Re: blocking Asian IPs?
You might want to take a look at this: http://www.blackholes.us/ Very useful for inclusion into RBLs if you so desire. I myself am not very keen at all on blocking entire countries, but the option is there if you need/want it. Regards, Martyn Andy Spiegl wrote: Hi Carlo, back in May you wrote: Moreover, you might want to firewall (or reject their mail otherwise before it reaches spamassassin) all of South Korea and all of China -- that will reduce the ammount of spam you receive with about 99% ... So, it is more than worth it. When I read this I thought it's overkill but in the meantime and after looking at my logs (not only from SA but also ssh-attacks) I DO think that it's a good idea to block these IPs. Is the list of IPs you had included deducted from you logfiles or did you find a somewhat official list of networks in Asia? Do you maybe already have an updated list? There is one Korean IP that's bothering me incredibly these days with hundreds of thousands of ssh-connections: 220.65.232.100 But I didn't find it on your list although it's Korean. So maybe I just misunderstood you. Thanks in advance, Andy. -- Martyn Drake http://www.drake.org.uk http://www.drake.org.uk/hosting http://www.ourlittleduckling.com
Re: RDJ from cron - is it safe?
John Horne wrote: We have been running RDJ manually, but are now considering running it via cron. The problem is what if something 'goes wrong'? This is on a central mailhub, and we do not want the mail going through un-spam checked. I gather others do run RDJ from cron, so the question is have there been problems doing this? When there has been a problem (since RDJ lints the rules before attempting a restart IIRC) any problematic updated rules didn't get installed and everything kept on running as it should. As such, I've not experienced any problems on a live system running RDJ from cron. Regards, Martyn -- Martyn Drake http://www.drake.org.uk http://www.ourlittleduckling.com
Re: Good way to get spammed?
Mick Szucs wrote: I'm trying to get some spam delivered to my filter boxes so I can gauge their effectiveness on a day to day basis. Though it seems that I've got no trouble getting spam I don't want, I'm not having a lot of luck getting spam now that I do want it. Just post something (anything!) to Usenet and watch the amount of spam come flooding in (eventually). Regards, Martyn -- Martyn Drake http://www.drake.org.uk http://www.imdb.com/name/nm1279160/
Re: Comparison of SA and commercial solutions
Steven Dickenson wrote: You might be able to get your security group to take responsibility for it. Many enterprises now consider first-line email servers something of an application-level proxy, particularly first-line servers that handle spam and malware filtering. In these cases, they're usually handled by the security department. I handle the security for the most part. However, it's a decision that's out of my hands. Besides which if things do go wrong I can't take any of the blame for it ;) I would imagine given the choice of an Exchange front-end server vs. a Linux-based SMTP gateway, they'd jump for the later. Absolutely. But the in thing these days is shared calendars. Yes, there is indeed many solutions that can be implemented in Linux but (a) the IT department doesn't have much Linux experience if at all, (b) the users of the shared calendaring system are mainly Windows users running Outlook anyway and (c) the email/communication systems is more of an IT thing than the department that I work for (we manage production systems rather than IT related stuff - the only reason we ended up running the mail system was due to the IT's lack of Linux/mail server experience so many years ago). M.
Re: Comparison of SA and commercial solutions
JamesDR wrote: As far as ease of setup? When I first started with SA I was more of the doze admin than the Linux admin. I've been doing Linux stuff since around 1996/1997 and have my own dedicated server that I get to ruin^H^H^H^play with before rolling it across work-related matters. I'd been using SpamAssassin for some time in a personal capacity and in fact it was probably one of my first suggestsions at work that we use it. The typical argument of having people maintain it versus an appliance did come into play. Ironically, after many years of faithful Linux use we're going down the Exchange route and mail handling to be given over to another department. I doubt we'll see a SA Linux box there. Oh well. I'm used to disapointments over the years, so it wasn't too much of a surprise to me. As for upkeep, SA hasn't given me much work to do to be quite honest. It pretty much runs itself and the mail server hasn't so much as bulked with the workload yet. I've never had any complaints about it's ability to detect/catch spam or false positives. And has been said by a few others - you can't buy the kind of support (of which many of the appliance vendors wanted outrageous sums to be given over to them) that you get here or mostly any other public mailing list/forum/newsgroup for that matter. M.
Re: Comparison of SA and commercial solutions
Lima Union wrote: Any idea how many 'commercial solutions' depend on SA ? The Barracuda does IIRC and doesn't MessageLabs also use SA (amongst other things)? Regards, Martyn
Re: Comparison of SA and commercial solutions
Aecio F. Neto wrote: Is there any *good* and *trustable* comparison between SA and other commercial solutions? I looked into a few dedicated commercial spam appliances, but most (but not all) of which used a customised version of SpamAssassin as part of their detection process anyway. MessageLabs was outrageously expensive, and we didn't particularly want to have mail going through third-party servers. In the end it was far better to do it myself with SpamAssassin, RDJ, limited RBL and a few other tweaks, and that's how it's been so far. Regards, Martyn -- Martyn Drake http://www.drake.org.uk http://www.imdb.com/name/nm1279160/
RE: www.rulesemporium.com
Martin Hepworth wrote on 07 December 2004 10:49: Did you forget to re-register the domain It's registered until October 2005 (according to the WHOIS lookup), so I would doubt that's the issue grin. The nameservers are not letting up their secrets - it's returning a big fat nowt when querying them. Regards, Martyn
RE: www.rulesemporium.com
jdow wrote on 07 December 2004 10:59: Fascinating - whois doesn't even report a vistage of the name. {^_^} [EMAIL PROTECTED] [~]# whois rulesemporium.com [Querying whois.internic.net] [Redirected to whois.enom.com] [Querying whois.enom.com] [whois.enom.com] Registration Service Provided By: NxTek Solutions Inc Contact: [EMAIL PROTECTED] Visit: http://www.nxtek.net Domain name: rulesemporium.com Administrative Contact: NxTek Solutions Inc NxTek Solutions ([EMAIL PROTECTED]) +1.2606728816 Fax: +1.2606728816 577 Geiger Dr Roanoke, IN 46783 US Billing Contact: NxTek Solutions Inc NxTek Solutions ([EMAIL PROTECTED]) +1.2606728816 Fax: +1.2606728816 577 Geiger Dr Roanoke, IN 46783 US Technical Contact: NxTek Solutions Inc NxTek Solutions ([EMAIL PROTECTED]) +1.2606728816 Fax: +1.2606728816 577 Geiger Dr Roanoke, IN 46783 US Registrant Contact: NxTek Solutions Inc NxTek Solutions ([EMAIL PROTECTED]) +1.2606728816 Fax: +1.2606728816 577 Geiger Dr Roanoke, IN 46783 US Status: Locked Name Servers: ns1.nxtek.net ns2.nxtek.net Creation date: 16 Oct 2003 17:25:32 Expiration date: 16 Oct 2005 17:25:32
RE: www.rulesemporium.com
Owen McShane wrote on 07 December 2004 11:04: That Status: Locked doesn't look too good. I always thought that was the register lock so that nobody can make changes to the domain name (i.e. change nameservers) until the domain has been unlocked. It's an anti-abuse system. Normally you would have to login to your domain registrar's control panel, set the domain to unlock, make whatever changes you need and then lock the domain again. Neither the root servers or the two referenced in the above lookup know nothing about the domain, so it's totally up the creek... Indeed it is - perhaps somebody accidently nuked the zone from the nameserver by accident :) M.
RulesDuJour web site?
Hi, What's happened to the RulesDuJour site? Unfortunately not able to access it as it seems to have disapeared off the face of the Earth! http://www.exit0.us/index.php?pagename=RulesDuJour redirects to beta.exit0.us and that doesn't exist as a host: [EMAIL PROTECTED] [~]# host beta.exit0.us Host beta.exit0.us not found: 3(NXDOMAIN) Does anybody have a mirror or copy of the script? Regards, Martyn
RE: RulesDuJour web site?
Thanks to all - now up and running just fine :) Regards, Martyn Martyn Drake wrote on 01 December 2004 18:57: Hi, What's happened to the RulesDuJour site? Unfortunately not able to access it as it seems to have disapeared off the face of the Earth! http://www.exit0.us/index.php?pagename=RulesDuJour redirects to beta.exit0.us and that doesn't exist as a host: [EMAIL PROTECTED] [~]# host beta.exit0.us Host beta.exit0.us not found: 3(NXDOMAIN) Does anybody have a mirror or copy of the script? Regards, Martyn
Forwarding emails as attachements - what effect on sa-learn?
Quick question on presenting messages to sa-learn for processing - is it sufficient to forward message(s) as attachments to an mbox under /var/spool/mail and running sa-learn --spam or sa-learn --ham on it? If not, is there a better way for Outlook users (and those without bounce or redirect options) to send spam to an mbox? Regards, Martyn