Hi
Suddenly my collegue mails are recieved as spam by 3.1.7 SA. I added to them
on white list entry. Why it comes like this suddenly? any solution?
--
Sg
John Rudd wrote:
René Berber wrote:
Here's a good example of why Botnet's default score is too high, those
guys at
meridiencancun have a so called Enterprise account with their ISP,
what they
get is a fixed IP and no control over reverse DNS, that's why the reverse
returns what the ISP
Hi Steve,
Thanks for the info.
However the version of MailScanner that i use does not support this
attribute.
Is there other place were i can add this header.
Kindly regards,
Yossi
Steve Freegard-2 wrote:
Matt Kettler wrote:
yossim wrote:
Hi forum, I am running MailScanner integrated
-Original Message-
From: news [mailto:[EMAIL PROTECTED] On Behalf Of René Berber
Sent: 22 August 2007 07:42
To: users@spamassassin.apache.org
Subject: Re: BOTNET Exceptions for Today
John Rudd wrote:
René Berber wrote:
Here's a good example of why Botnet's default score is
On 22.08.07 11:47, Sg wrote:
Suddenly my collegue mails are recieved as spam by 3.1.7 SA. I added to
them on white list entry. Why it comes like this suddenly? any solution?
maybe your colleague got onto blacklist?
Hard to say without seeing headers
--
Matus UHLAR - fantomas, [EMAIL PROTECTED]
Hi!
Suddenly my collegue mails are recieved as spam by 3.1.7 SA. I added to
them on white list entry. Why it comes like this suddenly? any solution?
maybe your colleague got onto blacklist?
Hard to say without seeing headers
Or is he using a image as footer, with the current SA rules you
yossim wrote:
Hi Steve,
Thanks for the info.
However the version of MailScanner that i use does not support this
attribute.
Is there other place were i can add this header.
No - you'll have to upgrade MailScanner if you want to be able to do
this (it isn't hard).
Kind regards,
Steve.
Hello all!
Im using Postfix as MTA and use the procmailrc script in each $HOME dir to
filter and delete spam immeditately before it get's into the user's mailbox.
For some users I do have to send all incoming mail for [EMAIL PROTECTED] to
another mailserver [EMAIL PROTECTED] by using the
header __RCVD_IN_JMFILTER
eval:check_rbl('JMFILTER','hostkarma.junkemailfilter.com.')
describe __RCVD_IN_JMFILTER Sender listed in JMFILTER
tflags __RCVD_IN_JMFILTER net
header RCVD_IN_JMFILTER_W eval:check_rbl_sub('JMFILTER', '127.0.0.1')
describe RCVD_IN_JMFILTER_W Sender listed in
Sg wrote:
Hi
Suddenly my collegue mails are recieved as spam by 3.1.7 SA. I added
to them on white list entry. Why it comes like this suddenly? any
solution?
could be anything. Got an X-Spam-Status to provide us a clue?
Well, maybe I didn't explain it properly we are not providing relay for the
outgoing mail, we are only filtering for viruses/spam the incoming mails and
the part that are junk of them are the ones bouncing to us and giving
problems.
Relay service is a non-op in the current spam war. If you
do
Hello all,
I have two mailservers, a primary and a secondary MX.
The primary MX is a spamassassin (3.2.3 on Ubuntu Linux) box that is
placed inline of a MS Exchange machine.
Spamassassin is doing a good job, especialy with the RBL's I am using.
The backup MX is a simple EXIM which does only
hi --
What you want is the VBounce ruleset, including in SpamAssassin 3.2.x or
downloadable for 3.1.x here:
http://wiki.apache.org/spamassassin/VBounceRuleset . It's designed
to deal with exactly what you're describing.
--j.
sacoo sacoo writes:
Well, maybe I didn't explain it properly we are
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Rense Buijen schrieb:
The problem now lies with the RBL's, when the SA box dies, the mail will
be queued on my Exim box and when service is restored, it will forward
it again BUT the last Received from: path will be of course the Exim
host IP.
Hi Matthias,
Thank you for your (quick) reply.
I cannot utilize the trusted_networks settings because I cannot trust
the mail that my backup MX sends to me.
The backup MX does NO filtering at all, it just accepts ALL mail that
has a certain destination domain and then forwards it to the
Hi
I cannot utilize the trusted_networks settings because I cannot trust
the mail that my backup MX sends to me.
The backup MX does NO filtering at all, it just accepts ALL mail that
has a certain destination domain and then forwards it to the Primary
MX where SA is running, SA is doing all
Hi Matthias,
Thank you for your (quick) reply.
I cannot utilize the trusted_networks settings because I cannot trust
the mail that my backup MX sends to me.
The backup MX does NO filtering at all, it just accepts ALL mail that
has a certain destination domain and then forwards it to the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Rense Buijen schrieb:
Thank you for your (quick) reply.
I cannot utilize the trusted_networks settings because I cannot trust
the mail that my backup MX sends to me.
But your backup MX is trusted in the sense that it will not forge
sender
Hi Pawel,
I dont think I can check the recipient, if it doesnt exist the
mailserver should send a normal bounce like every mailserver does,
right? So does the primary machine (Exchange) I dont see a problem with
that.
Do you know if there is another good setup without having to sync all
Mathhias,
The problem is that when the mail enters the backup MX, we dont know if
that mail is blacklisted at for instance spamcop.
So if the backup mx accepts the mail (because it's dumb and it will
accept it), and my primary mx (SA) has set the backup mx as trusted
network/source, the mail
Thats the one
Ben
On 8/22/07, Rense Buijen [EMAIL PROTECTED] wrote:
...thats it? So it will skip the IP of the second MX and do an RBL check
against the IP who'm delivered it to the second MX? COOL! I thought it
would just ignore everything and pass on the mail Thanks!
Ben O'Hara
Rense Buijen wrote:
Mathhias,
The problem is that when the mail enters the backup MX, we dont know
if that mail is blacklisted at for instance spamcop.
So if the backup mx accepts the mail (because it's dumb and it will
accept it), and my primary mx (SA) has set the backup mx as trusted
On Wed, 22 Aug 2007, Euroka wrote:
For some users I do have to send all incoming mail for
[EMAIL PROTECTED] to another mailserver [EMAIL PROTECTED] by using
the /etc/postfix/virtual file.
That bypasses local delivery.
So how can I delete all SPAM immediately before it's being
forwarded to
Thanks a lot all, it's all clear to me now!
I though that the trusted networks mean that the message will just be
passed it it came from that source.
I didnt know it will skip to the next Received IP. Thanks a lot.
One question about the backscatter problem though, if I understand
correctly
Thanks again to everybody who responded, and steered me in the right direction.
I'm very close to getting John Simpson's validrcptto qmail patch described at
http://qmail.jms1.net/patches/validrcptto.cdb.shtml in place on the mailhub
machine to prevent passing Rumpelstiltskin problem e-mail
Hi all,
Having problems getting PDFInfo to load.
Basic machine info:
Sun Solaris 5.9
perl v5.8.9
spamassassin v3.2.2
PDFInfo v0.8
init.pre entry: loadplugin Mail::SpamAssassin::Plugin::PDFInfo
/etc/mail/spamassassin/plugins (which is where I
Rense Buijen wrote on Wed, 22 Aug 2007 16:01:09 +0200:
I think Exchange is configured the right way
in such a way that it knows what users it has on the system..
But your backup MX doesn't. As you say you are taking in all mail, forward
it to primary and then bounce it back to the sender.
On Wed, 22 Aug 2007 at 10:21 -0400, [EMAIL PROTECTED] confabulated:
Hi all,
Having problems getting PDFInfo to load.
Basic machine info:
Sun Solaris 5.9
perl v5.8.9
spamassassin v3.2.2
PDFInfo v0.8
init.pre entry: loadplugin
Hi Kai,
I didn't know that a backup MX can lead to more trouble then having just
one, gee, I thought it was a good thing but it turned out to be a quite
bad one :)
I'll go and use LDAP on the second MX to make sure the remote user
exists, otherwise drop it silently.
It's indeed getting a bit
Rense Buijen wrote:
Thanks a lot all, it's all clear to me now!
I though that the trusted networks mean that the message will just be
passed it it came from that source.
I didnt know it will skip to the next Received IP. Thanks a lot.
One question about the backscatter problem though, if I
On 8/22/07, Justin Mason [EMAIL PROTECTED] wrote:
hi --
What you want is the VBounce ruleset, including in SpamAssassin 3.2.x or
downloadable for 3.1.x here:
http://wiki.apache.org/spamassassin/VBounceRuleset . It's designed
to deal with exactly what you're describing.
Yeah I saw the
At 10:35 AM 8/22/2007, Duane Hill wrote:
On Wed, 22 Aug 2007 at 10:21 -0400, [EMAIL PROTECTED] confabulated:
Hi all,
Having problems getting PDFInfo to load.
Basic machine info:
Sun Solaris 5.9
perl v5.8.9
spamassassin v3.2.2
PDFInfo v0.8
I think it might be easier if you would simply have a conversation with
the techy folks at your customers- invite them to configure THEIR system
so that either everything from YOUR system is OK no matter what spam
status it has (they can route it to bit-bucket or whatever) or turn off
the
Per Jessen wrote:
I have seen this once or twice, but still very rarely - spamd will
fail to restart after receiving a SIGHUP. It stops, but does not
restart. There's nothing in the log to indicate why. Has anyone seen
the same?
OK, this happened yesterday and now just again. Any
On 8/22/07, Kevin Parris [EMAIL PROTECTED] wrote:
I think it might be easier if you would simply have a conversation with
the techy folks at your customers- invite them to configure THEIR system
so that either everything from YOUR system is OK no matter what spam
status it has (they can route
Per Jessen writes:
Per Jessen wrote:
I have seen this once or twice, but still very rarely - spamd will
fail to restart after receiving a SIGHUP. It stops, but does not
restart. There's nothing in the log to indicate why. Has anyone seen
the same?
OK, this happened yesterday and
Rense Buijen wrote on Wed, 22 Aug 2007 16:43:19 +0200:
I didn't know that a backup MX can lead to more trouble then having just
one
Unfortunately, backup MXes attract spammers :-(. You could at least add
some more backup MXs (that don't exist) on top of that, that may help to
reduce the
It's still not clear (at least to me) what you actually want to do and
what happens that creates a problem.
You provide virus scanning, but not spam scanning? And they reject the
spam coming from you? Is that what happens?
Visit them and take a big club with you. It's obviously *completely*
On 8/22/07, Kai Schaetzl [EMAIL PROTECTED] wrote:
It's still not clear (at least to me) what you actually want to do and
what happens that creates a problem.
You provide virus scanning, but not spam scanning? And they reject the
spam coming from you? Is that what happens?
Visit them and take
Is there a way to white list based on the IP using the Received from. We
have whitelisted our local domain but have noticed some that spoof our
domain. However the Received from tag is usually a different IP.
Is it good practice to whitelist using IP?
thanks
Dean
Dean Clapper wrote:
Is there a way to white list based on the IP using the Received from.
We have whitelisted our local domain but have noticed some that spoof
our domain. However the Received from tag is usually a different IP.
Is it good practice to whitelist using IP?
whitelist_from is
On 8/22/07, Noel Jones [EMAIL PROTECTED] wrote:
On 8/22/07, Kai Schaetzl [EMAIL PROTECTED] wrote:
It's still not clear (at least to me) what you actually want to do and
what happens that creates a problem.
You provide virus scanning, but not spam scanning? And they reject the
spam coming
Hello,
I hoticed that even if much of dynamic ranges are detected, but there are
still some undetected.
chello.sk uses hostnames with full IP's and without delimiters, for example
chello085216200090.chello.sk, which do not match dynamic IP tests.
I wonder if someone could push such check into
On 8/22/07, Rense Buijen [EMAIL PROTECTED] wrote:
Thanks a lot all, it's all clear to me now!
I though that the trusted networks mean that the message will just be
passed it it came from that source.
I didnt know it will skip to the next Received IP. Thanks a lot.
One question about the
On 22 Aug 2007, John Rudd spake thusly:
Nix wrote:
My ISP doesn't give me that option (well, OK, it probably gives *me*
that option because I can bug the ISP's technical director, but not
people who've posted bonds). I'd venture to guess that the vast majority of
small business UK ISPs, even
Hi,
Im using qmail,vpopmail,clamav,and SA 3.0.1 under RHEL4
We send newsletters frequently so I really understand that it will cost a
lot of cpu usage. I was thinking if I can setup the SA into a different
machine, not with the email server. So I can gain more cpu usage. when it
goes to 99 to
On Wed, 22 Aug 2007, Rense Buijen wrote:
I didn't know that a backup MX can lead to more trouble then
having just one, gee, I thought it was a good thing but it turned
out to be a quite bad one :)
It *is* a good idea. You just can't cheap out on configuring it.
Ideally, your backup MXs
Hi,
Im using qmail,vpopmail,clamav,and SA 3.0.1 under RHEL4
We send newsletters frequently so I really understand
that it will cost a lot of cpu usage. I was thinking if I
can setup the SA into a different machine, not with the
email server. So I can gain more cpu usage. when it goes
to
So sir, I can just setup an updated verision of SA in a different server and
configure it to scan remote servers? can u please send a link how to that..
Im not that good yet..:working:
Linooks wrote:
Hi,
Im using qmail,vpopmail,clamav,and SA 3.0.1 under RHEL4
We send newsletters
* Linooks [EMAIL PROTECTED]:
Hi,
Im using qmail,vpopmail,clamav,and SA 3.0.1 under RHEL4
We send newsletters frequently so I really understand that it will cost a
lot of cpu usage.
Why would it? Can't you inject the newsletter in such a way that it
circumvents SA clamav?
--
Ralf
Thats also my problem, I did not set this email server..
How would I do what you recommend?
Thanks,
Ralf Hildebrandt wrote:
* Linooks [EMAIL PROTECTED]:
Hi,
Im using qmail,vpopmail,clamav,and SA 3.0.1 under RHEL4
We send newsletters frequently so I really understand that it will
On Wed, 22 Aug 2007, Linooks wrote:
Thats also my problem, I did not set this email server..
How would I do what you recommend?
First question: how is SA being called? Then we can offer advice.
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
[EMAIL PROTECTED]
I have no idea, but I think the server uses simscan to call clam and SA. I
hope that helps..
John D. Hardin wrote:
On Wed, 22 Aug 2007, Linooks wrote:
Thats also my problem, I did not set this email server..
How would I do what you recommend?
First question: how is SA being called?
On Mon, 20 Aug 2007, Duane Hill wrote:
On Mon, 20 Aug 2007 at 16:24 -0600, [EMAIL PROTECTED] confabulated:
On Fri, 17 Aug 2007, Eric A. Hall wrote:
On 8/16/2007 12:39 PM, Marc Perkel wrote:
OK - it's interesting that of all of you who responded this is the only
person who is doing it
On Mon, 20 Aug 2007, David B Funk wrote:
On Mon, 20 Aug 2007, Duane Hill wrote:
On Mon, 20 Aug 2007 at 16:24 -0600, [EMAIL PROTECTED] confabulated:
[snip..]
I have to second that... In the early days when spammers were just
getting started, we started using some RBL's at the MTA level.
Linooks wrote:
I have no idea, but I think the server uses simscan to call clam and SA. I
hope that helps..
If you are using simscan you can add
[EMAIL PROTECTED]:spam=no,clam=yes
to the /var/qmail/control/simcontrol file and then run
/var/qmail/bin/simscanmk.
[EMAIL PROTECTED] is the
Cool!! i will try this one,, a very big thanks!! muah! I think this will
work!
Rick Macdougall-2 wrote:
Linooks wrote:
I have no idea, but I think the server uses simscan to call clam and SA.
I
hope that helps..
If you are using simscan you can add
[EMAIL
Michael Chapman wrote:
Well, nothing has worked so far ... every message that I have coming
in (except for the specifically white-listed messages from this
mailing list) have USER_IN_BLACKLIST flagged. Where on earth is it
getting this? You've seen my local.cf, I don't have a user_prefs
On Wed, 22 Aug 2007, maillist wrote:
*PLEASE* prune your replies.
You may want to try to turn off bayes_auto_learn or just turn off
bayes all together. Maybe your bayes have become corrupt.
How would bayes cause the USER_IN_BLACKLIST rule to fire?
--
John Hardin KA7OHZ
59 matches
Mail list logo