The Apache SpamAssassin project is looking to get in touch with large
companies (Fortune 1000) or large user installations (roughly 100,000
users or higher) that are happy using SpamAssassin and might not mind
telling the world that they are. We're aware of some, but we suspect
there are a lot mor
Hi
the only thing in procmailrc is the spamd lines and an includerc for
virussnagger which i have been thru and cannot see any references to
**Bounced** so i assume its one the spamassassin rules.
Mark
- Original Message -
From: "Kai Schaetzl" <[EMAIL PROTECTED]>
To:
Sent: Saturday, Se
On Sat, Sep 11, 2004 at 03:07:32PM -0400, Kevin Old wrote:
> [EMAIL PROTECTED] .spamassassin]# spamassassin -D --lint
> --config-file=/etc/MailScanner/spam.assassin.prefs.conf
[...]
> debug: using "/etc/MailScanner/spam.assassin.prefs.conf" for default rules dir
[...]
> cannot open languages: No su
Obantec Support wrote on Sat, 11 Sep 2004 20:03:10 +0100:
> Since there is no path etc where is the config for this "Folder"?
>
in the .procmailrc ? It's got really nothing to do with SA.
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.co
Matt Kettler <[EMAIL PROTECTED]> writes:
> At 07:31 AM 9/10/2004, Gustafson, Tim wrote:
> >What I'm worried about is that I have so many more SPAM than HAM messages.
> >Is this dangerous?
>
> No, in fact it's closer to optimal than a 50-50 mix is...
>
> Remember, Bayes is a statistical system..
"Kai Schaetzl" <[EMAIL PROTECTED]> writes:
> For about a week I've been seeing SA time-outs in MailScanner (120 sec
> time-out) and on investigating it seems the reason are extremely large
> bayes journal files. I ran "sa-learn -D --sync" and that took quite long,
> about two minutes. As I unde
Robert Menschel <[EMAIL PROTECTED]> writes:
> On Sept 9, Daniel Quinlan added a note to the bottom of
> http://wiki.apache.org/spamassassin/ContributingNewRules (the stuff
> within the parentheses).
>
> > You can also post your SpamAssassinRules to the SARE forums at
> > http://www.rulesemporium.
On Sept 9, Daniel Quinlan added a note to the bottom of
http://wiki.apache.org/spamassassin/ContributingNewRules (the stuff
within the parentheses).
> You can also post your SpamAssassinRules to the SARE forums at
> http://www.rulesemporium.com/forums/ -- SARE will test rules that seem
> promising
--On Saturday, September 11, 2004 12:10 PM -0700 John Hardin
<[EMAIL PROTECTED]> wrote:
Unfortunately, unless the tarpit responds to the first packet with a
SMTP welcome banner, the connection won't be tarpitted for longer than
the "wait for SMTP welcome" timeout in the client. You need to convin
Spammer apparently is using [EMAIL PROTECTED] in the FROm
field of the emails he is sending out. Domain is one of my customers
virtual domain, spammer made up the username in the email address. Now
I am getting burried by mail notifications returning to
sender...obviously wrong person.
How do
On Sat, 2004-09-11 at 00:09, Kenneth Porter wrote:
> --On Friday, September 10, 2004 10:05 PM -0700 Jeff Chan <[EMAIL PROTECTED]>
> wrote:
>
> > Sounds like a good application for a tarpit, i.e.:
> >
> > http://www.spamcannibal.org/
>
> Good idea. Alas, the FC2 kernel lacks the netfilter tarpi
Hello eveyrone,
I have SA 2.64 and am trying to run a simple --lint test, but am
getting the error message below. I am running RH 9 and have set
$LANG=en_US and have "ok_languages" set to "en" in MailScanners
spam.assassin.prefs.conf file.
[EMAIL PROTECTED] .spamassassin]# spamassassin -D --lin
On Fri, 2004-09-10 at 17:12, Kelson wrote:
> John Hardin wrote:
> > I.E.: get an email that passes SPF, and scores high. Look at the
> > relevant SPF record and blacklist/high-score all of the hosts it states
> > are valid sources for that sender domain.
>
> Bad, *bad* idea. You're inviting DOSes
Hi
Just upgraded from 2.60 to 2.64 and some emails are marked to go to folder
**Bounced** in procmail log
i.e
Subject: JUST 25 Dollars for cartons of Marlboro, Camel, Kool,
Winston,Salem,
Folder: **Bounced**4325
Since there is no path etc where is the config for this "Folder"?
Mark
--
Ob
Hi!
Welcome to the real world, this is you wakeup call ;)
This is happening all the time, not much you can do about this. A
countermeasuer could be using SPF records, so people at least have a way
to check if its you or not.
Or you could get a digital ID and sign all your outgoing mails :)
Sure,
> Hi!
>
>> Spammer apparently is using [EMAIL PROTECTED] in the FROm field
>> of
>> the emails he is sending out. Domain is one of my customers virtual
>> domain,
>> spammer made up the username in the email address. Now I am getting
>> burried
>> by mail notifications returning to sender...obvi
Hi!
Spammer apparently is using [EMAIL PROTECTED] in the FROm field of
the emails he is sending out. Domain is one of my customers virtual domain,
spammer made up the username in the email address. Now I am getting burried
by mail notifications returning to sender...obviously wrong person.
How
At 11:47 AM 9/11/2004 -0500, you wrote:
Spammer apparently is using [EMAIL PROTECTED] in the FROm field of
the emails he is sending out. Domain is one of my customers virtual
domain, spammer made up the username in the email address. Now I am
getting burried by mail notifications returning to s
At 09:11 AM 9/11/2004 -0500, you wrote:
So far I have
[EMAIL PROTECTED]
users@spamassassin.apache.org
users@spamassassin.apache.org is the current list address, however the old
incubator address still forwards.
Trying to filter all mail to this list.
Don't use the To: address field, use the List
Spammer apparently is using [EMAIL PROTECTED] in the FROm field
of the emails he is sending out. Domain is one of my customers virtual
domain, spammer made up the username in the email address. Now I am
getting burried by mail notifications returning to sender...obviously
wrong person.
How do
At 06:11 PM 9/10/2004 -0400, Kevin Old wrote:
Anyone have ideas why I'd be seeing these messages all of a sudden on
a 2.64 installation with no changes?
Sep 10 18:07:49 s15111287 MailScanner[28540]: SpamAssassin timed out
and was killed, failure 13 of 20
Sep 10 18:07:50 s15111287 MailScanner[28540]
[NOOB warning here!]
I am on a small lousy isp (named above) and get _no_mail_ I want with
another ntlworld.ie address on it. Spammers bulk mail to each server for
efficiency. Punishing a second address on your isp would be stupid in
the extreme on other servers (e.g. aol.com) but a very good idea
Mike Burger wrote:
The problem, however, is that SPF's usability also relies on MX records.
In my case, I have 2 MX records, and my SPF record is set up thusly:
"v=spf1 a mx -all"
Essentially saying that all my MX records are valid senders, as well.
All the spammer has to do is list those server
On Sat, 11 Sep 2004, Codger wrote:
> I don't think it would make any difference if the spammer listed any
> other servers in HIS DNS SPF records. Your server won't look at his DNS
> for yahoo's SPF records. That's what SPF is all about. It gives the
> owner of the domain name exclusive ability
Robert Nicholson wrote on Sat, 11 Sep 2004 09:11:26 -0500:
> users@spamassassin.apache.org
>
only this, the other one is obsolete for a few weeks now.
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & http://m
Robert Nicholson wrote:
So far I have
[EMAIL PROTECTED]
users@spamassassin.apache.org
Trying to filter all mail to this list.
Howdy Robert,
Does your mail client allow you to filter on the headers? I use
List-ID: contains the string [EMAIL PROTECTED]
--
-tom
For about a week I've been seeing SA time-outs in MailScanner (120 sec
time-out) and on investigating it seems the reason are extremely large
bayes journal files. I ran "sa-learn -D --sync" and that took quite long,
about two minutes. As I understand SA should try to sync once a day? So,
it see
So far I have
[EMAIL PROTECTED]
users@spamassassin.apache.org
Trying to filter all mail to this list.
On Saturday, September 11, 2004, 6:32:59 AM, Kai Schaetzl wrote:
> Jeff Chan wrote on Sat, 11 Sep 2004 03:30:20 -0700:
>> We already handle domain names and IP addresses that appear in
>> URIs. If IPv6 is ever globally routable and referred to un
>> URIs, we will handle them also.
> Ah, I see. S
On Saturday, September 11, 2004, 6:32:57 AM, Kai Schaetzl wrote:
> There are RBL time-outs for
> local.cf, but they don't apply to URIDNSBL since this is a separate
> module.
Here's a timeout mentioned in URIDNSBL.pm:
http://spamassassin.apache.org/full/3.0.x/dist/lib/Mail/SpamAssassin/Plugin/
From: "John Hardin" <[EMAIL PROTECTED]>
> A thought: now that spammers are using SPF to "legitimize" their email,
> could *we* use it as a means to shut them down sooner?
>
> I.E.: get an email that passes SPF, and scores high. Look at the
> relevant SPF record and blacklist/high-score all of the
Kevin Old wrote on Fri, 10 Sep 2004 18:11:59 -0400:
> I'm using SURBLare there problems with the SURBL servers?
>
Probably not. Run an "sa-learn -D --sync" to see if it's bayes-related. We
are getting the same and it's somehow related to the journal. I just saw a
170 MB journal which sounds
Jeff Chan wrote on Sat, 11 Sep 2004 03:30:20 -0700:
> We already handle domain names and IP addresses that appear in
> URIs. If IPv6 is ever globally routable and referred to un
> URIs, we will handle them also.
Ah, I see. So, in this case you handle IPs as if they were domains?
>
> > 2. It's
Jeff Chan wrote on Sat, 11 Sep 2004 03:16:32 -0700:
> I would expect DNS timeouts are imposed by the application or
> operating system. I don't think anyone would allow these
> programs to run indefinitely due to the lack of a timeout
> value.
>
Jeff, you already answered my question with a simi
Hi,
I have been using spamassassin for some time alongside procmail (3.22-9),
postfix (2.1.1-3.MySQL.sasl2.tls.rh9) and mysql (4.0.20-0). I was running
2.63 until last week and all was fine and very stable until I upgraded to
2.64, when for some reason SQL options were being ignored.
Procmail pas
On Saturday, September 11, 2004, 2:51:31 AM, Kai Schaetzl wrote:
> Jeff Chan wrote on Fri, 10 Sep 2004 07:43:39 -0700:
>> If you're talking about adding resolved IP addresses to SURBLs,
>> no we're not going to do that. :-(
>>
>> What I'm talking about is an internal process where we keep track
On Saturday, September 11, 2004, 2:51:38 AM, Kai Schaetzl wrote:
> But, there's still my concern about SURBL timeouts. It seems there's no
> way to specify SURBL timeouts. Is this true? If so, this is an absolute
> must to add in the URIDNSBL module. DNS timeouts for the other RBL lookups
> are a
Jeff Chan wrote on Mon, 6 Sep 2004 18:25:48 -0700:
> I assume all programs are subject to some kind of DNS lookup
> timeouts either in the application or an external resolver.
> RBL lookups in general should be quite fast and cached. If
> something is taking longer than 120 seconds it's probably
Jeff Chan wrote on Fri, 10 Sep 2004 07:43:39 -0700:
> If you're talking about adding resolved IP addresses to SURBLs,
> no we're not going to do that. :-(
>
> What I'm talking about is an internal process where we keep track
> of resolved IP addresses and use that to add new domains to
> SURBLs
Ryan Thompson wrote on Thu, 9 Sep 2004 15:56:19 -0600 (CST):
> IIRC, .com is up to about 25M domains, and it's way, way higher than the
> other gTLDs (and light years beyond ccTLDs).
It's not really light years. You will have to add at least the same amount
for all other TLDs. And how do you wan
--On Friday, September 10, 2004 10:05 PM -0700 Jeff Chan <[EMAIL PROTECTED]>
wrote:
Sounds like a good application for a tarpit, i.e.:
http://www.spamcannibal.org/
Good idea. Alas, the FC2 kernel lacks the netfilter tarpit module.
Otherwise I could say something like "iptables -s nasty-spammer
I don't think it would make any difference if the spammer listed any
other servers in HIS DNS SPF records. Your server won't look at his DNS
for yahoo's SPF records. That's what SPF is all about. It gives the
owner of the domain name exclusive ability to say who is and is not a
valid sender for
On Friday, September 10, 2004, 9:35:26 PM, Kenneth Porter wrote:
> I've been getting the same bad RCPT TO from 200.232.195.50 for the last 13
> hours. I can see the same sendmail process in /var/log/maillog for that
> amount of time, with "last message repeated xxx times" a lot. I tcpdump'd
> th
I've been getting the same bad RCPT TO from 200.232.195.50 for the last 13
hours. I can see the same sendmail process in /var/log/maillog for that
amount of time, with "last message repeated xxx times" a lot. I tcpdump'd
the connection and see the RCPT TO and rejection over and over. (System is
On Sep 10, 2004 at 16:52, John Hardin wrote:
>A thought: now that spammers are using SPF to "legitimize" their email,
>could *we* use it as a means to shut them down sooner?
That's the point, as I understand it.
>I.E.: get an email that passes SPF, and scores high. Look at the
>relevant SPF reco
John Hardin wrote:
A thought: now that spammers are using SPF to "legitimize" their email,
could *we* use it as a means to shut them down sooner?
I.E.: get an email that passes SPF, and scores high. Look at the
relevant SPF record and blacklist/high-score all of the hosts it states
are valid source
46 matches
Mail list logo
