> >
>
> It's not a solution. It's an attempt to get the toilet unplugged while the
> plumber is on the way. The change should be reverted one the system is
> properly configured. The main problem is all we really know is that the
> MTA
> is qmail.
>
Gary,
U it doesn't unplug the toilet... y
On Saturday 18 August 2007, [EMAIL PROTECTED] wrote:
> I have a FreeBSD machine running qmail, SpamAssassin and ClamAV. The
> machine is receiving 200,000 e-mail messages per day, courtesy of
> Rumpelstiltskin attacks from thousands of different IP addresses each day,
> and SpamAssassin appears to
> I would think stopping these may prevent any mail from passing through
> your
> system. If you can't figure out how to reconfigure qmail to stop sending
> mail to spamd then you might consider adding the --local argument to the
> spamd daemon. This would make spamd run considerably faster (but i
At 18:26 19-08-2007, [EMAIL PROTECTED] wrote:
After stopping SpamAssassin messages like these are appearing in
/var/log/maillog:
Aug 19 21:23:19 erebus spamc[20803]: connect(AF_INET) to spamd at
127.0.0.1 failed, retrying (#3 of 3): Connection refused
Your question was about how to disable
> >
>
> I would think stopping these may prevent any mail from passing through
> your
> system. If you can't figure out how to reconfigure qmail to stop sending
> mail to spamd then you might consider adding the --local argument to the
> spamd daemon. This would make spamd run considerably faster
>
>
> Bingo! SpamAssassin and ClamAV are supposedly stopped.
>
Right, problem is, there is code or a codeset on your machine that requires
they be present and activated or your server will barf on incoming messages.
I sent a coupla posts last night to direct you towards looking for a file
cal
>
> #/usr/local/etc/rc.d/sa-spamd stop
>
> > If anyone knows how to temporarily disable ClamAV too, I'd be
> > ecstatic to learn how to do that too.
>
> Disable the daemon:
> #/usr/local/etc/rc.d/clamav-clamd stop
>
> Disable the sendmail milter:
> #/usr/local/etc/rc.d/clamav-milter stop
>
> Y
[EMAIL PROTECTED] wrote:
I have a FreeBSD machine running qmail, SpamAssassin and ClamAV.
I want to temporarily disable SpamAssassin to free up enough
resources to let the mail queue clear. How do I do that?
Further to the other comments, this page might be helpful:
qmail + spamassassin + c
So,
command_args="-d -r ${pidfile}"
would be
command_args="-d -r --local ${pidfile}"
Sorry, should be:
command_args="-d --local -r ${pidfile}"
_
Find a local pizza place, movie theater, and more
.then map the best route!
http:/
Worried that I might be preventing all mail from passing through the
system, I rebooted the server after disabling SpamAssassin and ClamAV, so
they're running again. My remote mail queue is continuing to grow -- there
are now 79,110 messages in the remote queue. ps -ax | grep -c qmail-remote
Worried that I might be preventing all mail from passing through the system, I
rebooted the server after disabling SpamAssassin and ClamAV, so they're running
again. My remote mail queue is continuing to grow -- there are now 79,110
messages in the remote queue. ps -ax | grep -c qmail-remote
After stopping SpamAssassin messages like these are appearing in
/var/log/maillog:
Aug 19 21:23:19 erebus spamc[20803]: connect(AF_INET) to spamd at 127.0.0.1
failed, retrying (#3 of 3): Connection refused
Aug 19 21:23:20 erebus spamc[20853]: connect(AF_INET) to spamd at 127.0.0.1
failed, retr
Darn. Okay. Thanks.
-
At 09:39 PM 8/19/2007, Dave Pooser wrote:
>> After stopping SpamAssassin messages like these are appearing in
>> /var/log/maillog:
>>
>> Aug 19 21:23:19 erebus spamc[20803]: connect(AF_INET) to spamd at 127.0.0.1
>> failed, retrying (#3 of 3): Connection refused
>
> After stopping SpamAssassin messages like these are appearing in
> /var/log/maillog:
>
> Aug 19 21:23:19 erebus spamc[20803]: connect(AF_INET) to spamd at 127.0.0.1
> failed, retrying (#3 of 3): Connection refused
So something is calling spamc, which is trying to connect to spamd and
failing (n
After stopping SpamAssassin messages like these are appearing in
/var/log/maillog:
Aug 19 21:23:19 erebus spamc[20803]: connect(AF_INET) to spamd at 127.0.0.1
failed, retrying (#3 of 3): Connection refused
Aug 19 21:23:20 erebus spamc[20853]: connect(AF_INET) to spamd at 127.0.0.1
failed, ret
Bingo! SpamAssassin and ClamAV are supposedly stopped.
--
At 09:05 PM 8/19/2007, Dave Pooser wrote:
>> [EMAIL PROTECTED] /usr/local/etc/rc.d]$ sa-spamd.sh stop
>> bash: sa-spamd.sh: command not found
>> [EMAIL PROTECTED] /usr/local/etc/rc.d]$ clamav-clamd.sh stop
>> bash: clamav-clamd.sh
> [EMAIL PROTECTED] /usr/local/etc/rc.d]$ sa-spamd.sh stop
> bash: sa-spamd.sh: command not found
> [EMAIL PROTECTED] /usr/local/etc/rc.d]$ clamav-clamd.sh stop
> bash: clamav-clamd.sh: command not found
> [EMAIL PROTECTED] /usr/local/etc/rc.d]$
>
> How is it possible that the commands aren't fou
Thanks, John, but now I'm totally baffled and suspicious that something's
really screwed up. What do you make of this transcript:
[EMAIL PROTECTED] /usr/home/peter]$ cd /usr/local/etc/rc.d/
[EMAIL PROTECTED] /usr/local/etc/rc.d]$ ls -la
total 26
drwxr-xr-x 2 root wheel 512 Apr 5 2006 .
dr
--
100 USER_IN_BLACKLIST From: address is in the user's black-list
100 points. That's an explicit blacklist, not AWL. So the question is,
which address is blacklisted?
It says From address, but this could also be the envelope-sender, I th
I really don't know what I did to mess things up here, but I'm running
FC7, Sendmail, ClamAV and Spamassassin locally on my mail server. I
thought I had everything working, but now, mail that I have previously
considered absolutely safe is being flagged as spam, with indications
that the sende
Ah! The forest for the trees. I was so lost in the Received Headers, I
completely missed the Subject. I'll dig through this some tomorrow, and
maybe open up a bug report, if it needs a more flexible subject.
Thanks for the new set of eyes!
Dan
-Original Message-
From: Kai Schaetzl [mail
On 2007-08-19, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> I have a FreeBSD machine running qmail, SpamAssassin and ClamAV. The
> machine is receiving 200,000 e-mail messages per day, courtesy of
> Rumpelstiltskin attacks from thousands of different IP addresses each
> day, and SpamAssassin
Hi,
I've been looking at doing the Sitewide Bayes and
Sitewide Bayes Feedback. My mail server averages a KNOWN spam
every 2 seconds, so I'd like to feed it to a site wide database.
THEN, would like to score mail completely by the users private
one, but then RESCORE it against the site one.
I imagine this depends a little on your distro. Some more details would be
helpful.
> From: Netdynamix [mailto:[EMAIL PROTECTED]
>
> I have SA 3.1.4 running on my server successfully. I want to
> upgrade to
> 3.2.3 for safety sake.
>
> I have NEVER upgraded SA before and am a little scared t
as long as my
SA-version
included rulesets
enabled plugins
are the SAME from arch/OS to arch/OS, is it OK to simply compile rules
once somewhere, and push them to each box?
or, *is* there some sort of processor/architecture, or other
environmental, depdency that throws a wrench into the wo
dougp23 wrote:
> So I am seeing some of this stuff, and I want to block it based on headers.
> So here's the header:
>
> Return-Path: <[EMAIL PROTECTED]>
> Received: from qmail.example.gov (localhost [127.0.0.1])
>
> by qmail.example.gov (8.13.1/8.13.1) with ESMTP id l7JFvfer015649
>
>
This was a false positive. Might want to recheck the AOL rule.
X-AOL-IP: 64.12.170.94
X-Spamfilter-host: pascal.ctyme.com - http://www.junkemailfilter.com
X-Freemail-From: aol.com
X-Relay-Countries: US US
X-Spam-Report: SpamAssassin 3.2.3 (2007-08-08) on euclid.ctyme.com
Spam=Yes score=6.
Hi everybody,
I have SA 3.1.4 running on my server successfully. I want to upgrade to
3.2.3 for safety sake.
I have NEVER upgraded SA before and am a little scared that I break it and
can't get it up again.
Is there anyone who can direct me to a simple step-by-step HOW-TO on how to
do this?
Kin
Robert Fitzpatrick wrote:
> Worms and spam have made it impossible for users to use their own
> personal mail servers. We block any outgoing mail on any managed
> firewall on port 25 other than authorized ESMTP servers. More and more
> ISP's are blocking port 25 from anything but their own stuff,
So I am seeing some of this stuff, and I want to block it based on headers.
So here's the header:
Return-Path: <[EMAIL PROTECTED]>
Received: from qmail.example.gov (localhost [127.0.0.1])
by qmail.example.gov (8.13.1/8.13.1) with ESMTP id l7JFvfer015649
for <[EMAIL PROTECTED]>;
Dan Barker wrote on Sun, 19 Aug 2007 08:58:22 -0400:
> Message: http://www.visioncomm.net/VBounce.txt
Only looked at one of your examples (the one above). A quick look at
VBounce.cf shows that BOUNCE_MESSAGE would match on "Delivery Failure
Notification", but not on "Delivery Status Notificatio
>
> I've read Life with qmail and the SpamAssassin documentation at
> http://spamassassin.apache.org/ but I'm not connecting the dots.
> Unfortunately, I didn't set up this machine and I don't have a good grasp
> of qmail, SpamAssassin and ClamAV.
>
> Thanks in advance for any guidance and all pr
>
> I have a FreeBSD machine running qmail, SpamAssassin and ClamAV. The
> machine is receiving 200,000 e-mail messages per day, courtesy of
> Rumpelstiltskin attacks from thousands of different IP addresses each day,
> and SpamAssassin appears to be overwhelmed. I have about 50,000 e-mail
> mes
SM a écrit :
> At 06:37 19-08-2007, =?KOI8-R?Q?=22Adam_Ce=27cile_=28Le=5FVert=29=22?=
> wrote:
>> I always receive this email [1] from different sender and it always
>> get -100
>> score, user whitelisted.
>> It seems something in this mail makes spamassassin consider the user
>> whitelisted.
>
>
On 8/19/07 8:22 AM, "Marc Perkel" <[EMAIL PROTECTED]> wrote:
>
>
> Jo Rhett wrote:
>> Marc Perkel wrote:
>>> OK - it's interesting that of all of you who responded this is the
>>> only person who is doing it right. I have to say that I'm somewhat
>>> surprised that so few people are preproces
At 09:22 AM 8/19/2007, Michael Scheidell wrote:
>> -Original Message-
>> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
>> Sent: Saturday, August 18, 2007 11:25 PM
>> To: users@spamassassin.apache.org
>> Subject: How do I temporarily disable SpamAssassin?
>>
>>
>>
>> I have a FreeB
At 06:37 19-08-2007, =?KOI8-R?Q?=22Adam_Ce=27cile_=28Le=5FVert=29=22?= wrote:
I always receive this email [1] from different sender and it always get -100
score, user whitelisted.
It seems something in this mail makes spamassassin consider the user
whitelisted.
Did you whitelist your own domain
Hi Michael,
At 03:23 19-08-2007, Michael Scheidell wrote:
is their mail web site www.iecc.com offline?
That website is reachable.
Regards,
-sm
Jo Rhett wrote:
Marc Perkel wrote:
OK - it's interesting that of all of you who responded this is the
only person who is doing it right. I have to say that I'm somewhat
surprised that so few people are preprocessing their email to reduce
the SA load. As we all know SA is very processor and m
Hi,
I always receive this email [1] from different sender and it always get -100
score, user whitelisted.
It seems something in this mail makes spamassassin consider the user
whitelisted.
Could you please have a look ?
Thanks in advance, regards.
[1] http://www.le-vert.net/divers/canadian-phar
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> Sent: Saturday, August 18, 2007 11:25 PM
> To: users@spamassassin.apache.org
> Subject: How do I temporarily disable SpamAssassin?
>
>
>
> I have a FreeBSD machine running qmail, SpamAssassin and
> ClamAV. The
These are continuing. I'd really like to know what's going wrong. I get
about 350 backscatter bounces a day that VBounce does catch, and a fair
number (10, 50? How to tell?) that get missed, but appear (to me) clearly to
be backscatter.
Here are several examples (local.cf and spamassassin -D outpu
That won't work.
If you zero the scores of the individual RBLs, then they are disabled.
Period. No meta rule can later re-enable them.
Sorry Marc, but at present, SA doesn't have any direct support for this.
However, you might be able to make use of SA's priority and the
shortcircuit plugin to ge
[EMAIL PROTECTED] wrote:
> I have a FreeBSD machine running qmail, SpamAssassin and ClamAV. The machine
> is receiving 200,000 e-mail messages per day, courtesy of Rumpelstiltskin
> attacks from thousands of different IP addresses each day, and SpamAssassin
> appears to be overwhelmed. I have
Michael Scheidell wrote on Sun, 19 Aug 2007 06:23:34 -0400 (EDT):
> is their mail web site www.iecc.com offline?
ping is ok, SMTP answers ASAP, so I'd say they have a problem with their
httpd, no DoS or some such.
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services
>
> What's with this? There's no need for this on this list.
>
Maybe not... pray for victory over the moron stick for me please.
>
> You've asked many a question here that the above would have applied to
>
No kiddin? :-)
Im sure I would agree...
I imagine the ESR smart questions faq wou
Net-buoy wrote on Sat, 18 Aug 2007 17:24:22 -0700 (PDT):
> Time actually received ADT is 15:45
> ADT is -8 UTC and local mail reflects 15:45 -0800 AKDT
23:45 UTC
> Time mail actually sent is EDT 19:45. EDT is 4 hrs earlier than ADT
> Time shown on e-mail: 18 Aug 2007 23:45:02 -0400 EDT
3.45 UT
John Levine/founder of Cause? and all around PIA to spammers?
is their mail web site www.iecc.com offline?
Can't be reached from any network I have access to.
Anyone have access to it?
(is spammers would put their knolwdge to good use, by now, with the cpu
cycles wasted in this war, we would hav
Hello All,
After an upgrade to SA3.2.2 I've noticed that I've started to get FP's from
e-mail accounts originating at walla.com
I can see that it may be wise to adjust some scores to make these FP get thru
my system:
score DNS_FROM_OPENWHOIS 0
score DNS_FROM_RFC_DSN 0
Do you think this is re
On 8/18/2007 6:19 PM, Robert - elists wrote:
I have *always* run SA through MailScanner. This configuration is not new,
I
have run it this way for *years*. The only thing that's new is the version
of SA. As soon as I upgraded to v3.2.3, the problems started.
If you can't be helpful, I can certai
On 8/18/2007 12:43 PM, MaraBlue wrote:
Kai Schaetzl wrote:
MaraBlue wrote on Sat, 18 Aug 2007 00:02:16 -0700 (PDT):
there several versions back.
I've run --lint -D, and SA is reading local.cf (I can post the log if
needed). The only other thing I changed a few days before this started
was
s
51 matches
Mail list logo