OT: Setting Up DNSBL using RBLDNSD
Has anyone any tips on doing this? I do not want to mirror existing data (I already am :) ) I want to setup my own DNSBL to catch the junk that the other DNSBLS miss.. The only tutorials / guides I've found either refer explicitly to Bind or make reference to rbldns-conf, which doesn't appear to exist on Ubuntu Any tips, thoughts or even flames are welcome TIA Michele Mr Michele Neylon Blacknight Solutions http://www.blacknight.ie/ http://blog.blacknight.ie/ Intl. +353 (0) 59 9183072 UK: 0870 163 0607
OT: Misuse of spamcop
Some intelligent individual decided to report two emails that were sent to this list including my signature and URI to our company website. The email was obviously not spam and reporting it as such to spamcop is extremely irresponsible. If you have an issue with my email signature feel free to whine at me offlist or elsewhere, but reporting it as spam is serious BS Michele
RE: Using SpamAssassin to fight comment spam?
Ole Kasper Olsen mailto:[EMAIL PROTECTED] said on 11 January 2006 13:36: Hi, I am a developer on a fairly large community site (30-50,000 active users) with blogs, photo albums and forums. I spent yesterday tinkering with a spam prevension system which runs each new comment to a blog post or image in a photo album through SpamAssassin. I take the provided comment, and assemble a RFC822-compliant message based on the users IP address and sender and reciever's registered email addresses, and then run it through Mail::SpamAssassin (the Perl module) with default settings. This seems to work. At least it intercepts the test-message provided in the SpamAssassin documentation. This system requires me to have a utility where people can mark spam as ham in the case of SpamAssassin wrongly identifying a valid comment as spam. I was planning of having this utility teach the Bayesian filter on a community-wide basis, i.e. for all users. Therefore, people cannot mark their own messages as ham. This to guard against spammers teaching the filter wrongly. - Is learning a good idea at all in this setting? - If so, what are the advantages and more importantly disadvantages of having community-wide learning? - Should I use autolearning? - Is there anything else I should be aware of when implementing SpamAssassin in this setting? - Settings - Thresholds - c? After testing this a bit on comments, I hope to expand to blog posts and forum posts as well, so that moderators gets a heads-up when people post spam. Ole Have you had a look at some of the existing plugins for Wordpress? Michele Mr Michele Neylon Blacknight Solutions Hosting Colocation, Brand Protection http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 UK: 0870 163 0607 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239
RE: submit to spamcop
Jean-Paul Natola mailto:[EMAIL PROTECTED] said on 06 December 2005 14:36: How does one, if possible, submit a domain/IP address to spamcop? Spamcop lists Ips - SURBL lists URIs You can sign up for a reporting account at spamcop.net HTH Michele Mr Michele Neylon Blacknight Solutions Quality Business Hosting Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 UK: 0870 163 0607 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239
RE: SA restarting problems, Address already in use
BCC wrote: Hello happy SpamAssassin users, Every night, I stop Postfix, stop SA, force-expire bayes db, restart SA, restart Postfix. This goes fine most of the time, but sometimes I run into problems. The problems arise around once a week or so : spamc cannot connect to spamd, saying the following in the maillog file : Dec 15 04:25:15 server spamc[18803]: connect(AF_INET) to spamd at 127.0.0.1 failed, retrying (#1 of 3): Connection refused When this happens, manually restarting spamd resolves the problem. Until next time. As there is no apparent reason for spamd to die (or not to restart correctly) in the maillog file, I now start spamd without using '-d', in order to log stderr and stdout messages in a separate file. I am now using the following command to start spamd : /usr/bin/spamd -c -u spam /var/log/test_spamd. `/bin/date +%Y%m%d%H%M`.log 21 The problem occured again, and I catched the following from spamd output What is the output of netstat? Mr Michele Neylon Blacknight Internet Solutions Ltd Hosting, co-location domains http://www.blacknight.ie/ Tel. +353 59 9137101 http://www.blacknight.ie/specialoffers.html
Re: RelayCountry
Bill Landry wrote: Indeed! Better to look at something like http://countries.nerd.dk/more.html for adding weight based on message source country. Here is a sample of how to implement these in SA as RBL tests: How accurate and up to date is that data? -- Email scanned by Blacknight for viruses and dangerous content. Visit http://www.blacknight.ie for more information
Re: Implicit trust of surbl and sbl
Scott Wertz wrote: I think this is an easy question, but I haven't been able to find an answer. If I'm using spamassassin 3, invoking it via procmail as just 'spamassassin' and testing for the result, and I trust that any message carrying a URL that's listed on surbl.org or spamhaus.org is 100% spam, what file(s) would I edit and how? In other words, I've never seen a false positive on either of those BLs, but I'm seeing spam that meets those tests and is still weighted less than 5. I want to change that. Couldn't you just increase the scores to 100? -- Email scanned by Blacknight for viruses and dangerous content. Visit http://www.blacknight.ie for more information
RE: DATE_IN_FUTURE_12_24
Keith Whyte wrote: 2.3 DATE_IN_FUTURE_12_24 Date: is 12 to 24 hours after Received: date Just got a FP on this, the 2.3 for DATE_IN_FUTURE_12_24 pushing the score over the limit. Does anybody know how common future dates are with spam? I don't seem to get that many. A score of 2.3 seems a bit severe just for having your computer clock wrong. thanks I would disagree. On one server here I've got 1948 hits on that since the first of January and none of them could be possibly mistaken for FPs. Mr Michele Neylon Blacknight Internet Solutions Ltd Hosting, co-location domains http://www.blacknight.ie/ Tel. +353 59 9137101 http://www.blacknight.ie/specialoffers.html -- Email scanned by Blacknight for viruses and dangerous content. Visit http://www.blacknight.ie for more information
RE: maintaining the 2.6 branch (was: [2.64] FORGED_MUA_OUTLOOKbuggy)
Although we have upgraded on most of our systems I am not too enthused with the idea of touching our main gateway. It works, so I don't want to break it. Michele Mr Michele Neylon Blacknight Internet Solutions Ltd Hosting, co-location domains http://www.blacknight.ie/ Tel. +353 59 9137101 http://www.blacknight.ie/specialoffers.html -- Email scanned by Blacknight for viruses and dangerous content. Visit http://www.blacknight.ie for more information
Re: Any way to block really bad SPAMs?
Gustafson, Tim wrote: Hello I know that it's generally frowned upon to actually block SPAMs (as opposed to marking them as SPAM and letting the user decide) but my company has some instances where we get things that are blatantly, absolutely, unequivocally SPAM (think scores in excess of 100 points without BAYES or any white/blacklisting) and I wonder if there is a way I can configure SpamAssassin to actually block (as in, return a 550 SMTP error code) SPAMs that exceed some ludicrous SPAM score? Does such an option exist? If not, might it be useful for the community at large? You might consider looking at MailScanner (http://www.mailscanner.info) HTH Michele -- Email scanned by Blacknight for viruses and dangerous content. Visit http://www.blacknight.ie for more information
RE: OT Boincing Spam
If you're not already, consider using the RBL sbl-xbl.spamhaus.org at the MTA level. It's quite safe and rejects a lot of spam before it's even seen by SpamAssassin, etc. I'd have to disagree with you Jeff. A lot of the Irish and UK ISP netblocks end up in there as well, so you run a higher risk of FPs if you are not careful. Mr Michele Neylon Blacknight Internet Solutions Ltd Hosting, co-location domains http://www.blacknight.ie/ Tel. +353 59 9137101 http://www.blacknight.ie/specialoffers.html -- Email scanned by Blacknight for viruses and dangerous content. Visit http://www.blacknight.ie for more information
Re: sa database transferable?
Andy Hester wrote: I have just built a new spam filter with postfix/amavisd/spamassassin to replace our old sendmail/mimedefang/spamassassin spam filter which was buckling under the load. Can I copy the sa databases over to the new filter to help my new filter learn? If not, any ideas on how I can train my new system from the old one. I dont have a large number of spam messages on the old machine and Im concerned about going live with my new server. The last time I checked the old system had processed about 75K messages in one day for a system with approx 50 users. I dont want my users to get bombarded (or my Exchange server to crash and burn) while my new filter learns. If both systems are running the same version of SA then the Bayes versions should be the same and copying across should not be a problem YMMV -- Email scanned by Blacknight for viruses and dangerous content. Visit http://www.blacknight.ie for more information
RE: OT - How often to reboot?
We only reboot: - when we absolutely have to ie. Machine is not behaving properly or has to be physically moved - when there is a kernel upgrade (same as above) If the machine is behaving and you don't need to patch/upgrade the kernel why reboot it? Mr Michele Neylon Blacknight Internet Solutions Ltd Hosting, co-location domains http://www.blacknight.ie/ Tel. +353 59 9137101 http://www.blacknight.ie/specialoffers.html -- Email scanned by Blacknight for viruses and dangerous content. Visit http://www.blacknight.ie for more information
OT: Badly formatted HTML- best practices?
Hi all We deal with a very wide variety of clients and suppliers that use just about every email client possible, however one of our suppliers' help desk sends out very spammy HTML emails. We have whitelisted them, but I was wondering what is the best practice here? Should we inform them that their mails are likely to be caught be email filters or should we let them live on in blissful ignorance? Any input would be appreciated. TIA Michele Mr Michele Neylon Blacknight Internet Solutions Ltd Hosting, co-location domains http://www.blacknight.ie/ Tel. +353 59 9137101 http://www.blacknight.ie/specialoffers.html -- Email scanned by Blacknight for viruses and dangerous content. Visit http://www.blacknight.ie for more information
RE: Rules List
Get rid of bigevil immediately!! It is no longer updated and kills servers :) If you are still running the 2.6* series use spamcop uri to add support for SURBL Mr Michele Neylon Blacknight Internet Solutions Ltd Hosting, co-location domains http://www.blacknight.ie/ Tel. +353 59 9137101 Proud sponsors of MM04 {http://www.mm04.net} -- Email scanned by Blacknight for viruses and dangerous content. Visit http://www.blacknight.ie for more information
RE: Rules List
On Sat, 2004-11-06 at 13:57 -0600, Anton Krall wrote: Im using 3.0.. How do I get a hold of SURBLs ? Im still getting a lot of the vicodin and medicine spam mail :( SURBL is a plugin. Look in your init.pre -- Mr. Michele Neylon Blacknight Solutions Hosting, Co-location Domain Registration http://www.blacknight.ie/ Tel. +353 (0)59 9137101 -- Email scanned by Blacknight for viruses and dangerous content. Visit http://www.blacknight.ie for more information
RE: Announcing SURBL support in SA 2.63 and 3.0 plugins
Raymond Dijkxhoorn wrote: Hi! Hello SpamAssassin Users, I'm pleased to announce a new type of RBL for blocking messages based on spam domains contained in message bodies called SURBL. Unlike other RBLs, the Spam URI RBL (SURBL) is not used to block spam server IP addresses, but instead to block messages based on Ouch, seems Jeff has problems with his setup. This is really old mail. Bye, Raymond. I was wondering! Mr Michele Neylon Blacknight Internet Solutions Ltd Hosting, co-location domains http://www.blacknight.ie/ Tel. +353 59 9137101 Proud sponsors of MM04 {http://www.mm04.net} -- Email scanned by Blacknight for viruses and dangerous content. Visit http://www.blacknight.ie for more information
RE: Remove BigEvil :)
Martin Hepworth wrote: Chris may I suggest you change BE at the top (revision section), so it gives notice of BE's imminent death on 1 Dec (for example). Then repeat this every week so people might actually read the update email from RDJ and do something about it! On 1 Dec remove all the entries and merely have the comment stuff at the top saying to use the surbl.org URI RBLs. Just a thought... Thinking back to the problems with some of the RBLs going offline last year and some people's latency in realising that they were gone I'd err in favour of almost breaking the ruleset so people actually read the error message... That's just me though :) Mr Michele Neylon Blacknight Internet Solutions Ltd Hosting, co-location domains http://www.blacknight.ie/ Tel. +353 59 9137101 Proud sponsors of MM04 {http://www.mm04.net} -- Email scanned by Blacknight for viruses and dangerous content. Visit http://www.blacknight.ie for more information
RE: Installation issues
Kevin Morwood wrote: Hello, I am sure this issue has come up before. I have seen mention of it but no resolution. I am trying to build/install SA 3.0.0. I have been using SA since 2.1 or something really old. The most recent I have installed (running currently) is 2.63. I have been installing these via RPMs. Now, I am not able to find RPMs for 3.0.0 for RH9. So, I figured it shouldn't be too hard to just build it. Oh, how wrong can one be! Not being a Perl/CPAN expert I am lost. When I run perl Makefile.PL...the resulting makefile is garbage. I write software for a living and it is easy to see that this makefile won't build anything. But as I said I write software for a living and I don't have real time to debug/fix this. Since I'm sure that someone has seen this before I would like just a nudge in the right direction. I have tried on both my production server and on a clean RH9. I thought maybe I had messed up the Perl environment so I built a new one from scratch. The end result was exactly the same. I will test whatever steps on the clean machine and then apply the same steps to the production server. In the worst case I'll end up with a new machine for handling all of our email (not a bad thing). Thanks in advance and sorry for the long post... Kevin When you say the makefile is garbage, do you mean it simply won't work or what? Mr Michele Neylon Blacknight Internet Solutions Ltd Hosting, co-location domains http://www.blacknight.ie/ Tel. +353 59 9137101 -- Email scanned by Blacknight for viruses and dangerous content. Visit http://www.blacknight.ie for more information
FORGED_MUA_OUTLOOK 2.17 in 20_ratware.cf
Hi I've just noticed this appearing in mails being sent through a number of our servers: FORGED_MUA_OUTLOOK 2.17 This is in 20_ratware.cf I *think* an MS patch may have changed the headers produced by Outlook 2003 recently, as it's hitting all of my mails and that of a large portion of our clients. Can anyone suggest a temporary remedy for this? Regards Michele Mr Michele Neylon Blacknight Internet Solutions Ltd Hosting, co-location domains http://www.blacknight.ie/ Tel. +353 59 9137101 -- Email scanned by Blacknight for viruses and dangerous content. Visit http://www.blacknight.ie for more information
Re: Configuration Problem
On Mon, 2004-10-11 at 18:07 -0400, Theo Van Dinter wrote: On Mon, Oct 11, 2004 at 05:01:44PM -0500, J Thomas Hancock wrote: What is the easiest/best way to accomplish this? Would I need to add a record to each username in the userpref tables something like required_hits_to_delete? Once defined I could then do something like: There is no way to do what you've written in SpamAssassin currently. You'd need to have something outside SpamAssassin check the score and do the appropriate rewriting. (in future SA versions, you could probably do this with a plugin.) If you used MailScanner you could achieve this without any headaches at all :) -- Mr Michele Neylon Blacknight Solutions http://www.blacknight.ie 059 9137101 -- Email scanned by Blacknight for viruses and dangerous content. Visit http://www.blacknight.ie for more information
RE: Spellcheck plugin?
Eugene Morozov wrote: Loren Wilton wrote: I'm wondering, would it be useful to have a plugin that penalizes messages with many spelling mistakes? This might help against all those creative ways of spelling out what the spammer wants to sell. I don't know that anyone has worked on specifically what you are thinking of, which is an interesting idea and worth testing, I think. There are things like Tripwire that look for some outright outlandish spellings, and lots of things that look for obfuscated specific words. Such a plugin was written by someone about a year ago -- check gmane archive of sa-users mailing list. It turned out to be not really reliable method for detecting spam. Eugene Judging by the overall quality of emails that we get from clients, prospective clients, suppliers etc., I would be very wary of penalising anyone due to spelling - we'd all lose business!! M Mr Michele Neylon Blacknight Internet Solutions Ltd Hosting, co-location domains http://www.blacknight.ie/ Tel. +353 59 9137101 -- Email scanned by Blacknight for viruses and dangerous content. Visit http://www.blacknight.ie for more information
RE: dnsbl test not working
ADMIN_miki wrote: this machine is located inside DMZ any ideas why are these problems ? Thank you Miki The obvious question I would ask is are you allowing connections outgoing ? ie. Is your firewall open on the required ports? Mr Michele Neylon Blacknight Internet Solutions Ltd Hosting, co-location domains http://www.blacknight.ie/ Tel. +353 59 9137101 -- Email scanned by Blacknight for viruses and dangerous content. Visit http://www.blacknight.ie for more information
RE: New blacklist with URI
Matt Kettler wrote: Theoretically, it should also match if the hostname changes, as long as the domain+TLD part is the same (ie: foo.blah.com) That said I've heard some mumblings the SA 3.0 implementation of domain stripping is a bit different than the Mail::SpamCopURI version, and the latter matches the SURBL back-end behavior more closely. However, this is really a subject for Jeff Chan. The SURBL data contains domains as far as I can see from looking at our local copies M Mr Michele Neylon Blacknight Internet Solutions Ltd Hosting, co-location domains http://www.blacknight.ie/ Tel. +353 59 9137101 -- Email scanned by Blacknight for viruses and dangerous content. Visit http://www.blacknight.ie for more information
RE: SA 3.0 and Bigevil
Anyone using SA 3 with network tests enabled, Net::DNS installed and URIDNSBL rules active (which they are by default in 3.0.0) should stop using BigEvil. The static domains in BigEvil are now in the SURBL list ws.surbl.org which is enabled by default in SA 3.0.0 along with all other current SURBLs, so all you will really gain by using BigEvil is really big memory usage. WS will do essentially the same thing as BigEvil, but much more efficiently. Stop using BigEvil if you're using SA 3 with network tests. And anybody using SA 2.6* should use spamcop URI :) Michele Mr Michele Neylon Blacknight Internet Solutions Ltd Hosting, co-location domains http://www.blacknight.ie/ Tel. +353 59 9137101 -- Email scanned by Blacknight for viruses and dangerous content. Visit http://www.blacknight.ie for more information
RE: 2 drug emails low scores SA2.63 0.0 SA2.64 0.1
Obantec Support wrote: Hi Just had 2 emails to 2 different servers same email but very low scoring. The subject so far are Subject: Domains, Don't C1ick hereSubject: Mark, Don't C1ick here where first was to [EMAIL PROTECTED] and second was to [EMAIL PROTECTED] I do get other drug emails but the low score on these 2 worry me. Mark Mark Are you using SURBL? Michele Mr Michele Neylon Blacknight Internet Solutions Ltd Hosting, co-location domains http://www.blacknight.ie/ Tel. +353 59 9137101 -- Email scanned by Blacknight for viruses and dangerous content. Visit http://www.blacknight.ie for more information
RE: 2 drug emails low scores SA2.63 0.0 SA2.64 0.1
Obantec Support wrote: Original Message - From: Martin Hepworth [EMAIL PROTECTED] Cc: users@spamassassin.apache.org Sent: Tuesday, September 21, 2004 3:08 PM Subject: Re: 2 drug emails low scores SA2.63 0.0 SA2.64 0.1 Mark What extra rules have you in /etc/mail/spamassin? Any from the rulesemporium.com, specifcally antidrug.cf ??? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 snip I thought i was but i am getting /usr/bin/rules_du_jour: line 121: [: too many arguments So no updates it seems :( Mark Run it directly from the command line: ./rules_du_jour If you get a too many arguments error there is something either wrong with your path or you have made a mistake while editing the file M Mr Michele Neylon Blacknight Internet Solutions Ltd Hosting, co-location domains http://www.blacknight.ie/ Tel. +353 59 9137101 -- Email scanned by Blacknight for viruses and dangerous content. Visit http://www.blacknight.ie for more information
Re: Subject line
On Tue, 2004-09-14 at 13:52 -0700, Kenneth Porter wrote: --On Tuesday, September 14, 2004 9:33 PM +0100 Michele Neylon::Blacknight Solutions [EMAIL PROTECTED] wrote: Having a simple prefix in the subject line makes life a lot easier. Precisely *how* does it make life easier? Why is List-Id not sufficient? It's only visible if you examine the header. Something in the subject line is a lot more visual X-Mailer: Evolution 1.5.93 Evo can recognize List-Id in filters. I don't always use evolution and even if I did I would still prefer something in the subject line As I already said, other lists allow people to choose. -- Mr. Michele Neylon Blacknight Solutions Hosting, Co-location Domain Registration http://www.blacknight.ie/ Tel. +353 (0)59 9137101 -- Email scanned by Blacknight for viruses and dangerous content. Visit http://www.blacknight.ie for more information
RE: Subject line
On Tue, 2004-09-14 at 14:14 -0700, Bret Miller wrote: I don't expect the policy will change, so I'll eventually find another visual way to deal with it. And who decides the policy? -- Mr. Michele Neylon Blacknight Solutions Hosting, Co-location Domain Registration http://www.blacknight.ie/ Tel. +353 (0)59 9137101 -- Email scanned by Blacknight for viruses and dangerous content. Visit http://www.blacknight.ie for more information
Re: Subject line
On Tue, 2004-09-14 at 16:28 -0500, Tom Meunier wrote: I vote for per-user settings, and if that's not available I vote for postpending it, and if that's not available I vote for Hey, I hate them and deal with it, so you deal with it when they're NOT there! Choice is always best -- Mr. Michele Neylon Blacknight Solutions Hosting, Co-location Domain Registration http://www.blacknight.ie/ Tel. +353 (0)59 9137101 -- Email scanned by Blacknight for viruses and dangerous content. Visit http://www.blacknight.ie for more information
Re: Subject line
On Tue, 2004-09-14 at 16:28 -0500, Tom Meunier wrote: I vote for per-user settings, and if that's not available I vote for postpending it, and if that's not available I vote for Hey, I hate them and deal with it, so you deal with it when they're NOT there! Choice is always best -- Mr. Michele Neylon Blacknight Solutions Hosting, Co-location Domain Registration http://www.blacknight.ie/ Tel. +353 (0)59 9137101 -- Email scanned by Blacknight for viruses and dangerous content. Visit http://www.blacknight.ie for more information
Re: Spammer using my domain name in FROM field
quote who=Raymond Dijkxhoorn Hi! Spammer apparently is using [EMAIL PROTECTED] in the FROm field of the emails he is sending out. Domain is one of my customers virtual domain, spammer made up the username in the email address. Now I am getting burried by mail notifications returning to sender...obviously wrong person. How do you people deal with this? Is there anything I can do? Email addresses in FROM field as we all know are fake when spammers use them. But if you don't do it if someone misspelled an email address that is legitimate and sent it to user they won't know it didn't make it. Welcome to the real world, this is you wakeup call ;) This is happening all the time, not much you can do about this. A countermeasuer could be using SPF records, so people at least have a way to check if its you or not. Or you could get a digital ID and sign all your outgoing mails :) -- Mr.Michele Neylon Blacknight Solutions Hosting, Co-location Email solutions http://www.blacknight.ie/ Tel. +353 59 9137101 -- Email scanned by Blacknight for viruses and dangerous content. Visit http://www.blacknight.ie for more information
RE: [SURBL-Discuss] Re: Applying SURBL against blog comment spammers
Which blogger are you using? I moved my own blog over to Wordpress a couple of months ago and I haven't had any issues with comment spammers since. Mr Michele Neylon Blacknight Internet Solutions Ltd Hosting, co-location domains http://www.blacknight.ie/ Tel. +353 59 9137101 -- Email scanned by Blacknight for viruses and dangerous content. Visit http://www.blacknight.ie for more information