Hi all,
For clarification I'll sketch the flow of our mail to sa-learn.
Internet - 2 redundant Exim mailservers with SA - 2 redundant Notes
server
- User - Spam DB on Notes server - via fetchmail back to the Exim
server
- sa-learn
That will of course add at least a new received: line (for
http://news.bbc.co.uk/1/hi/technology/4547474.stm
Not according to my statsbut the users don't get the spam anymore ;-)
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
**
This
Working great here (Free edition - Mac OSX)
Get SA 3.1
Get the rules from http://rulesemporium.com/rules.htm (I only use the
safe ones) and put hem where you're local.cf is.
Use rules_du_jour script to update them automatically if you wish.
Configure trusted_networks in local.cf (important)
Working great here (Free edition - Mac OSX)
Get SA 3.1
Get the rules from http://rulesemporium.com/rules.htm (I only use the
safe ones) and put hem where you're local.cf is.
Use rules_du_jour script to update them automatically if you wish.
Configure trusted_networks in local.cf (important)
Stuart Johnston [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
If you don't want to scan messages from the webmail, add a line like this
above your spam scanning code:
accept hosts = 127.0.0.1:+relay_from_hosts
If you do want to scan webmail messages but don't want to wait for
To Better-Scripters-Than-Me: would this work? I know there's probably a
better way, but if it works as written, it would avoid creating
duplicate email addresses.
Much easier to remove the duplicates with a 'sort -u' once you've finished
appending.
Hello everybody
Since I upgraded to spamassassin version 3.1.0 spamassassin dies in
irregular intervalls. I have an mailserver (exim) which calls
spamassassin for checking mail. In the logfiles I have entries like
[494] dbg: prefork: sysread(7) not ready, wait max 300 secs
[20458] dbg:
At 04:14 AM 12/21/2005, Martin Hepworth wrote:
http://news.bbc.co.uk/1/hi/technology/4547474.stm
Not according to my statsbut the users don't get the spam anymore ;-)
I find it amusing that most of the stats in that article are the combined
affects of spam filters and the can-spam law,
The SPAM levels hitting my servers has NEVER been higher. Fortunately,
thanks to SpamAssassin, the numbers hitting my users mailboxs are extremely
low. My gratitude to all who have contributed to the development of SA.
- Original Message -
From: Matt Kettler [EMAIL PROTECTED]
To:
We use maildrop to redirect mail into a user's IMAP 'trash' folder. Most of
our users POP their mail, so they just never see it, and it gets autocleaned
after a week; if they want to look at it, they log into squirrelmail webmail
app, and look in the trash folder. If they want a message, they
But the reality of the numbers won't stop the FTC from tooting it's own
horn and claiming victory.. Unfortunately for us, this will likely result
in some major spammers unleashing a mass-scale deluge just to show they're
wrong. The best I think we can hope for is that a few of them might get
Stephen Sloan wrote:
The SPAM levels hitting my servers has NEVER been higher.
That's not inconsistent with the MX Logic data. While you can't draw any
conclusions about it being a new record high, you also can't draw any
conclusions it's not. You can also say November 2005 clearly above the
Hello spamassassin-users,
I use mysql for spamassassin (with amavisd-new).
since I changed the format of the tables (SA)
awl InnoDB
bayes_expireInnoDB
bayes_global_vars InnoDB
bayes_seen InnoDB
bayes_token InnoDB
bayes_vars
Aaron Boyles wrote:
New to the list, all, and looking for some info on SA.
First, my background: I'm an applications developer using VB, and
have no experience with Linux, and only passing experience with
Exchange. I am, however, well versed on the SMTP/POP3 protocols, and
have written a
Jim Knuth wrote:
Hello spamassassin-users,
I use mysql for spamassassin (with amavisd-new).
since I changed the format of the tables (SA)
awl InnoDB
bayes_expireInnoDB
bayes_global_vars InnoDB
bayes_seen InnoDB
bayes_token
Ah, thanks for the prompt and thorough response, Ken!
I've actually spent some time myself digging on the internet and came to a
similar conclusion, but was just hoping that I was wrong. :/ Every now and
then, I'd find something that vaguely mentioned a SpamAssassin DLL, and
became hopeful.
Heute (21.12.2005/19:06 Uhr) schrieb Michael Parker ([EMAIL PROTECTED]),
Jim Knuth wrote:
Hello spamassassin-users,
I use mysql for spamassassin (with amavisd-new).
since I changed the format of the tables (SA)
awl InnoDB
bayes_expireInnoDB
Personally, I use SpamAssassin on my personal E-Mail server (which is
hosted
by someone else for me, and is a Linux server) and I love it. I'm
particularly depressed that as long as it's been in development, nobody's
thought to simplify the install process. Heck, the installing on
windows
On Wed, Dec 21, 2005 at 11:42:18AM -0500, Matt Kettler wrote:
My tagged spam rate at the end of January 2005 (2.8k spam/day) was higher than
my peak rate in the past month (2.3k spam/day), but I suspect this is largely
due to the greylist.
Dumb question... how does one do 'partial
I'm sure it'd be POSSIBLE, but you'd have to have a solid registry and file
monitor running during the install of all the different pieces to make sure
that you catch all the system changes made during all of the installs. It's
a bit more work than I'm ready to step through, personally. :)
Jim C. Nasby wrote:
On Wed, Dec 21, 2005 at 11:42:18AM -0500, Matt Kettler wrote:
My tagged spam rate at the end of January 2005 (2.8k spam/day) was higher than
my peak rate in the past month (2.3k spam/day), but I suspect this is largely
due to the greylist.
Dumb question... how does one
Ken, Aaron, others:
I maintain a pure Win32 PerlScript (some COM programming as well)
working as an Exchange Event Sink on the SMTP interface.
I was working with 2.63 and upgraded to 3.04, and will be upgrading to
3.10 (or whatever is stable at the time I take the leap) soon. The code
mods from
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Matt Kettler writes:
But the reality of the numbers won't stop the FTC from tooting it's own
horn and claiming victory.. Unfortunately for us, this will likely result
in some major spammers unleashing a mass-scale deluge just to show they're
I used to have a set of rules that dealt with the paypal and ebay
spoof emails, however since upgrading to SA 3.x I seem to have lost
them (along with several other rules that I liked).
Return-Path: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on
Title: Message
On a side note, is
anyone very familiar with any protocols involving public blacklists? I'm
looking for the ability to simply toss an IP at a site somewhere, and get a
simple 'yes/no' response as to whether or not it's a spam
IP?
-Aaron
Boyles
ITC Applications
Programmer
LuKreme wrote:
I mean, it seems to be something claiming to be from paypal, ebay,
citibank, wamu, etc that is NOT from them should score a lot higher
than 2.4. So what can I do to catch these before some idiot -- er,
luser-- um USER gets fooled into giving up their account info?
Phishing is
Aaron Boyles wrote:
On a side note, is anyone very familiar with any protocols involving
public blacklists? I'm looking for the ability to simply toss an IP at
a site somewhere, and get a simple 'yes/no' response as to whether or
not it's a spam IP?
All the common blacklists use DNS lookups,
...
On a side note, is anyone very familiar with any protocols involving public
blacklists? I'm looking for the ability to simply toss an IP at a site
somewhere, and get a simple 'yes/no' response as to whether or not it's a
spam IP?
-Aaron Boyles
ITC Applications Programmer
...
Far
This could just be sheer coincidence, but like I said, we don't get a whole
lot of E-Mail here, so it'd be an odd coincidence.
Almost immediately after my first posting on this board, someone has started
testing our SMTP server, with an IP registered in Amsterdam, NL.
Here's our current log to
This sounds along the lines of what I'm looking for. Is there an RFC on
this protocol anywhere, and a list of some free servers hosting the
information?
-Aaron Boyles
ITC Applications Programmer
-Original Message-
From: Matt Kettler [mailto:[EMAIL PROTECTED]
Sent: Wednesday, December
tuxorama.com does a SMTP probe for every posting to this list
and is one of the very few IPs I have firewalled off. The probes seem
to always come from 81.169.185.26 (now they'll probably change IPs and I'll
have to block some other IP or range), so they, while irritating are very
easy to
Ahh, thanks for the info. I'll keep 'em on ignore then. ;)
-Original Message-
From: List Mail User [mailto:[EMAIL PROTECTED]
Sent: Wednesday, December 21, 2005 3:45 PM
To: [EMAIL PROTECTED]; users@spamassassin.apache.org
Cc: [EMAIL PROTECTED]
Subject: Re: Does tuxorama.com sound
Aaron Boyles wrote:
This sounds along the lines of what I'm looking for. Is there an RFC on
this protocol anywhere, and a list of some free servers hosting the
information?
As for an RFC, none that I know of. The best you might get would be the sendmail
docs, because it is sendmail's
List Mail User wrote:
tuxorama.com does a SMTP probe for every posting to this list
and is one of the very few IPs I have firewalled off. The probes seem
to always come from 81.169.185.26 (now they'll probably change IPs and I'll
have to block some other IP or range), so they, while
Hi
FC3
I am running SA 3.0 clamav 0.87.1 clamav-milter 0.87 (the addition of the
latter has cut back on the virus emails big-time.
what else can i add to reduce spam and viruses.
Mark
Well, I've gotten as far as figuring out that you're SUPPOSED to be able to
do a simple namespace lookup with the servers, and the response should give
you your answer. Thus, if I wanted to check IP 80.22.221.70, my
understanding is that I should shell out to nslookup
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I think John Levine has been working on a BCP document for the IETF
regarding these. ah, here it is:
http://www.ietf.org/internet-drafts/draft-irtf-asrg-dnsbl-02.txt
- --j.
Aaron Boyles writes:
This sounds along the lines of what I'm looking
Aaron Boyles wrote:
Thus, if I wanted to check IP 80.22.221.70, my
understanding is that I should shell out to nslookup
70.221.33.80.sbl-xbl.spamhaus.org and nab the response.
Yes, you should be able to, although on many systems the preferred commands are
host and dig.
However, when I
Actually, no, I can't. I get that message with Yahoo as well. I vaguely
remember running into this issue before, and it having something to do with
using Windows 2K3 server behind NAT. As I recall at the time, it was
decided that the 'solution' was far more work than it was worth. :/
Maybe
--On Wednesday, December 21, 2005 2:39 PM -0500 Matt Kettler
[EMAIL PROTECTED] wrote:
Perhaps a better term is selective greylisting
I'm Using milter-greylists's acls. My default is to whitelist (ie: not
greylist) but I have an extensive set of ACLs that use regexes to
greylist most dialup
Aaron Boyles wrote:
Actually, no, I can't. I get that message with Yahoo as well. I vaguely
remember running into this issue before, and it having something to do with
using Windows 2K3 server behind NAT. As I recall at the time, it was
decided that the 'solution' was far more work than it
Aaron Boyles wrote:
Actually, no, I can't. I get that message with Yahoo as well. I vaguely
remember running into this issue before, and it having something to do
with
using Windows 2K3 server behind NAT. As I recall at the time, it was
decided that the 'solution' was far more work than it
My guess would be yes, though I don't have any DNS servers handy to do an
external check on.
-Aaron
-Original Message-
From: Mike Jackson [mailto:[EMAIL PROTECTED]
Sent: Wednesday, December 21, 2005 4:59 PM
To: SpamAssassin
Subject: Re: Public Blacklists?
Aaron Boyles wrote:
From: Aaron Boyles [mailto:[EMAIL PROTECTED]
attempt this, I always get the same thing in response: Can't find server
name for address 10.0.0.1 which is our gateway.
It's a bug in nslookup. nslookup expects the DNS server to be authoritive
for its own reverse address and blows up if
Matt Kettler wrote:
Realistically, most spam I get seems to be using addresses that are already in
the spammer's database of valid email addresses. While I see a lot of viruses
using dictionary based MAIL FROM addresses, I see very little spam doing this.
So I don't think this really changes
Rick Macdougall wrote:
you do not bounce after accepting
Hear, hear!
I wish AOL and Yahoo would figure this out.
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
...
List Mail User wrote:
tuxorama.com does a SMTP probe for every posting to this list
and is one of the very few IPs I have firewalled off. The probes seem
to always come from 81.169.185.26 (now they'll probably change IPs and I'll
have to block some other IP or range), so they, while
You see, it does not allow me to unsubscribe.
Some goofball running the SA list (or a server front-end for the list)
decided to 100% block on incoming email to the list with the SORBS dynamic
IP list (which is high false positives).
Now, the problem is, and what makes this list now a spam
From: LuKreme [EMAIL PROTECTED]
I used to have a set of rules that dealt with the paypal and ebay
spoof emails, however since upgrading to SA 3.x I seem to have lost
them (along with several other rules that I liked).
Return-Path: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin
On Wed, Dec 21, 2005 at 06:59:37PM -0500, [EMAIL PROTECTED] wrote:
If you sign up to a list that won't let you unsubscribe, isn't that one of
the key indicators of spam? I know that will get you a block at most all
major ISP systems these days real quick, which would probably be hard to
get
Theo Van Dinter wrote:
On Wed, Dec 21, 2005 at 06:59:37PM -0500, [EMAIL PROTECTED] wrote:
If you sign up to a list that won't let you unsubscribe, isn't that one of
the key indicators of spam? I know that will get you a block at most all
major ISP systems these days real quick, which would
From: Martin Hepworth [EMAIL PROTECTED]
http://news.bbc.co.uk/1/hi/technology/4547474.stm
Not according to my statsbut the users don't get the spam anymore ;-)
It's the BBC, for crying out loud. They've wiped their own reputation
with so many dirty cloths they've used it all up. I never
[EMAIL PROTECTED] wrote:
So, here is my dilemma. I can't unsubscribe from the other account
(this list has it blocked as I described), and there is no alternate
method presented in the emails from the list (such as a weblink to
opt-out).
From the headers:
list-unsubscribe: mailto:[EMAIL
[EMAIL PROTECTED] wrote:
[EMAIL PROTECTED] wrote:
So, here is my dilemma. I can't unsubscribe from the other account
(this list has it blocked as I described), and there is no alternate
method presented in the emails from the list (such as a weblink to
opt-out).
From the headers:
Matt Kettler wrote:
[EMAIL PROTECTED] wrote:
From the headers:
list-unsubscribe: mailto:[EMAIL PROTECTED]
So you're saying mail to [EMAIL PROTECTED]
is blocked for all IP addresses in SORBS?
If they're using the SORBS RBL at the MTA layer, yes.
Most MTA layer RBL checks don't even
On 21 Dec 2005, at 13:22 , [EMAIL PROTECTED]
[EMAIL PROTECTED] wrote:
LuKreme wrote:
I mean, it seems to be something claiming to be from paypal, ebay,
citibank, wamu, etc that is NOT from them should score a lot higher
than 2.4. So what can I do to catch these before some idiot -- er,
Sorry folks - had a drive crash. Sorry for the test.
--
Best regards,
Chris
No matter how strong the breeze when you leave the dock
once you have reached the furthest point from port
the wind will die.
On Wednesday 21 December 2005 18:59, [EMAIL PROTECTED] wrote:
You see, it does not allow me to unsubscribe.
Some goofball running the SA list (or a server front-end for the
list) decided to 100% block on incoming email to the list with the
SORBS dynamic IP list (which is high false positives).
I hardly think that a list that you have to go through a three-step process
to be put on would qualify as spam, even if you've had difficulty getting
removed (and by difficulty, I mean you made one weak attempt at
unsubscription, then came in here to throw a public childish fit without
asking the
Uh oh... I might be a guilty party here. What do you mean by bounce after
accepting? With my own app, it receives the E-Mail, gets as far as the
DATA command, does a quick overview of the E-Mail, and if it's considered
spam, it returns a 550 - User Doesn't Exist instead of a 250 - Okay.
Is that
Brian Leyton wrote:
Rick Macdougall wrote:
My system would disagree with you for the last 3 days :)
We've been under a constant bounce bombardment of bounced
spams (from f*cking idiot admins who can't understand that
you do not bounce after accepting, sorry for the language)
where the
Aaron Boyles wrote:
Uh oh... I might be a guilty party here. What do you mean by bounce after
accepting? With my own app, it receives the E-Mail, gets as far as the
DATA command, does a quick overview of the E-Mail, and if it's considered
spam, it returns a 550 - User Doesn't Exist instead of
Brian Leyton wrote:
Rick Macdougall wrote:
Don't get too mad, but I'm one of those f*cking idiot admins who is
bouncing after acceptance. The reason isn't (just) because I'm a f*cking
idiot admin, but because I use f*cking idiot software that Management
hasn't seen fit to upgrade yet,
Hi there,
I've seen the error below mentioned on other lists. but I have not seen an
explanation of what is going on here. Anybody have a clue why this error is
popping up?
--- snip ---
# /usr/local/etc/rc.d/sa-spamd.sh restart
Stopping spamd.
Waiting for PIDS: 58177.
Starting spamd.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Noah writes:
I've seen the error below mentioned on other lists. but I have not seen an
explanation of what is going on here. Anybody have a clue why this error is
popping up?
it can be ignored; it *should* be suppressed, but the suppression
Jim Knuth wrote:
yes, this is what I`ve used. I`ve now changed of
bayes_store_module Mail::SpamAssassin::BayesStore::SQL
bayes_sql_dsnDBI:mysql:spamassassin:localhost:3306
and will shown what happens. Or is it the InnoDB format wrong?
Not much use running
Heute (22.12.2005/07:41 Uhr) schrieb Michael Parker ([EMAIL PROTECTED]),
Jim Knuth wrote:
yes, this is what I`ve used. I`ve now changed of
bayes_store_module Mail::SpamAssassin::BayesStore::SQL
bayes_sql_dsnDBI:mysql:spamassassin:localhost:3306
and will
67 matches
Mail list logo