On 3/23/2005 12:01 PM, Matt wrote:
> Another thing is I have several domains. One is from our dialup ISP 10
> years old. It has several email addresses that are dead and receive
> nothing but junk and lots of it. About 20 pieces or more an hour. Is
> there anyway I can use these to improve t
Hi!
We are receiving a lot of faked emails from outside using our own domain
using Dictonary Attacks from the same source IP.
Does anybody know a way (or a trap) to detect and block it ?
The same source ip? What about iptables? ;)
Bye,
Raymond.
On 3/23/2005 4:16 PM, Matt Kettler wrote:
> Daniel A. de Araujo wrote:
>
>>Thanks Matt. The 2nd option looks fine, but we use Postfix. Do u (or
>>somebody) know how to implement this option at Postfix ?
>
> Try looking at smtpd_error_sleep_time and smtpd_soft_error_limit at this
> page:
>
> htt
Norman Zhang wrote:
>
> Thanks. I guess false positives will be tagged SPAM and not be
> automatically deleted?
>
> rewrite_header Subject [SPAM]
> report_safe 0
> use_bayes 1
> auto_learn 1
Yep, unless you've got some other tool configured to delete the
messages. SpamAssassin itself is cannot de
Matt Kettler wrote:
200 of each. The choice of 200 is slightly arbitrary, but the basic gist
is that SA can't effectively use bayes until it's seen a reasonable
sample of both kinds of email.
In the extreme, if you tried to use bayes after you gave it 200 spams
and 0 ham messages, everything would
Norman Zhang wrote:
> Matt Kettler wrote:
>
>>> I noticed I needed to train Bayes with 200 SPAM/HAM before it
>>> functions. Does SA function without Bayes?
>>
>>
>> Yes, SpamAssassin can run without bayes.
>
>
> For Bayes training, is 200 SPAM and 200 HAM or 200 all together?
200 of each. The ch
On Wed, Mar 23, 2005 at 02:14:38PM -0800, Norman Zhang wrote:
> For Bayes training, is 200 SPAM and 200 HAM or 200 all together?
each.
--
Randomly Generated Tagline:
If a fly has no wings would you call him a walk?
pgp2n9XbVm0Fl.pgp
Description: PGP signature
Matt Kettler wrote:
I noticed I needed to train Bayes with 200 SPAM/HAM before it
functions. Does SA function without Bayes?
Yes, SpamAssassin can run without bayes.
For Bayes training, is 200 SPAM and 200 HAM or 200 all together?
Regards,
Norman Zhang
Daniel A. de Araujo wrote:
>Thanks Matt. The 2nd option looks fine, but we use Postfix. Do u (or
>somebody) know how to implement this option at Postfix ?
>
>
Try looking at smtpd_error_sleep_time and smtpd_soft_error_limit at this
page:
http://www.postfix.org/rate.html
I'm not really a postfi
Thanks Matt. The 2nd option looks fine, but we use Postfix. Do u (or
somebody) know how to implement this option at Postfix ?
txs
Daniel.
-Mensagem original-
De: Matt Kettler [mailto:[EMAIL PROTECTED]
Enviada em: quarta-feira, 23 de março de 2005 17:24
Para: Daniel A. de Araujo
Cc: user
extra rules from www.rulesemporium.com/rules, auto updated with
rules_du_jour.
make sure the surbl URI-RBL's are active.
They are. Which rule sets should I choose from those below? This domain is
for a small ISP so has a diversity of users.
Thanks.
Matt
# Here are some of the rulesets include
Daniel A. de Araujo wrote:
> Hi Guys,
>
>
> We are receiving a lot of faked emails from outside using our own
> domain using Dictonary Attacks from the same source IP.
> Does anybody know a way (or a trap) to detect and block it ?
Several options to deal with it, with varying degrees of effic
It was cleared 6 days ago. It has 958 messages in it now. So its about 160
messages a day and not any good ones. Not quite as many as I originally
thought but still a lot. The previous owner had the email account
completely disabled for a couple years due to the spam. I renabled it just
to
Hi
Guys,
We are receiving a
lot of faked emails from outside using our own domain using
Dictonary Attacks from the same source IP.
Does anybody know a
way (or a trap) to detect and block it ?
Thanks,
Daniel
Araujo.
Esta mensagem eletronica (e qualquer anexo) e confidencial e endereca
| > Another thing is I have several domains. One is from our dialup ISP
| > 10 years old. It has several email addresses that are dead and
| > receive nothing but junk and lots of it. About 20 pieces or more an
| > hour. Is there anyway I can use these to improve the effectiveness
| > of Spamas
This reminded me of this page I read the other day. ;-) (no offense)
http://www.rhyolite.com/anti-spam/you-might-be.html
It's an amusing read if anyone hasn't seen it yet.
> Two of the great things I have gleaned from this list are:
>
> 1. Greylisting is reported to stop upwards of 80-90% of
Bob McClure Jr wrote:
>Two of the great things I have gleaned from this list are:
>
>1. Greylisting is reported to stop upwards of 80-90% of the spam from
> even coming in the door. The downside is the likely delays imposed
> on the rest of the mail, maybe in terms of hours.
>
>2. Spammers se
Some folks might be interested in the updated detailed install
instructions on the wiki.
I've added sections on setting up a LearnAsSpam IMAP folder that's
remotely processed. This is the best solution I've seen for integrating
SpamAssassin with end-users on an Exchange server.
http://wiki.apache
Two of the great things I have gleaned from this list are:
1. Greylisting is reported to stop upwards of 80-90% of the spam from
even coming in the door. The downside is the likely delays imposed
on the rest of the mail, maybe in terms of hours.
2. Spammers seem to be attracted to secondar
Justin Mason wrote:
Stuart Johnston writes:
I have been receiving pill spams lately that have an ampersand encoded
in the URL. This seems to confuse URIDNSBL and results in the message
passing through. A debug output shows this:
debug: uri found:
http://www.awt&fdaojj.com.easysimpleRx-munged.
And what is the dummy record? If it's not valid (i.e. and unroutable IP
such as the 10,192, 172 blocks, then it might get routed back to the
client's internal network. If it's a public IP it can be worse. Say
you route it to a dummy IP owned by you and there isn't anything on
there and one day y
Matt wrote:
> When I first updated to Spamassassin 3.0.2 in December it worked
> great and stopped 95% of my junk. Now its down to about 65%
SURBL is very effective for me. Maybe your Bayes is out of whack? Try
deleting the DB and letting it reinitialize.
> It sure would be nice if the rules
I solved the problem
thanks anyway
> -Original Message-
> From: Philipp Snizek [mailto:[EMAIL PROTECTED]
> Sent: Mittwoch, 23. März 2005 15:28
> To: users@spamassassin.apache.org
> Subject: RE: /var/lib/mysql/mysql.sock
>
> I try to be a bit more specific.
>
> Mar 23 15:26:36 godfella
Hi,
I have 2 server in the same subnet. Can I just copy the Bayes DB (seen,
tokens) from 1 to another and expect it to work? I guess it will be off
by a little bit.
Regards,
Norman Zhang
Matt
extra rules from www.rulesemporium.com/rules, auto updated with
rules_du_jour.
make sure the surbl URI-RBL's are active.
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
Matt wrote:
When I first updated to Spamassassin 3.0.2 in December it worked great
When I first updated to Spamassassin 3.0.2 in December it worked great and
stopped 95% of my junk. Now its down to about 65% and seems to be getting
worse. I guess its just a matter of the Spammers having a copy of there own
and tweaking there spam for a low score. Has anyone else noticed thi
On Tue, 22 Mar 2005, List Mail User stipulated:
> 2) If you do mone than 10K messages a day, make your server "stub"
> the roots of the bl domains.
I'd be amazed if this was useful: if you're querying them, your nameserver
should have queried them and cached them as a side-effect of
I think you have something here. Checking the maildroprc script shows it
calling spamassassin instead of spamc. Changing this and restarting Courier
now gives me log messages in the new log file defined by syslog.conf.
Thanks for the insight!
Matt Kettler writes:
At 09:58 PM 3/22/2005, you
>>From [EMAIL PROTECTED] Wed Mar 23 08:41:38 2005
>To: List Mail User <[EMAIL PROTECTED]>
>Cc: [EMAIL PROTECTED], users@spamassassin.apache.org
>Subject: Re: Excessive DNS Requests
>...
>From: Nix <[EMAIL PROTECTED]>
>...
>...
>Date: Wed, 23 Mar 2005 16:41:22 +
>
>On Tue, 22 Mar 2005, List Mail
sa-list wrote:
> I am using Courier and Maildrop. The scanning seems to be working
> since I can see the header information and I have SA configured to
> "rewrite_header" and this is happening correctly for spam with scores
> higher than 5.0.
> Does this answer your question? What else would you n
I don't want to start a flame war but I would like to implement both. I
just want to do one at a time and would like to know which is better in your
opinion.
TIA,
I try to be a bit more specific.
Mar 23 15:26:36 godfella spamd[4473]: failed to load user
([EMAIL PROTECTED]) scores from SQL database: SQL Error: Can't
connect to local MySQL server through socket
'/var/lib/mysql/mysql.sock' (13)
The socket is new located in /tmp/mysql.sock. I can now perfectl
Hi
I had to move /var/lib/mysql/mysql.sock to /tmp/mysql.sock.
SpamAssassin still wants to connect to /var/lib/mysql/mysql.sock.
This, of course, fails now.
How can I change the SA config to /tmp/mysql.sock?
Thanks
Philipp
I am using Courier and Maildrop. The scanning seems to be working since I
can see the header information and I have SA configured to "rewrite_header"
and this is happening correctly for spam with scores higher than 5.0.
Does this answer your question? What else would you need to see to have a
On 22 Mar 2005 Robert Markin ([EMAIL PROTECTED]) wrote:
This should probably be obvious, but I cannot seem to come up with an easy
way to quickly scan and delete the email that makes it into my spam trap
folders.
RH9 machine (accessed via SSH, Webmin, IMAP or POP3).
Procmail sends all mail detec
> What is going on here?
Good question.
> So why does spamd say that
> Vicki Brown <[EMAIL PROTECTED]> !~ /(?:[EMAIL PROTECTED]|[EMAIL
> PROTECTED])\.com/i
>
> I ran this through vanilla Perl and
> Vicki Brown <[EMAIL PROTECTED]> =~ /(?:[EMAIL PROTECTED]|[EMAIL
> PROTECTED])\.com/i
I ran b
--On Monday, March 21, 2005 3:03 PM -0500 "Rosenbaum, Larry M."
<[EMAIL PROTECTED]> wrote:
SpamAssassin v3.0.2, Perl 5.8.5 on Solaris 9
SunOS spam2 5.9 Generic_118558-02 sun4u sparc SUNW,Ultra-4
We recently installed SpamAssassin 3.0.2 on a Solaris 9 system. We are
starting spamd from /etc/rc2.
At 09:58 PM 3/22/2005, you wrote:
I am having problems getting logging to work.
I changed the configuration to use syslog hoping it would start logging
the spamd messages. Before setting up syslog for this, I did not get any
of the messages in maillog either.
The syslog settings seem to be worki
Sunny
depends where the problem is and what you mean by the phishing emails
getting through?
1. Ask on the MailScanner list, I'll be there too..
2. use the free ClamAV anti-virus system, this is quite good at
catchingthis stuff.
3. Do you mean the MS phishing net or actual phishing emails?
--
M
On Wednesday 23 March 2005 03:47, List Mail User typed:
> Several people have suggested it. Clearly it is just my latent
> paranoia that make me think this way. (Notice, everybody adds "yet";
> Though it would take a stupid spammer to purposely target this list, such
> creatures do exist. Also,
Vicki Brown wrote:
What is going on here?
The rule
header CF_NOT_FOR_METoCc !~
/(?:[EMAIL PROTECTED]|[EMAIL PROTECTED])\.com/i
score CF_NOT_FOR_ME 0.01
describe CF_NOT_FOR_ME Neither To nor Cc me
Vicki,
You're using a negated OR test, you want to use a negated A
On Tuesday, March 22, 2005, 10:58:30 AM, Sunny Forro wrote:
> Hello,
> I've got a problem. I've got a lot of phishing attacks making it
> through my mailscanner setup. I do have phishing fraud detection turned
> on, and I have not modifed the phishing safe sites list. Most(if not
> all) of
What is going on here?
The rule
header CF_NOT_FOR_METoCc !~
/(?:[EMAIL PROTECTED]|[EMAIL PROTECTED])\.com/i
score CF_NOT_FOR_ME 0.01
describe CF_NOT_FOR_ME Neither To nor Cc me
The mail
Received: from moutng.kundenserver.de (moutng.kundenserver.de
[212.227.126.
On Tue, Mar 22, 2005 at 05:00:12PM -0800, Robert Markin wrote:
> This should probably be obvious, but I cannot seem to come up with an
> easy way to quickly scan and delete the email that makes it into my spam
> trap folders.
>
> RH9 machine (accessed via SSH, Webmin, IMAP or POP3).
> Procmail s
>...
>> >
>> >This header is relatively stable:
>> >
>> >List-Id:
>> >
>> >Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
>> >Hispanic Business Inc./HireDiversity.com Software Engineer
>> >perl -e"map{y/a-z/l-za-k/;print}shift" "Jjhi pcdiwtg Ptga wprztg,"
>> >
>> And t
From: "List Mail User" <[EMAIL PROTECTED]>
> >...
> >Subject: RE: How do I whitelist this list?
> >Date: Tue, 22 Mar 2005 16:25:54 -0800
> >...
> >From: <[EMAIL PROTECTED]>
> >To: <[EMAIL PROTECTED]>,
> >...
> >
> >Loren Wilton wrote:
> >> Normally this would work very well, but this list changes
I am having problems getting logging to work.
I am using SA 3.02 on RHEL3. SA is working. Mail headers show the headers
such as:
X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on server.domain.org
X-Spam-Level:
X-Spam-Status: No, score=-2.5 required=5.0 tests=BAYES_00,
SGID_FROM_MTA_
List Mail User wrote:
...
Subject: RE: How do I whitelist this list?
Date: Tue, 22 Mar 2005 16:25:54 -0800
...
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>,
...
Loren Wilton wrote:
Normally this would work very well, but this list changes its name and
description and other characteristics so
>...
>Subject: RE: How do I whitelist this list?
>Date: Tue, 22 Mar 2005 16:25:54 -0800
>...
>From: <[EMAIL PROTECTED]>
>To: <[EMAIL PROTECTED]>,
>...
>
>Loren Wilton wrote:
>> Normally this would work very well, but this list changes its name and
>> description and other characteristics so often
Norman Zhang wrote:
> Hi,
>
> I see that spamassassin rules are installed at
>
> # ls /usr/share/spamassassin/
> 10_misc.cf 20_phrases.cf30_text_fr.cf
> 20_anti_ratware.cf 20_porn.cf 30_text_nl.cf
> 20_body_tests.cf 20_ratware.cf30_text_pl.cf
> 20_co
This should probably be obvious, but I cannot seem to come up with an
easy way to quickly scan and delete the email that makes it into my spam
trap folders.
RH9 machine (accessed via SSH, Webmin, IMAP or POP3).
Procmail sends all mail detected as spam by SA 3.0.0 to a
"probably-spam" file in th
Hi,
I see that spamassassin rules are installed at
# ls /usr/share/spamassassin/
10_misc.cf 20_phrases.cf30_text_fr.cf
20_anti_ratware.cf 20_porn.cf 30_text_nl.cf
20_body_tests.cf 20_ratware.cf30_text_pl.cf
20_compensate.cf 20_uri_tests.cf
>...
>Subject: Excessive DNS Requests
>From: lister lynch <[EMAIL PROTECTED]>
>To: users@spamassassin.apache.org
>
>Our ISP, Covad, is periodically claiming that we have excessive DNS
>requests and is threatening to turn off our service. It's primarily due
>to SA, I think. Looked around for answe
Matt Kettler wrote:
Daryl C. W. O'Shea wrote:
bayes_ignore_to users@spamassassin.apache.org
(along with a whitelist_to for the same address).
Doh! I guess it goes to show that AFAIK is more or less nothing :)
More like, just about everything. With the number of problems you solve
for people on
Matt Kettler wrote:
ip.guy wrote:
hi all
is anyone using qmailmrtg7 to graph spamassassin stats ?
i'm having problem with the logs spamassassin is trying to parse...
does qmailmrtg7 looking for syslog style spamassassin logs or spmad
specific logs?
if it's looking for spamd logs, where are they
Daryl C. W. O'Shea wrote:
> bayes_ignore_to users@spamassassin.apache.org
>
> (along with a whitelist_to for the same address).
Doh! I guess it goes to show that AFAIK is more or less nothing :)
From: "Kai Schaetzl" <[EMAIL PROTECTED]>
> > in a degree I have set my SA score to be more or less equal with the
> > BAYES_99 score (around 8).
>
> Your BAYES_99 score is 8? I would never do this. General rule is that no
single
> rule should be able to mark a message as ham or spam. That cries fo
> From: "David B Funk" <[EMAIL PROTECTED]>
>
> I augmented 70_sare_spoof.cf to improve its coverage, added more
> bank sites we've seen (EG: wamu.com, huntington.com, keybank.com
> hiberniainfo.com, etc).
If yould' be willing to share your rule enhancements with the rest of the
community, we'd be
Matt Kettler wrote:
This is exactly what i am trying to prevent. I really couldnt care
less if the list messages get marked as spam. What i DONT want to
happen is list messages to get autolearned as ham. Am i correct in
saying that adding the whitelist_from_rcvd will not prevent this from
happen
Are you using the SARE anti-spoof rules? We catch the ebay stuff pretty
well.
Loren
GRP Productions wrote on Fri, 18 Mar 2005 10:38:29 +0200:
> It seems SURBL is now enabled by default. It has also changed its name to
> URIDNSBL :-)
SURBL refers generally to those xx_SURBL rules and to URIDNSBL since the only
other distributed rules is SBL and SURBL started it all.
I do not
>...
>"whitelist_from_rcvd [EMAIL PROTECTED] apache.org" worked when I used static
>whitelists.
>
>I had a bunch of similar entries for various mailing lists in a big
>whitelists.cf file in /etc/mail/spamassassin
>
>
>--
>Eric A. Hallhttp://www.ehsco.com/
>
Loren Wilton wrote:
> Normally this would work very well, but this list changes its name and
> description and other characteristics so often (and without any
> announcement whatever!) that it was impossible to keep up with
> list-of-the-day syndrome.
This header is relatively stable:
List-Id:
From: "Robert Markin" <[EMAIL PROTECTED]>
> Hey everybody,
>
> RH9
> SA 3.0.0 (invoked by procmail spamc/spamd)
> Sendmail 8
> Procmail
>
> I tried to search for this on GMANE but was unsuccessful.
>
> I would like to know how some of you guys are whitelisiting this actual
> mailing list. I h
> I'll mention this again since i have yet to come up with a solution.
> While the above works great for people using procmail, does anyone have
> a solution that works without procmail? Im stuck passing all list
> traffic through SA because of this. Just this morning someone on this
I had a man
>...
>>
>> I'll mention this again since i have yet to come up with a solution.
>> While the above works great for people using procmail, does anyone have
>> a solution that works without procmail? Im stuck passing all list
>> traffic through SA because of this. Just this morning someone on t
67 matches
Mail list logo