SM wrote:
> Hi Victor,
> At 21:40 09-04-2008, Victor Sudakov wrote:
> >This is the standard CommuniGate Pro "Received:" header.
> >When HELO matches the hostname, this header always looks this way,
> >with the word "verified" added to it.
>
> SpamAssassin is not parsing that "Received:" header as
Hi Victor,
At 21:40 09-04-2008, Victor Sudakov wrote:
This is the standard CommuniGate Pro "Received:" header.
When HELO matches the hostname, this header always looks this way,
with the word "verified" added to it.
SpamAssassin is not parsing that "Received:" header as one with a
hostname whi
SM wrote:
> >OK, this was a poor example. Here is a better one. Let's start anew :)
> >
> >The rule is
> >whitelist_from_rcvd [EMAIL PROTECTED] mncs.tomsk.ru
> >
> >The relay is mncs.tomsk.ru, as you see, whose forward and reverse DNS
> >mapping is correct.
>
> The forward and reverse DNS mapping
SM wrote:
[dd]
>
> dbg: received-header: found fetchmail marker outside trusted area, ignored
> dbg: received-header: parsed as [ ip=213.183.100.11 rdns=
> helo=gw.dtdm.tomsk.ru by=relay2.tomsk.ru ident= envfrom= intl=0
> id=9838562 auth= msa=0 ]
> dbg: received-header: relay 213.183.100.11 tr
Victor Sudakov wrote:
>
> OK, this was a poor example. Here is a better one. Let's start anew :)
>
> The rule is
> whitelist_from_rcvd [EMAIL PROTECTED] mncs.tomsk.ru
>
> The relay is mncs.tomsk.ru, as you see, whose forward and reverse DNS
> mapping is correct.
>
> Why does the rule not work w
Hi Victor,
At 19:54 09-04-2008, Victor Sudakov wrote:
OK, this was a poor example. Here is a better one. Let's start anew :)
The rule is
whitelist_from_rcvd [EMAIL PROTECTED] mncs.tomsk.ru
The relay is mncs.tomsk.ru, as you see, whose forward and reverse DNS
mapping is correct.
The forward an
Eloise Carlton writes:
> Thank you for taking the time to report and share this information. We
> have initiated an investigative process on this report and during the
> investigative period we have downgraded the sender's accreditation
> level.
Thank you, Eloise. I greatly appreciate Habeas' re
Hi Victor,
At 19:38 09-04-2008, Victor Sudakov wrote:
Yes, the output is here
Sorry, I missed that.
Which lines show whether the host matches "dtdm.tomsk.ru" and why?
From your output:
dbg: received-header: found fetchmail marker outside trusted area, ignored
The Received header inserted
Hello,
Thank you for taking the time to report and share this information. We
have initiated an investigative process on this report and during the
investigative period we have downgraded the sender's accreditation
level. The original message was launched on 4/3 with the subject line
"Hey ;)" and
There probably is no feature to just get Spamassassin to output all of
that data. It shouldn't have to, however, because what you're looking
for is kept in flat text files.
There is something to be said for this as a debug or lint-like option. SA
will combine rules and scores from many files,
Dave Funk wrote:
>
> >>>I have the following rule in local.cf:
> >>>whitelist_from_rcvd [EMAIL PROTECTED] dtdm.tomsk.ru
>
> >>>[snip..]
>
> >>>Received: from mail.sibptus.tomsk.ru [212.73.124.5]
> >>> by admin.sibptus.tomsk.ru with POP3 (fetchmail-6.3.8)
> >>> for <[EMAIL PROTECTED]>
SM wrote:
> >No, the host shows up as "gw.dtdm.tomsk.ru" which matches "dtdm.tomsk.ru".
>
> You can see how the Received headers in the message are parsed by
> saving the entire message to a file and running it through SpamAssassin:
>
> spamassassin -t -D < filename
>
> The output will show whe
Matus UHLAR - fantomas wrote:
> > SM wrote:
> > > At 22:02 08-04-2008, Victor Sudakov wrote:
> > > >I have the following rule in local.cf:
> > > >whitelist_from_rcvd [EMAIL PROTECTED] dtdm.tomsk.ru
> > > >
> > > >Please help me figure out why the rule does not work. Below is a sample
> > > >message
mouss wrote:
But back on topic... the OP has been joe-jobbed.
he's not the only one... seems there's a lot of backscatter coming in
these days.
Thanks for confirming that spf doesn't fix the problem.
The main problem with SPF is that most other servers out there don't check it
even if you
decoder wrote:
> We recently discovered that even our own mailserver (Postfix) was a
> backscatter source (and 1-2 weeks ago spammers started to actively use
> it), there were several reasons and I'd like to share these points with
> the list so nobody does the same mistakes.
Thanks for the dis
ahgu wrote:
How do I create a rule for spamassasssin that it looks for the following
string in the message box and give it high score?
Return-Path: <[EMAIL PROTECTED]>
Everything you will probably ever need to know about basic and
intermediate rule-writing can be found at:
http://wiki.a
On Wed, 9 Apr 2008, Luis Hernán Otegui wrote:
2008/4/9, John Hardin <[EMAIL PROTECTED]>:
On Wed, 9 Apr 2008, mouss wrote:
Thanks for confirming that spf doesn't fix the problem.
There's no silver bullet. SPF will tend to reduce the problem.
Would't DKIM help also? I've implemented both
mouss wrote:
he's not the only one... seems there's a lot of backscatter coming in
these days.
I guess the reason is that it is so easy to make a mistake in a
mailserver configuration that enables backscatter...
We recently discovered that even our own mailserver (Postfix) was a
backscatter
2008/4/9, John Hardin <[EMAIL PROTECTED]>:
> On Wed, 9 Apr 2008, mouss wrote:
>
>
> > Thanks for confirming that spf doesn't fix the problem.
> >
>
> There's no silver bullet. SPF will tend to reduce the problem.
Would't DKIM help also? I've implemented both methods, and encouraged
my colleagues
> -Original Message-
> From: Craig Cocca [mailto:[EMAIL PROTECTED]
> Sent: 10 April 2008 6:40 a.m.
> To: users@spamassassin.apache.org
> Subject: Listing all rules and all scores
>
> Spamassassin Users,
>
> Is there an easy way to get spamassassin to list out all of the rules
> and all o
Rose, Bobby wrote:
I'm staring to see BATV use increasing. Has anyone thought about how
this effects whitelists, mta acls, etc? It looks like such things are
broken because if an end-user whitelists [EMAIL PROTECTED] and BATV has the
mail from as [EMAIL PROTECTED], then that whitelisting has no
Ralph B wrote:
Thanks for the response, Matt.
Matt Kettler wrote:
Ralph B wrote:
I've tried to set up spamassissin approximately as described in
http://wiki.apache.org/spamassassin/SiteWideBayesSetup.
When my users (only 5 of us) receive a spam we redirect it to
[EMAIL PROTECTED] Periodically
Thanks for the response, Matt.
Matt Kettler wrote:
> Ralph B wrote:
>> I've tried to set up spamassissin approximately as described in
>> http://wiki.apache.org/spamassassin/SiteWideBayesSetup.
>>
>> When my users (only 5 of us) receive a spam we redirect it to
>> [EMAIL PROTECTED] Periodically I
On Wed, 9 Apr 2008, Rose, Bobby wrote:
I'm staring to see BATV use increasing. Has anyone thought about how
this effects whitelists, mta acls, etc? It looks like such things are
broken because if an end-user whitelists [EMAIL PROTECTED] and BATV has the
mail from as [EMAIL PROTECTED], then tha
On Wed, 9 Apr 2008, mouss wrote:
Thanks for confirming that spf doesn't fix the problem.
There's no silver bullet. SPF will tend to reduce the problem.
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
[EMAIL PROTECTED]FALaholic #11174 pgpk -a [EMAIL PROTECTED
I'm staring to see BATV use increasing. Has anyone thought about how
this effects whitelists, mta acls, etc? It looks like such things are
broken because if an end-user whitelists [EMAIL PROTECTED] and BATV has the
mail from as [EMAIL PROTECTED], then that whitelisting has no
effect. And since t
What is the "message box"?
Do you ever intend to see [EMAIL PROTECTED] in the return path as a
valid message? If not, delete it via procmail or some other method.
ahgu wrote:
How do I create a rule for spamassasssin that it looks for the following
string in the message box and give it high sc
Ralph B wrote:
I've tried to set up spamassissin approximately as described in
http://wiki.apache.org/spamassassin/SiteWideBayesSetup.
When my users (only 5 of us) receive a spam we redirect it to
[EMAIL PROTECTED] Periodically I do a "sa-learn --showdots --mbox --spam
/home/spam/mbox" from root
Hi Kris,
At 09:12 09-04-2008, Kris Deugau wrote:
Anyone have any suggestions on tuning a large global Bayes db for
stability and sanity? I've got my fingers in the pie of a
moderately large mail cluster, but I haven't yet found a Bayes
configuration that's sane and stable for any extended
per
John Hardin wrote:
How varied is the character of your message traffic? Is manual learning
an option, especially with larger autolearn thresholds?
What is this... "manual learning"... you speak of?
Not really an option in the short term, although in the long term I'd
*like* to have a syste
Jonathan Nichols wrote:
Yup. Even used the wizard and that exact same verification tool, as
well as dnsstuff.com and it reports that the SPF records I added are
just fine.
Yet, I still got plenty of junk thanks to some russian spammer using
my hostmaster@ as the From. :(
But back on topi
On Apr 9, 2008, at 2:16 PM, mouss wrote:
Martin Gregorie wrote:
On Wed, 2008-04-09 at 19:04, Jonathan Nichols wrote:
Guys? He's been joe-jobbed.
From the original email: "somebody is using my email as the
bounce- back return email.
How do I avoid the problem?"
If SPF is supposed to prev
I've tried to set up spamassissin approximately as described in
http://wiki.apache.org/spamassassin/SiteWideBayesSetup.
When my users (only 5 of us) receive a spam we redirect it to
[EMAIL PROTECTED] Periodically I do a "sa-learn --showdots --mbox --spam
/home/spam/mbox" from root.
Spamassassin's
> I was wondering how you would feed unmarked spam to the SA frontend?
> Since email is passed through to Exchange, it isn't stored on the SA server
> anymore like it is now.
We do this. I have set up a public folder in Exchange named SPAM. The users
self police their emails and drop any unmarked
Martin Gregorie wrote:
On Wed, 2008-04-09 at 19:04, Jonathan Nichols wrote:
Guys? He's been joe-jobbed.
From the original email: "somebody is using my email as the bounce-
back return email.
How do I avoid the problem?"
If SPF is supposed to prevent this, I can say that it sure as heck
Any ideas why SA isn't rewriting the subject line on NDR's?
We get tons of backscatter. Spam score is good but the subject line
hasn't been rewritten. Non NDR spa, emailss are rewritten fine.
We are using version 3.1.9 with Postfix on Linux.
On Wed, 2008-04-09 at 19:04, Jonathan Nichols wrote:
> On Apr 8, 2008, at 2:50 PM, McDonald, Dan wrote:
>
> >
> > On Tue, 2008-04-08 at 12:36 -0700, ahgu wrote:
> >> They forged the header with my email addr as the return address.
> >> When it get bounced back by a server, everything is valid. Sin
Henry Kwan wrote:
Hi,
Have been running SA on CentOS for a few years now and everything has been
working great. But the powers that be want to move to Exchange so I am trying
to plan a SA frontend that feeds the Exchange server.
As I was thinking over how SA works now and how it might work in
Spamassassin Users,
Is there an easy way to get spamassassin to list out all of the rules
and all of the rule scores it's currently using? The debug output
only tells you what modules and configuration files are loaded, but
we're looking for a comprehensive accounting of all of the rule na
Henry Kwan schrieb:
Hi,
Have been running SA on CentOS for a few years now and everything has been
working great. But the powers that be want to move to Exchange so I am trying
to plan a SA frontend that feeds the Exchange server.
As I was thinking over how SA works now and how it might work i
How do I create a rule for spamassasssin that it looks for the following
string in the message box and give it high score?
Return-Path: <[EMAIL PROTECTED]>
thanks
Andrew
--
View this message in context:
http://www.nabble.com/how-do-I-create-a-rule--tp16593499p16593499.html
Sent from the SpamAs
Hi,
Have been running SA on CentOS for a few years now and everything has been
working great. But the powers that be want to move to Exchange so I am trying
to plan a SA frontend that feeds the Exchange server.
As I was thinking over how SA works now and how it might work in the my future
setup
On Apr 8, 2008, at 2:50 PM, McDonald, Dan wrote:
On Tue, 2008-04-08 at 12:36 -0700, ahgu wrote:
They forged the header with my email addr as the return address.
When it get bounced back by a server, everything is valid. Since
the server
strip off most of the content, it can pass the spamass
> From: Kris Deugau <[EMAIL PROTECTED]>
> Organization: ViaNet Internet Solutions
> Reply-To:
> Date: Wed, 09 Apr 2008 12:36:56 -0400
> To:
> Subject: Re: Large-scale global Bayes tuning?
>
> Michael Scheidell wrote:
>> Bayes on cluster begs the question: what if you didn't replicate the bayes
>
On Wed, 9 Apr 2008, Kris Deugau wrote:
John Hardin wrote:
On Wed, 9 Apr 2008, Kris Deugau wrote:
> autolearn is picking up ~1.5M+ from ~300K messages on a daily basis.
Push your autolearn thresholds out to reduce the overall volume of learned
spam and ham?
I've thought about that. It m
John Hardin wrote:
On Wed, 9 Apr 2008, Kris Deugau wrote:
autolearn is picking up ~1.5M+ from ~300K messages on a daily basis.
Push your autolearn thresholds out to reduce the overall volume of
learned spam and ham?
I've thought about that. It makes it more difficult to get Bayes data
on
Michael Scheidell wrote:
Bayes on cluster begs the question: what if you didn't replicate the bayes
tables, and left them server specific?
It may yet take that. :( (If only for overall cluster reliability -
any one of the current three machines could handle the current load
without any trou
> From: Kris Deugau <[EMAIL PROTECTED]>
> Organization: ViaNet Internet Solutions
> Date: Wed, 09 Apr 2008 12:12:43 -0400
> To:
> Subject: Large-scale global Bayes tuning?
>
> Anyone have any suggestions on tuning a large global Bayes db for
> stability and sanity? I've got my fingers in the p
On Wed, 9 Apr 2008, Kris Deugau wrote:
autolearn is picking up ~1.5M+ from ~300K messages on a daily basis.
Push your autolearn thresholds out to reduce the overall volume of learned
spam and ham?
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
[EMAIL PROTECTED]
Anyone have any suggestions on tuning a large global Bayes db for
stability and sanity? I've got my fingers in the pie of a moderately
large mail cluster, but I haven't yet found a Bayes configuration that's
sane and stable for any extended period. Wiping it completely about
once a week seems
age85 wrote:
we have a default slox 9 installation, please have a look at the attached
output. We can see two different spam scores in one message.
I can't see that you get two scores in one message in the output
you attached.
You atteched *one* multipart message. That single message only
On 09.04.2008 12:41 CE(S)T, Justin Mason wrote:
Yves Goergen writes:
I keep getting this error since I installed SpamAssassin 3.2.4 on my
Debian 3.1 Linux machine:
Apr 9 11:52:20 mond spamd[2087]: Exception: incomplete data at
/usr/local/lib/perl/5.8.4/Net/DNS/RR.pm line 513, line 275.
Apr
On Wed, 9 Apr 2008, Victor Sudakov wrote:
SM wrote:
At 22:02 08-04-2008, Victor Sudakov wrote:
I have the following rule in local.cf:
whitelist_from_rcvd [EMAIL PROTECTED] dtdm.tomsk.ru
[snip..]
Received: from mail.sibptus.tomsk.ru [212.73.124.5]
by admin.sibptus.tomsk.ru with POP
Hi Victor,
At 00:59 09-04-2008, Victor Sudakov wrote:
No, the host shows up as "gw.dtdm.tomsk.ru" which matches "dtdm.tomsk.ru".
You can see how the Received headers in the message are parsed by
saving the entire message to a file and running it through SpamAssassin:
spamassassin -t -D < fil
On 09.04.08 15:46, [EMAIL PROTECTED] wrote:
> Thanks Matt for clarification, I understand Matus complete wrong...and now
> I'm completely confused.
> I would understand the following:
> - I check this mail first time and get eg. 3 points.
> - After a while I check this mail again (the hashes and b
Thanks Matt for clarification, I understand Matus complete wrong...and now I'm
completely confused.
I would understand the following:
- I check this mail first time and get eg. 3 points.
- After a while I check this mail again (the hashes and blacklist are updated)
and get now eg. 6 points.
- T
age85 wrote:
Thanks for the very quick response.
But how to I do that?
Do I need another script? Or is it a setting somewhere (eg in local.cf)?
How do you do what? Matus explained the results, but there's nothing to
be changed, unless you want to invent time travel.
URIBL and IXHASH are
Thanks for the very quick response.
But how to I do that?
Do I need another script? Or is it a setting somewhere (eg in local.cf)?
On 09.04.08 05:47, age85 wrote:
> > we have a default slox 9 installation, please have a look at the
> attached
> > output. We can see two different spam scores in
On 09.04.08 05:47, age85 wrote:
> we have a default slox 9 installation, please have a look at the attached
> output. We can see two different spam scores in one message. We receive the
> message with the lower spam value in the header. What's the reason for this?
> What happens with the higher val
> SM wrote:
> > At 22:02 08-04-2008, Victor Sudakov wrote:
> > >I have the following rule in local.cf:
> > >whitelist_from_rcvd [EMAIL PROTECTED] dtdm.tomsk.ru
> > >
> > >Please help me figure out why the rule does not work. Below is a sample
> > >message where I think the rule should work but actu
> On Tue, April 8, 2008 21:10, ahgu wrote:
>
> > Delivery to the following recipient has been delayed:
> >
> > [EMAIL PROTECTED]
> >
> > Message will be retried for 2 more day(s)
On 08.04.08 21:20, Benny Pedersen wrote:
> what mta have 2 days of notifying as default ?
the bounce was from g
> >>Matus UHLAR - fantomas wrote:
> >>>if you want to turn those off, simply disable network rules. Many rules
> >>>have different scores when used with network and without it, and simply
> >>>disabling network rules would increase FN (maybe even FP) rate for you.
[...]
On 08.04.08 14:06, DAve wr
Yves Goergen writes:
> I keep getting this error since I installed SpamAssassin 3.2.4 on my
> Debian 3.1 Linux machine:
>
> > Apr 9 11:52:20 mond spamd[2087]: Exception: incomplete data at
> > /usr/local/lib/perl/5.8.4/Net/DNS/RR.pm line 513, line 275.
> > Apr 9 11:52:20 mond spamd[2087]: c
Hi,
I keep getting this error since I installed SpamAssassin 3.2.4 on my
Debian 3.1 Linux machine:
Apr 9 11:52:20 mond spamd[2087]: Exception: incomplete data at
/usr/local/lib/perl/5.8.4/Net/DNS/RR.pm line 513, line 275.
Apr 9 11:52:20 mond spamd[2087]: caught at
/usr/local/share/perl/
Victor Sudakov wrote:
> > >I have the following rule in local.cf:
> > >whitelist_from_rcvd [EMAIL PROTECTED] dtdm.tomsk.ru
> > >
> > >Please help me figure out why the rule does not work. Below is a sample
> > >message where I think the rule should work but actually does not.
> >
> > [snip]
> >
>
SM wrote:
> At 22:02 08-04-2008, Victor Sudakov wrote:
> >I have the following rule in local.cf:
> >whitelist_from_rcvd [EMAIL PROTECTED] dtdm.tomsk.ru
> >
> >Please help me figure out why the rule does not work. Below is a sample
> >message where I think the rule should work but actually does not.
66 matches
Mail list logo
