0005C2-As for [EMAIL PROTECTED]; Sun, 17 Dec 2006 10:45:20 +0100 Received: (qmail invoked by alias); 17 Dec 2006 09:45:18 - Received: from pD9E05917.dip.t-dialin.net (EHLO [223.1.1.128]) [217.224.89.23] by mail.gmx.net (mp034) with SMTP; 17 Dec 2006 10:45:18 +0100 X-Authenticated: #202980 From: "just a name" <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Date: Sun, 17 Dec 2006 10:45:33 +0100 MIME-Version: 1.0 Subject: test Reply-to: [EMAIL PROTECTED] Message-ID: <[EMAIL PROTECTED]> Priority: normal X-mailer: Pegasus Mail for Windows (4.41) Content-type: text/plain; charset=ISO-8859-1 Content-transfer-encoding: Quoted-printable Content-description: Mail message body X-Y-GMX-Trusted: 0 X-HE-Virus-Scanned: yes X-HE-Spam-Level: ++ X-HE-Spam-Score: 2.5 X-HE-Spam-Report: Content analysis details: (2.5 points) pts rule name description --- -- -- 2.1 HELO_DYNAMIC_DIALIN Relay HELO'd using suspicious hostname (T-Dialin) 0.2 SPF_FAILSPF: sender does not match SPF record (fail) [SPF failed: Please see http://spf.pobox.com/why.html?sender=xxx%40gmx.de&ip=223.1.1.12 8&receiver=mi012.mc1.hosteurope.de] 0.2 RCVD_ILLEGAL_IP Received: contains illegal IP address Envelope-to: [EMAIL PROTECTED] --- end cut --- As you can see, the spf check fail, but in my understanding if should pass without a failure. This mail was sent via dial-in and smtp-auth ... how can i modify the spf modul that this will check this kind of header correct ? Thanks for help. \jd signature.asc Description: OpenPGP digital signature
Re: too high score from DNSBL
hiya, vertito schrieb: > which catches my attention. Yes, it is not spam, but a score of 3.0 from > DNSBL is a little > bit high for me. anybody can advise how can i lower them down? just change scoring ... best is in your local.cf or a new .cf that you name scoring.cf (for example). there you but the rulename and your scoring. mine looks like: --- cat z_local_scoring.cf -- ## customized scores ## # DUL List (lower Score) score RCVD_IN_SORBS_DUL 0.5 score RCVD_IN_NJABL_DUL 0.5 score HELO_DYNAMIC_IPADDR 1.2 score HELO_DYNAMIC_DHCP 1.2 - cat end --- just am example ! Just take a look in the Header of your mis-scored Mails. \jd signature.asc Description: OpenPGP digital signature
