Hi,
I want to use Spamassassin with Postfix-Mailscanner or
Postfix-amavisd for an ISP level spam filter.
All users are virtual, and I would like to give the users full control
for setting their rulesets
For eg,
A user must be able to set his own scores for the DRUGS_ERECTILE or
DCC_CHECKS.
Ramprasad A Padmanabhan wrote:
Hi,
I want to use Spamassassin with Postfix-Mailscanner or
Postfix-amavisd for an ISP level spam filter.
All users are virtual, and I would like to give the users full control
for setting their rulesets
For eg,
A user must be able to set his own scores for
Cannot write to /root/.spamassassin/user_prefs: Permission denied
/root/.spamassassin/ is world-writable (of course I can't leave it like
this, but apparently this error message points me to the wrong
direction.
FreeBSD 5.4, Spamassassin 3.0.3.
Everybody heard about before?
Regards
Peter
hi
SA is continually looking up my 3 mailhubs to our local DNS even though
i have them hardcoded into /etc/hosts and /etc/nsswitch.conf is
configured properly etc etc...
How can I make SA use the hosts file if such an option exists... anyone
else notice this behaviour??
ronan
--
On Thu, 2005-06-09 at 13:03 +0200, Peter Guhl wrote:
Cannot write to /root/.spamassassin/user_prefs: Permission denied
/root/.spamassassin/ is world-writable (of course I can't leave it like
this, but apparently this error message points me to the wrong
direction.
Nope, it was right. But it
On 6/9/2005 2:15 PM +0200, Ronan McGlue wrote:
hi
SA is continually looking up my 3 mailhubs to our local DNS even though
i have them hardcoded into /etc/hosts and /etc/nsswitch.conf is
configured properly etc etc...
How can I make SA use the hosts file if such an option exists... anyone
Niek wrote:
On 6/9/2005 2:15 PM +0200, Ronan McGlue wrote:
hi
SA is continually looking up my 3 mailhubs to our local DNS even
though i have them hardcoded into /etc/hosts and /etc/nsswitch.conf is
configured properly etc etc...
How can I make SA use the hosts file if such an option
On 6/9/2005 2:19 PM +0200, Ronan McGlue wrote:
sry should have added that the DNS order in /etc/resolv.conf is also
correct...
What order ? The nameservers are used randomly...
Niek Baakman
Niek wrote:
On 6/9/2005 2:19 PM +0200, Ronan McGlue wrote:
sry should have added that the DNS order in /etc/resolv.conf is also
correct...
What order ? The nameservers are used randomly...
again, my semantics need work... :S
the DNS *is in* order in /etc/resolv.conf...
anyclues as to
Peter Guhl wrote:
Nope, it was right. But it needed to explicitly own .spamassassin to
spamd:spamd. World-writable didn't work... (maybe /root is specially
protected?).
/root isn't protected specially, it is protected with file permissions.
You can't write to /root directory unless you
It seems, that for us at least, this is caused by Spamassassin scanning
larger (1mb) mails containing uuencoded files, without mime attachment
headers
or anything.
But this only seems to happen sometimes or when spamd has been running
for a little while, for if we feed an email that appears to
On Thursday, June 9, 2005, 5:32:23 AM, Ronan McGlue wrote:
Niek wrote:
On 6/9/2005 2:19 PM +0200, Ronan McGlue wrote:
sry should have added that the DNS order in /etc/resolv.conf is also
correct...
What order ? The nameservers are used randomly...
again, my semantics need work... :S
Jeff Chan wrote:
On Thursday, June 9, 2005, 5:32:23 AM, Ronan McGlue wrote:
Niek wrote:
On 6/9/2005 2:19 PM +0200, Ronan McGlue wrote:
sry should have added that the DNS order in /etc/resolv.conf is also
correct...
What order ? The nameservers are used randomly...
again, my semantics
Victor Brilon wrote:
--- Ronan McGlue [EMAIL PROTECTED] wrote:
yes, but BIND isnt running on the machine in
question... (atm)
The nets guys here are seeing a lot of lookups from
this SPAMD machine
for our mailhubs to the Local dns...
which is an extra couple of miliseconds i want to
avoid
At 08:32 AM 6/9/2005, Ronan McGlue wrote:
anyclues as to why SA isnt 'apparently' using the hosts file??
This is because SA doesn't use the system resolver, it uses Net::DNS's
resolver. This gives SA a lot of control over queries, but doesn't take
advantage of things like /etc/hosts, and
Matt Kettler wrote:
At 08:32 AM 6/9/2005, Ronan McGlue wrote:
anyclues as to why SA isnt 'apparently' using the hosts file??
This is because SA doesn't use the system resolver, it uses Net::DNS's
resolver. This gives SA a lot of control over queries, but doesn't take
advantage of things
Hi,
has anyone developed a good strategy against spams
that contain a random text and the actual spam in
an image within a multipart/alternative mail?
Short of entirely blocking mails containing images, that
is.
Regs,
Sven
--
BAGHUS GmbH
EDV und
Matt Kettler wrote:
At 08:32 AM 6/9/2005, Ronan McGlue wrote:
anyclues as to why SA isnt 'apparently' using the hosts file??
This is because SA doesn't use the system resolver, it uses
Net::DNS's
resolver. This gives SA a lot of control over queries, but doesn't
take
advantage of
Peter Guhl wrote:
Well, still... somehow I don't get why the software is running as spamd
and tries to write into /root. I wouldn't say anything if the sofware
inwvolved wasn't designed to cooperate (spamd, spamass-milter). But -
well, it works now.
Whatever is calling spamc (or interfacing
Ronan McGlue wrote:
This is because SA doesn't use the system resolver, it uses Net::DNS's
resolver. This gives SA a lot of control over queries, but doesn't
take advantage of things like /etc/hosts, and only uses your primary DNS.
ahhh ok
anyway i can hack it??
--On Thursday, June 09, 2005 11:03 AM -0400 Steven Dickenson
[EMAIL PROTECTED] wrote:
We run bind with no zones on our SA gateway to serve as a DNS cache.
Helps take a load off DNS lookups for common hosts. You can easily do
this with any other DNS daemon as well. Google for caching
has anyone developed a good strategy against spams
that contain a random text and the actual spam in
an image within a multipart/alternative mail?
Short of entirely blocking mails containing images, that
is.
SURBL, URIBL
SURBL is included in SA 3.x, so if you haven't upgraded, this might
-Original Message-
From: Sven Riedel [mailto:[EMAIL PROTECTED]
Sent: Thursday, June 09, 2005 10:19 AM
To: users@spamassassin.apache.org
Subject: Gif-Only spams
Hi,
has anyone developed a good strategy against spams
that contain a random text and the actual spam in
an image within a
Check out the interesting idea at www.rulesemporium.com/forums/
entitled: Image attachment MD5 footprint RBL
My only comment on a system like this is that it could be easily subverted.
A spammer could use automated image editting tools to randomly change some
aspect of the file that would
Hi!
I am installing a new email server with spamassin included,
but I would like to extract the database I have created
in my old spamassassin bayes database and copy it
to the new installation.
Is this possible?, what is the easier way to do this?
Of course both SA intallations are version
Kenneth Porter wrote:
If it's a Red Hat system (including Fedora), just install the
caching-nameserver RPM. It pulls in BIND and installs appropriate config
files. Then edit resolv.conf to point to localhost.
If it is a Debian system just install bind9 and the default
configuration is a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Thomas Jacob writes:
It seems, that for us at least, this is caused by Spamassassin scanning
larger (1mb) mails containing uuencoded files, without mime attachment
headers
or anything.
But this only seems to happen sometimes or when spamd has
--On Thursday, June 09, 2005 10:25 AM -0600 Bob Proulx [EMAIL PROTECTED]
wrote:
Kenneth Porter wrote:
If it's a Red Hat system (including Fedora), just install the
caching-nameserver RPM. It pulls in BIND and installs appropriate config
files. Then edit resolv.conf to point to localhost.
If
-Original Message-
From: Geoff Manning [mailto:[EMAIL PROTECTED]
Sent: Thursday, June 09, 2005 11:45 AM
To: users@spamassassin.apache.org
Subject: RE: Gif-Only spams
Check out the interesting idea at www.rulesemporium.com/forums/
entitled: Image attachment MD5 footprint RBL
My
An update to this problem:
I have a piece of spam that was not identified as such.
The header shows only:
* 1.7 SARE_RECV_FEP5 Message contains known spam format
However, when I run: spamassassin -D -t spamfileon it, it shows a whole bunch more such as DCC_CHECK and a bunch of URIBL tags as
If working properly, shouldn't every email have a BAYES_nn entry?
My spam has a high Bayes entry, I have a few ham that have a BAYES_50 entry,
but most of the ham has NO BAYES entry. Is this normal?? I thought I used
to get a BAYES_nn on every one. When I don't see the BAYES_nn entry, I
I'm running sa 2.63 with spamcop_uri.
I'm still getting mail thru that has url's pointing to know spammers.
When I grep maillog for spamcop_uri, i see that its working but NOT for the
emails that have been getting thru.
The score for spamcop is 4, which is the same score i use to kill spam. I tag
I'm running sa 2.63 with spamcop_uri.
I'm still getting mail thru that has url's pointing to know spammers.
When I grep maillog for spamcop_uri, i see that its working but NOT for the
emails that have been getting thru.
The score for spamcop is 4, which is the same score i use to kill spam. I tag
...
On Thursday, June 9, 2005, 5:32:23 AM, Ronan McGlue wrote:
Niek wrote:
On 6/9/2005 2:19 PM +0200, Ronan McGlue wrote:
sry should have added that the DNS order in /etc/resolv.conf is also
correct...
What order ? The nameservers are used randomly...
again, my semantics need work...
The other big problem I see is phishers (or spammers trying to poison
the system) intentionally inserting images normally found in legitimate
e-mails (eg, e-bay).
You'd end up scoring all legit e-mails that image hash shows up in.
Evan
Sven Riedel wrote:
Hi,
has anyone developed a good
At 10:00 AM 6/9/2005, you wrote:
I'm running sa 2.63 with spamcop_uri.
Might be worth upgrading.. :)
I'm still getting mail thru that has url's pointing to know spammers.
When I grep maillog for spamcop_uri, i see that its working but NOT
for the emails that have been getting thru.
The
Carnegie, Martin [EMAIL PROTECTED]
wrote on 06/09/2005 12:09:20 PM:
Hi All,
In the past 3 weeks or so, we have really noticed a decrease in the
detection rate for spam. We have not changed our system other
than
upgrading to 3.0.3 to see if it would help. We have turned on
URIBL
and
Perhaps, I'm not sure.
Is there a way to tell?
Also, I have seen some go through that I know are in spamcop.
Do you know of a way to troubleshoot spamcop?
i plan on upgrading sa, but I can't just yet, so I'd like to figure this out.
Thanks for your help
[EMAIL PROTECTED] wrote:
Kern, Tom
On Thu, Jun 09, 2005 at 12:51:33PM -0400, Jonathan Lutz wrote:
However, when I run: spamassassin -D -t spamfile on it, it shows a
whole bunch more such as DCC_CHECK and a bunch of URIBL tags as it
should. Network checks are seemingly only working on a local level.
Any reason why this
Kern, Tom wrote:
I'm running sa 2.63 with spamcop_uri.
I'm still getting mail thru that has url's pointing to know spammers.
When I grep maillog for spamcop_uri, i see that its working but NOT for the
emails that have been getting thru.
The score for spamcop is 4, which is the same score i
On Thu, Jun 09, 2005 at 11:37:35AM -0600, Carnegie, Martin wrote:
The Net:DNS ver is as follows DNS.pm,v 2.107 2004/02/21 12:44:18 ctriv
Exp $
That doesn't actually state the version, just the revision value of
the file. Try:
perl -MNet::DNS -e 'print $Net::DNS::VERSION,\n'
--
Randomly
On Thu, 9 Jun 2005, Bret Miller wrote:
has anyone developed a good strategy against spams
that contain a random text and the actual spam in
an image within a multipart/alternative mail?
Short of entirely blocking mails containing images, that
is.
SURBL, URIBL
Sorry, but SURBL,
-Original Message-
From: David B Funk [mailto:[EMAIL PROTECTED]
Sent: Thursday, June 09, 2005 2:16 PM
To: Chris Santerre
Cc: users@spamassassin.apache.org
Subject: RE: Gif-Only spams
On Thu, 9 Jun 2005, Chris Santerre wrote:
My only comment on a system like this is that it could be
Alejandro Lengua wrote:
Hi!
I am installing a new email server with spamassin included,
but I would like to extract the database I have created
in my old spamassassin bayes database and copy it
to the new installation.
Is this possible?, what is the easier way to do this?
Of course both SA
Absolutely - that's why I said scoring rather than blocking. :)
All I meant was that a few e-Bay phishers start using the e-bay logo, it
gets marked as a spam image and all future e-bay e-mails will have +1
added to them. Shouldn't be enough on its own to counteract AWL, Bayes,
etc. for a big
On Thu, 9 Jun 2005, Chris Santerre wrote:
There are image processing algorithms that are much better at 'looking'
at two images and giving a 'distance' value. (Only problem is
that they're
compute intensive).
Well then don't use MD5 :)
Hell then just pull a sample from the image. Not that
Yes, a size limit is *required*. It's very important to limit
the size of messages scanned by SpamAssassin.
Well, we're limiting the size of emails that spamd sees now, maybe
that will solve the problem, and of course it's generally sensibly to
do this, as there isn't really much spam larger
From: Ronan McGlue [EMAIL PROTECTED]
Matt Kettler wrote:
At 08:32 AM 6/9/2005, Ronan McGlue wrote:
anyclues as to why SA isnt 'apparently' using the hosts file??
This is because SA doesn't use the system resolver, it uses Net::DNS's
resolver. This gives SA a lot of control over
Well, here's one that just got thru.
if your SA doesn't block it, here it is-
Easy, convenient and discreet - order prescription drugs online.
http://lpjth.bqe4xctm83tjxcb.bullionismia.com
The higher the buildings, the lower the morals.
People often grudge others what they cannot enjoy
Kern, Tom wrote:
Well, here's one that just got thru.
if your SA doesn't block it, here it is-
http://lpjth.bqe4xctm83tjxcb.bullionismia.com
That one hit the following in my SA 2.64 with all the surbl.org and uribl.com
lists added:
AB_URI_RBL
BLACK_URI_RBL
JP_URI_RBL
But it did not hit SC,
Sorry. my bad.
won't happen again...
Matt Kettler wrote:
Matt Kettler wrote:
Kern, Tom wrote:
Well, here's one that just got thru.
if your SA doesn't block it, here it is-
http://lpjth.bqe4xctm83tjxcb.bullionismia.com
That one hit the following in my SA 2.64 with all the surbl.org
Matt Kettler wrote:
Kern, Tom wrote:
Well, here's one that just got thru.
if your SA doesn't block it, here it is-
http://lpjth.bqe4xctm83tjxcb.bullionismia.com
That one hit the following in my SA 2.64 with all the surbl.org and uribl.com
lists added:
snip sorry for the double post
On Thu, 9 Jun 2005, Kern, Tom wrote:
Perhaps, I'm not sure.
Is there a way to tell?
Also, I have seen some go through that I know are in spamcop.
Do you know of a way to troubleshoot spamcop?
i plan on upgrading sa, but I can't just yet, so I'd like to figure this out.
Thanks for your
Hmm, scoring certain attachments (.gif, .jpg, etc) based on a calculated
checksum (md5 or otherwise). To be time efficient it would have to be
an enable/disable option for older hardware, presumably. The
disadvantages are cpu time, network traffic, the need for servers to
store the checksum
Chris Santerre wrote:
None of the URIBLs is psychic. None can list a domain faster
than it can be
reported to them. This means that some spam will arrive and
not match the test.
Time of check is a factor when you talk about URIBLs. It's a
MAJOR factor.
Actually thats not quite true :)
Chris Santerre wrote:
... It also helps we have people throughout the
timezones. So at any time of the day...someone is awake :)
Could it be said... the sun never sets on SURBL? :)
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com
True, you might list associated domains. However, URIBLs still
aren't psychic,
they're just smart enough to do research :)
However, the important point still remains: Time of check IS a
major factor when
talking about URIBLs. You cannot assume that two URIBL checks
are comparable if
they are
Ben Hanson wrote:
Hmm, scoring certain attachments (.gif, .jpg, etc) based on a calculated
checksum (md5 or otherwise).
Now that I think about it, I recall Razor used to run into false
positives with one of the background images in a set of Outlook
stationery (because some spammers had used
Hi,
A colleague has written a script to supply some summary (and detail)
statistics for SA.
I've not been able to get anything of much Admin use from sa-stats.pl;
during setup and conf (and day to day running) I'm interested in
scantimes and mean averages.
Craig Morrison has written a script
On Thursday, June 9, 2005, 12:44:47 PM, Matt Kettler wrote:
Kern, Tom wrote:
Well, here's one that just got thru.
if your SA doesn't block it, here it is-
http://lpjth.bqe4xctm83tjxcb.bullionismia.com
That one belongs to Michael Lindsay iMedia, along with a majority
of spam URI domains on
Kern, Tom wrote:
Well, here's one that just got thru.
if your SA doesn't block it, here it is-
http://lpjth.bqe4xctm83tjxcb.bullionismia.com
That one hit the following in my SA 2.64 with all the surbl.org and uribl.com
lists added:
AB_URI_RBL
BLACK_URI_RBL
JP_URI_RBL
But it did not hit SC,
On Thursday, June 9, 2005, 12:23:09 PM, Tom Kern wrote:
Well, here's one that just got thru.
if your SA doesn't block it, here it is-
Easy, convenient and discreet - order prescription drugs online.
http://lpjth.bqe4xctm83tjxcb.bullionismia-MUNGED.com
BTW That domain got added to JP and
I just got a paypal phish with this as the target URL:
http://www.%66%72%61%75%64%65onli%6E%65access*MUNGED*.com/my_paypal/PayPal/
Which when you hover over it in thunderbird shows up as:
www.fraudeonlineaccess*MUNGED*.com
Truth in advertising?
Ok, so the actual site is just a web host, and
Nigel Frankcom wrote:
A colleague has written a script to supply some summary (and detail)
statistics for SA.
Actually its a work in progress, but what it does it does well.
Craig Morrison has written a script for logwatch that shows message
scan times and a mean average - plus a few other
From: Jeff Chan [EMAIL PROTECTED]
On Thursday, June 9, 2005, 12:23:09 PM, Tom Kern wrote:
Well, here's one that just got thru.
if your SA doesn't block it, here it is-
Easy, convenient and discreet - order prescription drugs online.
From: Matt Kettler [EMAIL PROTECTED]
I just got a paypal phish with this as the target URL:
http://www.%66%72%61%75%64%65onli%6E%65access*MUNGED*.com/my_paypal/PayPal/
Which when you hover over it in thunderbird shows up as:
www.fraudeonlineaccess*MUNGED*.com
Truth in advertising?
66 matches
Mail list logo
