I'm preparing to roll out SA on another test box in preparation for a
production installation soon. I'm testing it on another box because my
first test box is testing way to many different (but related things right
now). My current test install is
Sendmail 8.12.6
Procmail 3.22
SpamAssassin 2.4
One of the many reasons I never put an A record on a domain name. I had a
hell of a conversion at an ISP I consult with when they moved from a one
server to many server setup. Previously they'd advertised domain.tld for
*everything*; MX, www, POP, SMTP, you name it. Everything was domain.tld.
T
Rich,
I have a suggestion for your scripts that would make the grepping far less
CPU intensive in my experience. With your current setup your grepping the
entire file at each running. I use the logtail part of the logcheck
package to keep tabs on appenging log files. logtail records an offset
I haven't found it yet. I'm pretty sure the discussion against it was in
O'Reilly's "TCP/IP Network Administration". I've browsed through it in my
spare time and didn't find it. The worst problem with this is when users
don't know you, say FTP server's address and give domain.tld a whirl. It
m
I'm not the Justin you're trying to talk to but I have an opinion on this
anyhow. :) I'mm strongly against giving a postive score to ANY mail
client. I'm against positive scores in general really. They just open
more doors for spammers to abuse. Everytime one of them finds a new
little trick l
On Thu, 10 Oct 2002, Theo Van Dinter wrote:
> On Thu, Oct 10, 2002 at 08:53:15AM -0500, [EMAIL PROTECTED] wrote:
> > increase in spam. Positive scores are flawed IMHO.
>
> I'm going to stay out of the discussion (for now at least), but I just
> want to inform people that they're using incorrect
Can anyone give me any ideas why SA is so inconsistent between different
releases? For example I picked a spam to test a new installation of SA
with. It had scored over 10 on a previous install. When the message
arrived on my new box, it was scored at only 8.4. I downgraded to 2.40
and tried i
On 13 Oct 2002, Daniel Quinlan wrote:
> [EMAIL PROTECTED] writes:
>
> > Can anyone give me any ideas why SA is so inconsistent between different
> > releases? For example I picked a spam to test a new installation of SA
> > with. It had scored over 10 on a previous install. When the message
>
On Mon, 14 Oct 2002, Mike Schrauder wrote:
> If I wanted to change the subject of spam to say *SPAM=14.3* instead of
> *SPAM* site wide, is that possible? Is there a way to use the score as a
>variable in a config file?
> Where would I set up the way the subject gets altered by
I heard of a similar idea a while back. The nice thing about it is that
it avoided all possible legal problems. It also consumed some resources
on your MTA but it is surely doable. The trick was that as soon as you've
identified that the message is spam during you MTA's conversation, slow
the c
One thing I always do on my MTAs that use DNSBls is only use zone
transfers of blacklists on my DNS server. I currently use 7 DNSBls from
Sendmail, only 2 commercial lists. That brings the total DNS queries for
each message to around 10. Now I don't deal with tons of mail per day,
compared to s
On Wed, 16 Oct 2002, Theo Van Dinter wrote:
> On Wed, Oct 16, 2002 at 09:47:52AM -0500, [EMAIL PROTECTED] wrote:
> > So, why did I get SpamAssassin headers when I didn't have spamd running?
>
> The answer is that it's being scanned elsewhere. For instance, I
> receive mails (currently ~4% of my
On Wed, 16 Oct 2002, Tim Provencio wrote:
> Is there a way to add the scores to the tests that were done? For example,
> in the following it does report the number of hits the required and the test
> but is it possible to display the score of each test similar to as it does
> in the case of Spam
On Sat, 12 Oct 2002, Jonathan Nichols wrote:
> > >
> > > Rich's idea is pretty cool, and I have it running
> > > here: http://dumpster.pbp.net/~mrtg/spam/
> > >
> > > However, the count just keeps growing.. I'm not quite sure what to make of
> > > the graphs. :-)
> >
> > Remove 'gauge' from the o
Or a spammers adds a Received line that makes it appears as if the message
was relayed through bondedsender.com. Easily done. To the best of my
knowledge, I think DNSBl lookups are only done on the IP communicating
with your MTA. That's what I've always experienced with the DNSBls I use
from Sen
Interesting. I wouldn't have expected SA to do that. It makes me wonder
if that's really a good thing. The last (most recent) Received line is
usually the only one you can trust (unless you have a anti-virus or pure
email gateway ahead of your primary MTA). Beyond that they are to be
taken with
I'm using this on a test box at the moment.
SPAM_DIR=/var/mail/spool/quarantine/spam
LOGFILE=/tmp/spam.log
:0c
{
:0:
* ^X-Spam-Score: \*\*\*\*\*.*
$SPAM_DIR
}
The checks a copy of each message and dumps it into $SPAM_DIR if it
matches >= 5. In the end I'll make this >= 10
On Thu, 17 Oct 2002, Kenneth Chen wrote:
> Hey Justin:
>
> Thanks for your answer! I'm curious about something else, though: does
> your procmail recipe say (in words) "Take whatever has 5 stars OR more and
> pipe it to /dev/null?" I'm wondering about that last part with the *.*.
That's what t
On Fri, 18 Oct 2002, Theo Van Dinter wrote:
> On Fri, Oct 18, 2002 at 01:52:31PM -0400, Matt Kettler wrote:
> > The Nigerian scam rules need a serious revisiting. These spams are mutating
> > to avoid the high-scoring rules, and the "general" rules like
> > NIGERIAN_TRANSACTION1 hit a modest amo
On Sat, 19 Oct 2002, Jeremy Kister wrote:
> > Just autowhitelist the guy. In your ~/.spamassassin/user_prefs (or
> > wherever your user_prefs file is located), add this line:
>
> I run SpamAssassin over vpopmail on qmail1.03.. Not only do white lists not
> work on an individual popbox, but i wou
On Sat, 19 Oct 2002, Mike Burger wrote:
> Well, since most people I know aren't stupid enough to type their email in
> all caps, I don't have to worry about those getting flagged as spam.
>
> If you've got people who email you in that manner, you might want to
> remind them that doing so is aki
On Thu, 24 Oct 2002, Matthew Cline wrote:
> On Wednesday 23 October 2002 11:56 pm, Tony Johansson wrote:
> > Hello,
> >
> > Does spamassassin protect against hoaxes?
>
> It has some rules to detect Nigerian type scams, though it's been less
> effective at that recently since they've been mutatin
On Thu, 24 Oct 2002 [EMAIL PROTECTED] wrote:
> Hello all,
>
> My goal today is to get this filtering working on my 4 mail servers.
> Just a summary of my situation. I dont know if anyone is using this is a heavy
> production environment ( I assume so ) but I am running 4 Quad Xeon servers (1
> G
*plonk*
Can you say glutens for punishment?
---
This sf.net email is sponsored by: Influence the future
of Java(TM) technology. Join the Java Community
Process(SM) (JCP(SM)) program now.
http://ads.sourceforge.net/cgi-bin/redirect.pl?sun
Would it be worthwhile to write a rule to catch messages that contain mail
with the common "go to this server to be removed" domains like these?
businessinfo-center.com
technostor.com
81832.com
autoemailremoval.com
removeyou.com
worldremove.com
removeregister.com
listwasher.org
theremovelist.org
v
This is a bad choice for a port IMHO. Frankly every firewall I set up
(and have seen up close) blocks tcp/udp 1-19. Those services have no
purpose on the Internet at large IMHO. They are plagued with security
issues and under-maintained source projects.
I wonder if Razor will fail if tcp/7 is b
On Mon, 21 Oct 2002, William H. Haller wrote:
> Could PORN_WORDS be pulled out of the main distribution to a separate
> file that could be checked for on upgrade and not written over?
I don't imagine that would be a possibility but I really can't that with
any certainty. However I wonder if it w
Could someone remind me where I can report FPs to? These would be
messages scored over 5 that aren't spam. I had an interesting one last
night. :)
Justin
---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgee
I need to remove a sentence from the report SA generates. Specifically
the part about "This mail is probably spam.". Apparently it's confusing
some of my users. I'm using MIMEDefang as the milter glue but
unfortunately can't find a way to remove that line there. Is there any
way to do this from
On Sat, 7 Dec 2002 [EMAIL PROTECTED] wrote:
> If you are running version 2.31 (under linux), the change you need to make
> is in the following file:
>
> /usr/share/spamassassin/10_misc.cf
>
> on line 12 it states:
>
> report This mail is probably spam. The original message has been altered
>
On Sun, 8 Dec 2002, Mike Leone wrote:
> [EMAIL PROTECTED] ([EMAIL PROTECTED]) had this to say on 12/07/02
>at 20:06:
> > I need to remove a sentence from the report SA generates. Specifically
> > the part about "This mail is probably spam.". Apparently it's confusing
> > some of my users. I'm
On Sun, 8 Dec 2002, Justin Mason wrote:
>
> Patrick Bores said:
>
> > I have noticed that most of the NS records for these spammers are the
> > same or similar. Would it be too expensive to do a quick lookup of NS
> > records to block these guys?
>
> no, I don't think so -- it sounds like a v
On Sun, 8 Dec 2002, Mike Burger wrote:
> If we're looking at methods to deal with HSM and its ilk, AdPro should
> also be added to the list, if it's not, already. Seems that they're using
> the same tactics as HSM, containing their spam in an image file rather
> than in text.
For what it's wo
On Sun, 8 Dec 2002, Mike Burger wrote:
> I'm already doing that, myself. But they register so many domains
> that it's sometimes hard to keep up with the list.
>
> Out of curiosity..I've been rejecting with a code of 550...what's the
> difference between 550 and 553?
They both have specific
On Sun, 8 Dec 2002, Harold Hallikainen wrote:
> With regard to section B, above, is there currently a recognized automatic
> notification by sendmail or other MTAs that spam is not accepted?
I make it clear in my HELO string that UCE isn't welcome on my servers.
Spammers don't read bounces or
It's a basic banner. There's no other place to stick it. Perhaps a
generic telnet banner would also suffice (which is highly recommended by
just about every security book/whitepaper out there. By putting it in the
HELO string and saying about "by continuing the connection you signify
consent" I
Howdy all. Could someone give me some insight on how to add additional
DNSBLs? I see the DNSBL lines in 20_head_tests.cf and would like to add
to that but I don't want my changes to be overwritten upon upgrade. IIRC
this is where /etc/mail/spamassassin/local.cf comes in. However let me
through
On Tue, 7 Jan 2003, Barry Jaspan wrote:
> Everyone, please calm down!
>
> The amount of confusion on this list is staggering. One very important
> point that many people seem to be missing:
>
> Network Associates did *not* buy SpamAssassin!
>
> NAI bought Deersoft, Inc. Deersoft develops and
I have a very large list of spammers' domains and netblocks as well as
pro-spam ISPs (like Broadwing). Just yesterday I was working on a script
to recombine multiple files into a full access list so I could move the
RELAY, OK, SPAMFRIEND, and my 553 Spammer's stick it lines into seperate
files. T
39 matches
Mail list logo