Recently, I upgraded to the latest clamav-unofficial-sigs
script/config. file, and while doing that noticed
a few issues that relate to the init scripts distributed
via .rpm and some unexpected clamav behavior:
https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2158
A couple of questions:
1) How do
On 07/22/10 12:06:36, Mi??u Moldovan wrote:
> [...]
> In fact, I have given up on using an AV on the MX servers altogether,
> just ban the dangerous file extensions like com, exe, pif, lnk etc.
> and you are good to go. [...]
CLAMAV is also useful for spam filtering. We use the
"SANE Security" an
This is a follow up to a couple of year old thread.
(Although this issue may be different in some important ways.)
After a recent upgrade to mimedefang-2.68-1.el5.rf
(on CentOS 5 system), we're seeing the following
error message in the logs:
Apr 5 16:19:18 intrepid mimedefang-multiplexor[10407]:
On 05/06/09 12:52:59, Pete wrote:
> Is there a method for encrypting outgoing email using PGP (or other
> methods). I am thinking of doing this on a per recipient basis. I.e encrypt
> email to people I regularly email and leave plain the rest.
>
> Any suggestions or ideas welcome.
Something tha
On 02/05/09 11:45:19, Ernst wrote:
>> David Skoll wrote (in part):
>> No, of course not. To do so would be ridiculous. So why the fetish
>> for mucking with e-mail?
>
> I can't agree more. It is absolutely ridiculous to add disclaimers to
> e-mail. [...]
> I however understand Gibson's problem
Just updated our FC5-based e-mail server, and noticed
the following in the changelog for mimedefang.
Based upon preliminary tests, it appears that
MDF logging is working again.
# rpm -q mimedefang
mimedefang-2.58-3.fc5
# rpm -q --changelog mimedefang
* Tue Dec 19 2006 Robert Scheck <[EMAIL PROTEC
> Hopefully those customers aren't using Verizon's
> relays, that
> I've now lowered defenses to?
If verizon is the type of spammer-friendly host
that always retries (to the received greylist
deferral response), then it doesn't matter much.
They'll eventually get through anyway (assuming
you're r
Replying to an old thread ...
Mark Darose wrote:
> Sent: Monday, September 25, 2006 2:55 PM
>
> I'm playing with MIMEDefang 2.57 on Fedora Core 5 using the
> RPM build from
> Fedora Extras. The md_syslog function doesn't work. Fedora
> C5 includes
> version 0.13 of Sys::Syslog.
>
> I've poke
Something like that ... Congrats, David, and thanks for
all your work and contributions to MIMEDefang.
http://webcast.sys-con.com/general/registerpenguin.htm
Webinar:
Thursday, November 17, 2006 - 2:00 PM EST
WEBINAR: 5 Things you NEED to Know Before Purchasing an Anti-Spam Solution
Join Roar
David F. Skoll wrote:
> > mimedefang-multiplexor.c:4570: syntax error before `*'
> > mimedefang-multiplexor.c:4571: `b' undeclared (first use in this
> > function)
>
> Doh doh DOH!!! Silly GCC lets me get away with way too much.
David, you might want to use more restrictive 'gcc' options when
com
http://go.reuters.com/newsArticle.jhtml?type=technologyNews&storyID=12401741
[...]
Internet service AOL said on Thursday it had resolved a software problem
that delayed the transmission of millions of e-mails since the late morning.
Many AOL members had been unable to send or receive new e-mails s
I only recently started using and paying attention to
PGP-signed email, and noticed that the PGP mail that
I receive results in the following diagnostic from
Outlook 2000 when the message is opened:
"Contents altered after message was signed"
I don't think the message was actually altered, but
I'
http://www.snertsoft.com/solutions.php
Above, a list of milters, many of them open source, some not.
Thought it might be useful for ideas of add-ons/improvements
to MdF.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message
Late follow-up to this thread ... was wondering if there might
be something to be gained by running the OCR scan from mimdefang?
The idea would be to run the scan, and if sufficient text results
(I'd hesitate to suggest that a quick spelling scan would be run on
the result, but that is a possibili
> -Original Message-
> From: Martin Blapp
> Sent: Monday, April 17, 2006 8:00 AM
> > Spamassassin version is 3.1.0, looks like I'll have to upgrade to 3.1.1
> > to get this to work?
>
> Seems so, yes. I'll correct the manual.
Has this package/plugin been updated yet with the various fix
Martin wrote:
> But problably the spammers
> will soon change their tricks to different images which are more
> difficult to read :-(
>
> http://antispam.imp.ch/patches/patch-ocrtext
On this topic, Nick FitzGerald mentioned this article,
http://www.jgc.org/blog/2006/01/do-spammers-fear-ocr.html
S
> From: Martin Blapp
> Sent: Friday, April 14, 2006 9:43 AM
>
> This is just a little advertisement for my plugin which is now
> in a usable state and works very well.
>
>
> http://antispam.imp.ch/patches/patch-ocrtext
>
Martin, this is a Very Good Thing, and has been needed for quite
some t
http://www.emailbattles.com/archive/battles/email_aaddbfghhe_ch/
Free Tool Ferrets Out Mail Server Problems
Posted on 04/05/2006 @ 15:11:25 in Email.
Trouble receiving mail? Installing a new mail server? Need to make sure all
your email servers are accessible?
Experienced network managers have
> I imagine this is because MIMEDefang can't infer what username to
> use - is there a way I can tell it?
Given that MdF's "slaves" include Spamassassin directly, they'll
each have to run as the user of choice. You'll probably need a set
up where you run two copies of MdF and its helpers. You'
> From: Jan Pieter Cornet
> Sent: Thursday, February 02, 2006 12:58 AM
[...]
>
> A .wmv file is a windows media video file, and has nothing to
> do with the .wmf exploits that were recently in the news.
>
You're right - I wasn't paying attention. In fact it is likely we
already filter out .wmf
> From: Stephen J. Smoogen
> Sent: Wednesday, February 01, 2006 4:22 PM
>
> Well depending on how patched your system is.. and what application
> you are using for email you do not have to click on the wmv file. Just
> having some clients process the email can cause problems (according to
> one w
I've had a couple of spams drop in my inbox recently,
and at first, I couldn't see how they made it past SA.
I looked at the headers, and to my surprise, the message
hadn't been scanned by Spamassassin(!). Why? How?
I looked further, and noticed that one message was 800K
bytes, and the other 14
Following up on this dusty old thread ... one idea that I'd mentioned was
perhaps using SPF as a way of validating IP relay addresses for whom
their mail should not be delayed via greylisting.
I noticed this in a mail header today:
X-Greylist: Sender is SPF-compliant, not delayed by milter-greyl
> From: Philip Prindeville
> Sent: Saturday, January 28, 2006 10:43 AM
>
> Cool. Too bad no one has written an XML way of retrieving it and
> parsing it out.
>
They have. See BOGO below:
http://spfilter.openrbl.org/code/xml-view.php
BOGO INTERVAL="7" TYPE="cidr/3" MAZSIZE="2" OPTION="notext
> From: David Nelson
> Sent: Saturday, January 28, 2006 9:13 AM
>
> I subscribe to ip2location.com, which provides geolocation services by
> IP address. The info is downloaded on nightly from their web servers
> and put into a database. I check the IP addresses contained in the
> message agains
> From: Philip Prindeville
> Sent: Tuesday, January 24, 2006 5:09 PM
>
> I was wondering if we could update the HOWTO pages to describe
> installing Mimedefang and Spamassassin both on a system, so that
> the former is run, then the latter, or incoming email.
>
> I'd like to be able to reject mail
> From: Jason Gurtz
> Sent: Monday, January 23, 2006 11:30 AM
>
> My knee-jerk reaction is that perhaps the kernel doesn't have tmpfs
> support compiled in or available/correctly configured as a kernel module.
My gut reaction is that it would be better to find out _why_ MdF
is red-llned, first.
David F. Skoll wrote:
> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=116192
>
> That wasn't a locking bug. It was a weird bug whereby Berkeley DB
> would, for no reason at all, sleep for one second whenever it needed
> to allocate memory!
>
> It's still present in Fedora Core 1, I believ
David F. Skoll wrote:
>
> Could you be thinking of this bug?
>
> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=116192
>
> That wasn't a locking bug. It was a weird bug whereby Berkeley DB
> would, for no reason at all, sleep for one second whenever it needed
> to allocate memory!
>
> I
David F. Skoll wrote:
> Sent: Wednesday, January 18, 2006 5:37 PM
>
> If that's the case, SpamAssassin has a seriously broken BerkeleyDB Bayes
> implementation.
>
If I recall correctly, 2/3 years ago, there was a particular version
of the Berkeley DB implementation that was bugging, esp. with
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of David
> F. Skoll
> Sent: Wednesday, January 18, 2006 2:03 PM
> To: mimedefang@lists.roaringpenguin.com
> Subject: Re: [Mimedefang] BIG problems with mimedefang
>
>
> Gary
> From: Lisa Casey
> Sent: Wednesday, January 18, 2006 12:02 PM
> To: mimedefang@lists.roaringpenguin.com
> Subject: [Mimedefang] BIG problems with mimedefang
>
>
> Hi,
>
> I'm running Redhat 7.2 This computer functions as a Radius
> server (cistron
> radius 1.6.7) and as a mail server (se
>
> Philip wanted an opportunity from MIMEDefang to change how Sendmail
> reacts to the HELO/EHLO command. Right now, you can't; you have to wait
> for MAIL FROM: to do anything based on the HELO argument.
>
OK, and what about the question raised as to how incoming mailers
might react if, for
I've kind of lost the thread here what is the
recommended use for filter_helo?
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://w
> From: Michael Lang
> Sent: Tuesday, January 17, 2006 7:50 AM
[...]
>
> at my last company we did with 4 machines, 3Mil/Day Messages without any
> problem. The machines where HP DL360 2G Ram 1 CPU ;)
With Mimedefang and SA?
___
NOTE: If there is a di
> From:David F. Skoll
> Sent: Monday, January 16, 2006 8:58 AM
>
>
> Kris Deugau wrote:
>
> > define(`confQUEUE_LA', `2')dnl
> > define(`confREFUSE_LA', `7')dnl
>
> Bad settings.
>
> Having REFUSE_LA higher than QUEUE_LA is a surefire way to kill
> your server.
Some handy tuning/debugging tips:
h
This is really an academic question, but would it be possible to
scan/compile the mimedefang filter before including and adjust the
prototype declaration and use accordingly? (This more a Perl question
than a suggestion.) - Gary
___
NOTE: If there is
> From: [EMAIL PROTECTED]
> Sent: Sunday, January 15, 2006 12:22 AM
> To: mimedefang
> Subject: [Mimedefang] Mimedefang + SA go crazy !
>
>
> hi,
>
> Now that i upgraded to SA 3.1 I have new problems.
> Today (sunday) SA started consuming all cpu resorces!!
> It opens threads/proccesses and use
> -Original Message-
> From: [EMAIL PROTECTED]
> Sent: Wednesday, January 11, 2006 6:51 AM
>
> I'm fed up with SA !
> Spam gets through no matter what i do :-(
> and ham is blocked (well not all ham, but even one is
> sometimes too much)
Unfortunately, this is the nature of the beas
Speaking of rDNS, check out this log entry (user name and sub-domain,
obfuscated as 'fred').
Jan 10 09:09:02 intrepid sendmail[31995]: k0AH8pZE031992:
to=<[EMAIL PROTECTED]>, ctladdr=<[EMAIL PROTECTED]> (1001/1001),
delay=00:00:06, xdelay=00:00:03, mailer=esmtp, pri=151951,
relay=mailhost.cotse.c
> Try running, 'md-mx-ctrl rawstatus'
'md-mx-ctrl load' is also useful, and human readable. The various
other commands described in 'man md-mx-ctrl' may also help provide
some insight into what is going on. For example, 'md-mx-ctrl slaveinfo 0'
will tell you which pid is assigned to slave 0. T
> From: Lisa Casey
> Sent: Saturday, January 14, 2006 8:16 AM
>
> I'm running Mimedefang/Spamassassin on a Redhat server with Sendmail.
Which versions?
What sort of hardware (cpu type, speed, memory size)
How many average messages/day?
> This
> has all been running fine for a couple of years n
> From: Philip Prindeville
> Sent: Friday, January 13, 2006 12:44 AM
>
> Which reminds me... I need to start looking into how to add
> filters for non-latin1 email content...
If you're using Spamassassin, you can tell it which locales and languages
you expect,
http://spamassassin.apache.org/full/
>
> I want to decrease the value of "required_score" or "required_hits". I
> want to decrease it from 5 to 4.3. I edit the file
> /etc/mail/spamassassin/local.cf and put this line:
An alternative to tweaking the threshold is to look at the messages
that are getting through and either upward adj
One of the difficulties we run into with MdF in general and greylisting
in particular is that recipient address verification (via the access
database) is delayed via delay_checks. So, basically we tempfail messages
with invalid recipient addresses that we should reject outright
at the HELO phase,
> ISPs in my experience don't even really care about setting reverse
> DNS up.
Isn't it good practice for mail exchanges to have a PTR record?
I can understand why ISP's don't go to the trouble to rDNS every
IP in the network, but it would seem to be a good idea to support
rDNS on their outwardly
> 4. I don't know what end goal you are trying to achieve but using reverse
> records for any type of sercurity or blocking has pretty high
> false positive
> rates. ISPs in my experience don't even really care about setting reverse
> DNS up.
KAM, thanks. I'm looking to munge my greylist log e
I need a program that will convert a HELO IP address into a
FQDN with some confidence. I've prototyped one, below.
Is it doing the right thing? Couple of questions:
1. Is it okay to use the first (and only the first) PTR record?
2. Is it okay to use the (default) recursive search?
3. Is it okay
> -Original Message-
> From: Joseph Brennan
> Sent: Thursday, January 12, 2006 6:41 AM
>
> You could have Mimedefang do those lookups instead, early in the
> process. If you will reject for being in certain RBLs then you can
> dispose of those messages without running the SA stuff.
>
>
>
> If I have the time, I'll give my suggestions regarding the use
> of SPF and RDNS a shot, and report back on the results. My hunch
> is that they'll offer decent improvements, especially in handling
> first time senders. Better, perhaps I'll process the message logs
> and give some feedback
As a follow-up to the discussion regarding the fact that sendmail
and spamassassin perform a lot of DNS lookups, one thing we do here
to speed up SA a bit is to tell it to limit the time it waits for
a response from a spam block list lookup. We place the following
in our local.cf file in SA's rul
> From: David F. Skoll
> Sent: Tuesday, January 10, 2006 5:35 PM
>
> Ah. That screams network problems. DNS latencies can kill you,
> especially if you're using SURBL lookups inside SpamAssassin.
> High DNS latency causes slave processes to build up.
A caching DNS server running on the same bo
> From: David F. Skoll
> Sent: Tuesday, January 10, 2006 11:02 AM
>
> [EMAIL PROTECTED] wrote:
>
> > That is the sole purpose of SPF, to force domains that send spam to
> > admit ownership of the sending servers.
>
> spammer.com.1d IN TXT "v=spf1 +all"
>
> I own the world! :-)
>
> (Yes,
>
> > 2. Something I've toyed with: _if_ the sending relay supports SPF and
> >the SPF validates - accept the mail unconditiionally and
> > don't greylist it.
>
> It is rapidly becoming the case that SPF validation is a
> higher-than-average
> sign of SPAM, since the spammers have more of an i
> From: Roland Pope
> Sent: Monday, January 09, 2006 5:50 PM
>
> One idea I had was to try and create a whitelist entry in the
> database for
> emails sent from within my network to customers, to try and reduce delays
> for initial replies from said customers.
>
> Ie. When one of my users sends an
>
> I notice that a number of people have implemented John Kirkland's MySQL
> greylist implementation from http://www.bl.org/~jpk/md-greylist, but his
> website appears to be no longer available??
Try again. Seems to be working just now. - Gary
___
> From: Jan Pieter Cornet
> Sent: Saturday, December 17, 2005 7:12 AM
> To: mimedefang@lists.roaringpenguin.com
>
> In this case, through $RelayAddr.
OK, thanks. Here is the ammended method:
In filter_end() obtain the Sender's IP address from the
$RelayAddr global variable, and check it agains
gt; On Fri, Dec 16, 2005 at 11:46:35AM -0800, Gary Funck wrote:
> > filter_end(). You'll need to capture the Sender's IP address in
> > filter_sender(). As I understand things, filter_sender() can only
> > communicate with filter_end() via a file in the $CWD directory (
BTW, the sendmail FAQ had this to say:
http://www.sendmail.org/faq/section3.html#3.35
Q3.35 -- How do I add a footer/signature to all (outgoing) e-mail messages?
Date: October 9, 2000
Updated: August 1, 2001
Updated: May 16, 2002
Updated: February 22, 2003
This is quite complicated. At first sig
> From: Joseph Brennan
> Sent: Friday, December 16, 2005 12:51 PM
> To: mimedefang@lists.roaringpenguin.com
>
> Anyone attempting this is going to need to think through precisely
> which messages need the special treatment.
>
> Gary's example focuses on mail coming from IP addresses owned by t
> From: David F. Skoll
> Sent: Thursday, December 15, 2005 1:53 PM
>
> Unfortunately, MIMEDefang only sees exactly what was in the
> RCPT TO: command. It doesn't know the results of virtusertable
> changes.
>
> (Though it occurs to me that it can see the mailer, so if you
> map invalid addresse
> From: bablu bablu
> Sent: Friday, December 16, 2005 2:32 AM
>
> I am just making a genuine effort to get some help.
Apart from the fact that there are no great supporters on this
list of adding disclaimers, it is also true that there is
no direct implementation in the mimedefang filter
as it co
something worth mentioning: greylisting is highly effective,
but it takes some getting used to. Like when you go to a
web site and register a new account, and wait, wait, wait for
the reply to come in with your account confirmation e-mail.
Or when you forget your password and wait for the mail to
I used John Kirkland's implementation, using MYSQL,
with great success (on an FC3 system):
http://www.bl.org/~jpk/md-greylist/
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
> -Original Message-
> From: bablu bablu
>
> Problem is disclamer is geeting attached with outgoing
> as well as incoming mails.
> Is there any way we can only enable disclamer for
> outgoing mails.
Among other things, you'll need this:
http://www.mail-archive.com/mimedefang@lists.roarin
> -Original Message-
> From: Paul Whittney
> Sent: Tuesday, December 06, 2005 5:35 PM
[...]
>
> However, for some sites that deal with a small number of domains that
> accept email, the first thought is to "block all that could be the virus",
> and then move to the next task of the day (o
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Oliver
> Schulze L.
> Sent: Tuesday, December 06, 2005 1:37 PM
> To: mimedefang@lists.roaringpenguin.com
> Subject: [Mimedefang] Wiki: installing mimedefang and clamav
>
>
> Hi,
> I just updated this pa
As noted previously, I installed Mdf via RPM built from
the mimedefang.spec.
While resolving .rpmsave conflicts, I noticed the
following diffs between mimedefang-filter.rpmsave
(my previous version) and mimedefang-filter, the
new version:
$ diff mimedefang-filter{.rpmsave,}
14c14
< # $Id: mimed
Hello, I recently upgraded to mimedefang 2.52, installing
it by first building the rpm, using the supplied
mimedefang.spec file. All went well, except I
notice that the build seemed to miss the fact
that CLAMAV is installed. Here's the diff between
the previous 2.49 install and the present 2.52
Quick follow-up ... the problem I was experiencing is that the
errant IP address was white listed in the "grey list". That is,
it had previously been greylisted and then accepted for delivery,
because at the time the IP address wasn't listed as a reject in
access.db. The fix is to delete the IP a
> Nope, each "phase" of the conversation passes through ALL milters (though most
> milters only actually do something with the data phase) in addition to
> sendmail. Since delay checks changes the order sendmail calls these parts, it
> also changes the order the corresponding milter parts will be
> -Original Message-
> From: Mike Atkinson
>
> Gary Funck wrote:
>
> > $ makemap -u hash access.db | grep 1.2.3.4
> > 1.2.3.4 REJECT
>
> Entries in the access map should be tagged, try:
>
> Connect:1.2.3.4 REJECT
Maybe that's it,
Hello,
We're receiving daily "log watch" logs from a misconfigured system, apparently
hanging off a big ISP. That system ironically seems to have the same name our
our domain and due to misconfiguration the mail comes in looking more/less
like it came from our system, except of course, the Rece
Checkpoint's firewall, and Trusted Information Systems' Gauntlet
likely did the job:
http://groups-beta.google.com/group/muc.lists.firewalls/browse_thread/thread/398284916e5f4019/fe79931c4d44d1e3?q=gauntlet+virus+scan
+1997&rnum=1#fe79931c4d44d1e3
short url: http://tinyurl.com/exaoo
That's a Ju
In our configuration, where we implement blacklists using DNSBL's
and greylists in MdF, we see tons of messages as follows:
blacklists:
[EMAIL PROTECTED] (553 5.0.0 CBL Proxy/Trojan): 1 Time(s)
[EMAIL PROTECTED] (553 5.0.0 CBL Proxy/Trojan): 1 Time(s)
[EMAIL PROTECTED] (553 5.0.0 CB
Am seeing some spam where the sender's From_ address's domain
doesn't have an MX record. Was considering noting that fact
in the header as an extra X- field, and then letting SA score
it negatively. Has anyone tried that sort of thing? Can
you offer some prototype code that does something like t
> sub action_discard_bounce ($) {
> my($message) = @_;
> # don't quarantine if all recipients are @sewingwitch.com
> my $non_sewingwitch = grep !/[EMAIL PROTECTED]/i, @Recipients;
> # check for only recipient being
> # hostmaster or info (almost certain spa
> We're on Fedora Core 3, compiling Sendmail from source as per the
> Mimedefang HOWTO. We're getting an error indicating that Berkley DB is
> not installed, yet it is. We linked the libdb.so file to the
> libdb-4.2.so and now it's trying to compile in Berkley DB. However, it
> keeps erroring o
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Todd
> Aiken
> Sent: Thursday, January 20, 2005 7:58 AM
> To: mimedefang@lists.roaringpenguin.com
> Subject: Re: [Mimedefang] MD/SA and Outlook
>
>
> On 20 Jan 2005 at 10:50, David F. Skoll wrote:
>
> > O
> Although I've certainly had cases, using Outlook 2003, where Outlook's
> idea of where the headers ended was different from MD's. The general
> thing these items seem to have had in common is a blank line embedded in
> the headers (which might be something for the original poster to look
> fo
> From: Gary Funck
> Sent: Thursday, January 13, 2005 8:11 AM
[...]
> only two spam messages made it into my spam folder
> last night, where there might've usually been 10 to 30 (we also implement
> IP black lists which eliminates about 2/3's of the incoming spam right
> From: David F. Skoll
> Sent: Thursday, January 13, 2005 8:38 AM
[...]
>
> You'd have to spool the mail into some other queue that gets processed
> every so often, and set a MinQueueAge of an hour on that queue. It
> seems way too tricky to me.
>
I agree.
Another question: How does CanIT (or o
> From: Paul Murphy
> Sent: Thursday, January 13, 2005 2:06 AM
[...]
>
> The default in most implementations is one minute - the point of
> greylisting is that most spam mailers have several million addresses
> to send to, so even if they bother to check the return codes, most
> take no action on
> From: Matthew Lee
> Sent: Wednesday, January 12, 2005 9:45 AM
[...]
>
> However when using the GTUBE test
> http://spamassassin.apache.org/gtube/
> No report is written and the message is not tagged.
1) first make sure that Spamassassin is working.
% wget 'http://spamassassin.apache.org/gt
(disclosure: I'm a syslog novice)
I'm finding the following sorts of log entries to be not useful/needed:
Jan 12 16:55:37 intrepid sendmail[10286]: j0D0tWUD010286: Milter change:
header Content-Type: from text/plain; charset=us-ascii to text/plain;
charset=us-ascii
Jan 12 16:55:37 intrepid sendm
With help from the MDf list members, and a few trips through the MIMEDefang
archives, I was able to implement a form of grey listing.
Mainly, I used the implementation here:
http://www.bl.org/~jpk/md-greylist/
There are different ways to configure this implementation.
I went with the default
wh
> From: Todd Aiken
> Sent: Monday, January 10, 2005 2:53 PM
[...]
> I'm assuming that this is supposed to happen when a whitelisted entry is
> found in the database that has been there and not accessed for longer
> than the time period defined by gdb_white (currently set to 30 days), but
> I only
> From: Todd Aiken
> Sent: Monday, January 10, 2005 2:53 PM
[...]
>
> Greetings all. After having some problems with database corruption, I
> modified my greylisting to use a MySQL database according to the
> following web page set up by John Kirkland:
>
> http://www.bl.org/~jpk/md-greylist/
To
> From: James Ebright
> Sent: Friday, January 07, 2005 7:55 AM
> To: mimedefang@lists.roaringpenguin.com
> Subject: RE: [Mimedefang] tagging mail sent to aliases
>
>
> I would think checking the /etc/aliases yourself would be less memory
> intensive than another sendmail child. You can probably
> -Original Message-
> From: James bright
> Sent: Thursday, January 06, 2005 6:58 AM
> To: mimedefang@lists.roaringpenguin.com
> Subject: Re: [Mimedefang] tagging mail sent to aliases
>
>
> Unless you delay checks.
1. we delay checks
2. I've seen code that adds custom headers for SA t
> -Original Message-
> From: Rob MacGregor
> Sent: Wednesday, January 05, 2005 10:54 AM
>
> On Wed, 5 Jan 2005 09:38:30 -0800, Gary Funck <[EMAIL PROTECTED]> wrote:
> >
> > Would like to implement temp failing/grey listing along the
> following line
I notice a lot of spam gets sent to one of a number of mail aliases, which
we've added to /etc/aliases to catch alternate spellings of our e-mail
addresses. Is there a method within sendmail to notice when it has mode
an alias substituion, and to then have MdF add a header tag noting this
happene
Would like to implement temp failing/grey listing along the following lines:
- If haven't seen a given incoming IP address in a while, then temp fail,
for
say about 1 hour. If the sender doesn't just go away by then, then socre
the mail per usual and let it through.
To implement this, we'd
> -Original Message-
> From: James Ebright
> Sent: Tuesday, January 04, 2005 8:34 AM
>
> I use reload in my script for the few configs I use from there.
>
OK. thanks Jim (and David). We're running Fedora Core 3, with Perl 5.8, so
I'll assume
that it is competent enough to handle reload.
I use RulesDuJour (http://www.exit0.us/index.php?pagename=RulesDuJour) and
am
trying to now integrating them into MIMEDefang. This script downloads the
latest
custom-developed SA rules and auto-updates them into a config directory.
Once it is done it want to run '/etc/init.d/spamd restart'. With
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of James
> Ebright
> Sent: Monday, January 03, 2005 7:08 AM
> To: mimedefang@lists.roaringpenguin.com
> Subject: Re: [Mimedefang] how to build SA-compatible encapsulated spam
> message?
>
>
> I attached a sn
That reply was meant for the SA forum. Sorry about that. - Gary
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
> From: Thomas Arend
> Sent: Monday, January 03, 2005 7:55 AM
>
> I have received a FalsePositive because arcor.de got into trhe blocklists.
>
> Has someone informations why arcor.de got into the blocklist?
>
You probably need to go to the places where the URL's are blacklisted,
and requrest that
(cross-posted from the SA list. I'd developed this as an interim
method for normalizing the spam message formats. - Gary)
-Original Message-
From: Gary Funck [mailto:[EMAIL PROTECTED]
Sent: Monday, January 03, 2005 1:52 AM
Attached, is a Perl script, mdf2sa.pl, which converts
> From: James Ebright
> Sent: Monday, January 03, 2005 7:08 AM
>
> I attached a snippet from my filter code... gleaned from KAM a bit over a
> year ago.. it works well and I think will do the job.
Jim, thanks. Looks like that'll do the trick. Might make a nice addition
to the 'contirb' directory
1 - 100 of 113 matches
Mail list logo
