Hello,
I am running spamassassin-3.0.3-1.1 and spamass-milter-0.3.0-1.1 on
RHEL3. The MTA is sendmail-8.12.
The rule is that every spam is forwarded to [EMAIL PROTECTED].
Everything works great and I am pleased with the results.
The problem is that sometimes I get the same spam forwarded 8 tim
> Users on a site submit content [resumes, classifieds etc].
> The data needs to be checked for Spam. Data is stored in
> mysql. When the user submits the data, how can I route it
> thru Spamassassin and accept the data only if it is clean?
>
> This has nothing to do with email.
You use spamas
On 9/27/05 5:22 PM, "jdow" <[EMAIL PROTECTED]> wrote:
>
> Please do not do this Matthew. It is a sign of VERY poor network
> management. It is also an excellent tool for spammers executing joe
> jobs. When I find myself joe jobbed the ISP that is bouncing goes into
> my procmailrc file with a
From: alan premselaar [mailto:[EMAIL PROTECTED]
>
> NFN Smith wrote:
> > Thanks for the ongoing feedback
> >
> > Bowie Bailey wrote:
> >>
> >> Also, you may want to save your email into a file and manually
> >> run it through SA to see what happens. Just add '-t -D' to the
> >> option list
>
We use SA with exim/exiscan (now the same thing from version 4.50).
After upgrading to SA 3.1.0 we've seen a very few mails timeout every time they are offered to spamd. Initially
this appeared to be an issue with the number of forked spamds but having adjusted this, we are still seeing
certain ma
Any chance you're running spamassassin with the -t (test mode) parameter?
At 05:07 PM 9/27/2005, you wrote:
Hi everyone,
Trying to figure out why this is getting rejected, I had to whitelist the
from address
Subject: [Fwd: account]
Date: Tue, 27 Sep 2005 16:39:41 -0400
MIME-Version: 1.0
Conte
I have a user who swears this message is legit and has been dealing with
this seller through ebay. I warned him that hitting SARE_FORGED_EBAY
isn't a good thing, but that I would report what seems to him to be a
false positive on it. The thing that gets me is that it claims to be
from ebay, but com
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello,
I have upgraded to SA 3.1.0 yesterday and I'm getting this errors at my
logfile:
Sep 28 13:16:09 anubis spamd[490]: Can't locate Mail/SPF/Query.pm in
@INC (@INC contains: ../lib
/usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi
/usr/lib/p
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Definitely sent from Yahoo! Mail through their webmail interface,
by the user "cacabeat99", at IP address 172.179.255.127 (AOL space):
Received: (qmail 94635 invoked by uid 60001); 27 Sep 2005 14:12:13 -
Message-ID: <[EMAIL PROTECTED]>
I'd suspect someone on his auctions is spoofing eBay mails to
fool him.
Either that or is trying to make their legit messages concerning an auction
look more legit than they really are. (Hey, I think it's likely bogus too,
but just trying to think of reasons other than fraud that someone would
Has anyone who runs a mail gateway service noticed a sharp drop in emails
since yesterday? I'm seeing about a 75% drop in total mail volume, and the %
of spam is much less...perhaps some ISPs cracked down recently?
Matt
--
Matthew Yette
Senior Engineer (NOC/Operations)
M.A. Polce Consulting
315-8
I have seen about a 2-3% drop in spam with about a 10-15% drop in email
volume.
Ron
Ron Nutter [EMAIL PROTECTED]
Network Infrastructure & Security Manager
Information Technology Services
Definitely not a false positive! And considering that it is promoting and
purportedly protecting the sale of an expensive ($2210) item outside of eBay,
and demanding a Western Union money transfer (no, no, no!) I would treat it
with the utmost suspicion.
Other anomalies:
- as Justin points ou
On Wed, Sep 28, 2005 at 10:20:58AM -0300, Matias Lopez Bergero wrote:
> Sep 28 13:16:09 anubis spamd[490]: Can't locate Mail/SPF/Query.pm in
>
> I had read over the list, looks like this is an open bug right? So...
> should I ignore this till new upgrade?
It's not a bug, you don't have Mail::SPF:
>
> On 9/28/05 1:33 PM, "Matthew Yette" <[EMAIL PROTECTED]> wrote:
>
>> Has anyone who runs a mail gateway service noticed a sharp drop in emails
>> since yesterday? I'm seeing about a 75% drop in total mail volume, and the %
>> of spam is much less...perhaps some ISPs cracked down recently?
>>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Theo Van Dinter wrote:
> On Wed, Sep 28, 2005 at 10:20:58AM -0300, Matias Lopez Bergero wrote:
>
>>Sep 28 13:16:09 anubis spamd[490]: Can't locate Mail/SPF/Query.pm in
>>
>>I had read over the list, looks like this is an open bug right? So...
>>should
Greetings,
Since upgrading from 3.0.4 to 3.1.0, my SPF checks no longer work. It
would seem that the information being passed Mail::SPF::Query->new does
not contain the sender's domain, but rather the FQDN of the last system
that sent the email. This FQDN does not have a TXT record, and so SPF
I did some more digging, and I also find the following entry several times
in the maillog:
prefork: select returned undef! recovering
Spamd is currentlty die-ing twice a day :-| Never had any problem with any
other version in this regard...
Kind Regards,
Sander Holthaus - Orange XL
Pierre Thomson wrote:
> Bottom line: SARE_FORGED_EBAY is working just fine!
I have to agree with what you said, my lil FORGED_EBAY rule has been working
good for a year and a half here!
Fred
Hello to all.
I apologize for this off-topic post, but I'm getting no feed-back from the
sendmail news group:
I have sendmail-9.12.11-4.RHEL3.1 installed on a box in out DMZ. Our internal
Linux boxes have samba installed, authenticate users against Win2k3 Active
Directory, and file- and print
That sounds more like an issue with your POP3/IMAP daemon than with Sendmail
(unless you're talking about authenticated SMTP). Perhaps you should see
about getting them to authenticate via LDAP or SMB.
- Original Message -
From: "Dimitri Yioulos" <[EMAIL PROTECTED]>
To:
Sent: Wednes
Use 'authconfig' and setup nss_ldap and pam_ldap to work directly with
Active Directory. I do it here, and it works great. You may need to
manually edit /etc/ldap.conf in order to get everything 100% (unless you
use Services for Unix in your Active Directory).
See http://www.padl.com/OSS/nss_l
I just read my post carefully - sorry for the poor English. I'm a native
speaker, and pretty well educated, but ...
Yes, I guess that would be authenticated SMTP. But, isn't winbind the SMB
authentication piece? nss_ldap is installed. I just installed padl's
pam_ldap. I would appreciate fu
Brian Wong wrote:
> I just recently implemented bayes at our site and was wondering how
> token expiration works. I thought that since I left the
> 'bayes_expiry_max_db_size' and 'bayes_auto_expire' to the default
> value of 1, that it would automatically expire the tokens. I run
> SpamAssassin thr
Keith Amling wrote:
>>Fascinating the man page seems to indicate this is not one of the options
>>for add_header. They mention other headers but not "Report". I guess you
>>found a cheat.
>
> What is not one of the options? 'add_header', 'all', and '_REPORT_' are all
> mentioned directly in the p
That sure as hell is not E-Bay. The user better be VERY careful
dealing with this bozo. It comes from yahoo.com and E-Bay NEVER
EVER sends emails via Yahoo.
Note the underlines below. He is also scamming E-Bay out of its
commissions. Note the "^^^2" underline. There is no such E-Bay
facility. Not
Leo is sweating I am told. I have not gotten a Leo spam in the last
week that came from a reachable site. His DNS servers are getting blown
and his web sites are getting torn down faster than his emailings get
around to my address thanks to "someone's" good efficient work.
{^_^}
- Original Me
From: "Matthew Yette" <[EMAIL PROTECTED]>
On 9/27/05 5:22 PM, "jdow" <[EMAIL PROTECTED]> wrote:
Please do not do this Matthew. It is a sign of VERY poor network
management. It is also an excellent tool for spammers executing joe
jobs. When I find myself joe jobbed the ISP that is bouncing goe
Thanks to everyone who responded to this. The responses make the user
think again about the purchase. Combined with a couple strange details
like the seller appeared to be U.S.-based at first and then became
foreign; the price more than doubled; PayPal was removed as a payment
option leaving only W
Not really. We are still getting around 140,000+ messages a day that are
spam :-(
Matthew Yette wrote:
Has anyone who runs a mail gateway service noticed a sharp drop in emails
since yesterday? I'm seeing about a 75% drop in total mail volume, and the %
of spam is much less...perhaps some ISPs
Decrrese!?
Since June my spam %age has gone from 64% to 70.5% of all mail.
It's depressing.
Nigel
On Wed, 28 Sep 2005 22:05:57 +0100, Dean Baldwin
<[EMAIL PROTECTED]> wrote:
>Not really. We are still getting around 140,000+ messages a day that are
>spam :-(
>
>Matthew Yette wrote:
>
>>Has any
jdow spake the following on 9/28/2005 1:55 PM:
> From: "Matthew Yette" <[EMAIL PROTECTED]>
>
>> On 9/27/05 5:22 PM, "jdow" <[EMAIL PROTECTED]> wrote:
>>
>>
>>>
>>> Please do not do this Matthew. It is a sign of VERY poor network
>>> management. It is also an excellent tool for spammers executing j
From: "Dean Baldwin" <[EMAIL PROTECTED]>
Whereas my personal mailbox went down to about 180/day for a week and
has been slowly climbing the last two weeks. It got back to about 220
last week and yesterday it was back to maybe 180 spams. That is down
from 250 to 280 per day levels.
{^_-} Joanne
I just installed 3.1.0 via CPAN. Then I realized that Razor and DCC
weren't installed on this machine. As I recall, SA needs to see them
during the build process, but trying to install Mail::SpamAssassin again
just tells me that SpamAssassin is up to date. How to proceed?
--
**
On Wed, Sep 28, 2005 at 02:39:52PM -0700, John Oliver wrote:
> As I recall, SA needs to see them
> during the build process, but trying to install Mail::SpamAssassin again
> just tells me that SpamAssassin is up to date. How to proceed?
There's no such requirement. The build process checks are t
On Wed, Sep 28, 2005 at 05:52:11PM -0400, Theo Van Dinter wrote:
> On Wed, Sep 28, 2005 at 02:39:52PM -0700, John Oliver wrote:
> > As I recall, SA needs to see them
> > during the build process, but trying to install Mail::SpamAssassin again
> > just tells me that SpamAssassin is up to date. How
On Wed, Sep 28, 2005 at 02:59:28PM -0700, John Oliver wrote:
> Oh, OK! So then... how do I make SA use them? I've been Googling, but
> the stuff I find is for older versions of SA, deprecated info. If I run
> it in debug mode, there's no mention of DCC nor Razor.
In 3.1 you need to enable the p
> -Original Message-
> From: John Oliver [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, September 28, 2005 4:40 PM
> To: users@spamassassin.apache.org
> Subject: Rebuilding SA from CPAN?
>
> I just installed 3.1.0 via CPAN. Then I realized that Razor
> and DCC weren't installed on this ma
Bowie Bailey wrote:
> Good catch Alan, I hadn't noticed that. I think you're right about
the ALL_TRUSTED rule -- and, based on the debug output, right about
the internal_networks rule as well.
My comments have been based on settings for 3.04. I'm not sure if
your version wasn't mentioned bef
Ben Lentz wrote:
Is my testing of gmail's information faulty? What has changed between
3.0.4 and 3.1.0 SPF-wise that would cause SPF to stop working?
What's changed? SPF_HELO_* checks are now correctly done -- against
host names and not registered domains.
I think we -- correctly -- stopped
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Ah, I missed the Western Union aspect. In that case, it's
unquestionably a scam ;)
- --j.
"Bret Miller" writes:
> Thanks to everyone who responded to this. The responses make the user
> think again about the purchase. Combined with a couple strange
The message is sent from [EMAIL PROTECTED] to [EMAIL PROTECTED]
but shows up with no SPF information. Are you saying that the SPF
records are supposed to be published along with the sending mail
server's A record instead of with the domain? Like if the MX for
channing-bete.com was smtp.channing
Ben Lentz wrote:
> The message is sent from [EMAIL PROTECTED] to
> [EMAIL PROTECTED] but shows up with no SPF information. Are
> you saying that the SPF
> records are supposed to be published along with the sending mail
> server's A record instead of with the domain? Like if the MX for
> channing-
Ben Lentz wrote:
The message is sent from [EMAIL PROTECTED] to [EMAIL PROTECTED]
but shows up with no SPF information. Are you saying that the SPF
records are supposed to be published along with the sending mail
server's A record instead of with the domain? Like if the MX for
channing-bete.com
[EMAIL PROTECTED] wrote:
SPF has NOTHING to do with the HELO/EHLO info.
Actually it does.
http://www.ietf.org/internet-drafts/draft-schlitt-spf-classic-02.txt
Daryl
Daryl C. W. O'Shea wrote:
> [EMAIL PROTECTED] wrote:
>> SPF has NOTHING to do with the HELO/EHLO info.
>
> Actually it does.
>
> http://www.ietf.org/internet-drafts/draft-schlitt-spf-classic-02.txt
Oops, I'm wrong.
But not entirely.
Selected quotations from the above draft:
SPF clients MUST c
Thanks for the info. I just added "always_trust_envelope_sender 1" to my
local.cf and restarted. I then resent an email from gmail and still got
no SPF. So, that didn't solve my problem.
Am I incorrectly implimenting the standard? Do I need my TXT record to
be located at IN TXT smtp.channing-b
Ben Lentz wrote:
Thanks for the info. I just added "always_trust_envelope_sender 1" to my
local.cf and restarted. I then resent an email from gmail and still got
no SPF. So, that didn't solve my problem.
Am I incorrectly implimenting the standard? Do I need my TXT record to
be located at IN T
Okay, I've added
always_trust_envelope_sender 1
trusted_networks 10.1.0.0/16
trusted_networks 205.246.7.107
and restarted. Still not acknoledgement that SPF is working for
gmail.com. SPF-based whitelisting might be great, but at this point I'm
still not confident that SPF is working for me.
H
Ben Lentz wrote:
Okay, I've added
always_trust_envelope_sender 1
trusted_networks 10.1.0.0/16
trusted_networks 205.246.7.107
and restarted. Still not acknoledgement that SPF is working for
gmail.com. SPF-based whitelisting might be great, but at this point I'm
still not confident that SPF is w
50 matches
Mail list logo
