spamd problem - some tests appear to stop working after running for a while?

I have Spamassassin 3.1.9 running on RedHat 4 and 5 and it seems to exhibit the following weird problem. The setup is as follows: mail servers are dedicated for spam filtering. All incoming messages are fed to SpamAssassin via spamass-milter and then spamd. Then the messages are handed off to Mic

trusted_networks set in local.cf, but not according to sa-update

I see the following when running sa-update with debug flags: [20528] dbg: conf: trusted_networks are not configured; it is recommended that you configure trusted_networks manually However: # grep trusted /usr/local/etc/mail/spamassassin/local.cf trusted_networks69.55.228.210 --

Re: EuroPharmacie

On Fri, 2008-06-20 at 23:15 +0200, Benny Pedersen wrote: > On Fri, June 20, 2008 22:34, Evan Platt wrote: > > > I guess you missed my point.. If the default of 5 was used, the message > > would have been marked as spam. :) > > and this have nothing to do with bayes was or is bad trained Yeah, ju

Re: EMERGENCY RULE: porntube redirect

On Fri, 2008-06-20 at 17:53 -0500, Chris wrote: > On Friday 20 June 2008 10:14 am, Karsten Bräckelmann wrote: > > That's the wrong way round, seriously. Do not restart SA after changes, > > unless --lint comes out clean. > > Hmm, I've always understood that SA needs to be restarted to get any new

Re: EMERGENCY RULE: porntube redirect

On Friday 20 June 2008 10:14 am, Karsten Bräckelmann wrote: > > I'd like to enjoy, stuck the above in my local.cf, restarted SA, ran > > spamassassin --lint and got: > > That's the wrong way round, seriously. Do not restart SA after changes, > unless --lint comes out clean. > > guenther Hmm, I've

Re: prefork error

On Fri, June 20, 2008 22:38, raulbe wrote: > Were can i find these settings? perldoc Mail::SpamAssassin::Conf perldoc Mail::SpamAssassin::Plugin::Bayes plenty of info there :) > would it be in spamassassin.bayes_rules or > 23_bayes.cf no in local.cf or user_prefs Benny Pedersen Need more we

Re: EuroPharmacie

On Fri, June 20, 2008 22:34, Evan Platt wrote: > I guess you missed my point.. If the default of 5 was used, the message > would have been marked as spam. :) and this have nothing to do with bayes was or is bad trained Benny Pedersen Need more webspace ? http://www.servage.net/?coupon=cust3709

Re: Channel ordering?

On Fri, June 20, 2008 22:11, Kris Deugau wrote: > must be loaded *after* pretty much everything else (eg, treated as if it > were in the site config dir). one could name the cf files like __.cf then it will be loaded in right order i hope Benny Pedersen Need more webspace ? http://www.servag

Re: prefork error

raulbe wrote: Were can i find these settings? would it be in spamassassin.bayes_rules or 23_bayes.cf As with all site-local settings, the Bayes options should go in a .cf file in your site config dir - typically either /etc/mail/spamassassin/ or /etc/spamassassin/. local.cf is usually conve

Re: how to stop SPF checks from going past trusted host?

Jo Rhett wrote: On Jun 20, 2008, at 11:49 AM, John Hardin wrote: 10.x is (supposedly) not routable on the public internet. If you see 10.x (or other RFC-1918) traffic coming in from the world, your ISP is broken. You don't run packet sniffers on your hosts much, do you? ;-) Does your ISP fi

Re: prefork error

Were can i find these settings? would it be in spamassassin.bayes_rules or 23_bayes.cf Thanks Kris Deugau wrote: > > raulbe wrote: >> What I did was turn off auto_learn and that cleared up the error. So >> would >> doing this would it affect how bayes works or? > > Well, yes. All Bayes t

Re: EuroPharmacie

Benny Pedersen wrote: On Fredag, 20/6 2008, 20:49, Evan Platt wrote: What's wrong with the default of 5? nothing :) if bayes was better trained I guess you missed my point.. If the default of 5 was used, the message would have been marked as spam. :)

Re: how to stop SPF checks from going past trusted host?

On Fri, 20 Jun 2008, Jo Rhett wrote: On Jun 20, 2008, at 11:49 AM, John Hardin wrote: 10.x is (supposedly) not routable on the public internet. If you see 10.x (or other RFC-1918) traffic coming in from the world, your ISP is broken. You don't run packet sniffers on your hosts much, do you? ;

Re: prefork error

raulbe wrote: What I did was turn off auto_learn and that cleared up the error. So would doing this would it affect how bayes works or? Well, yes. All Bayes training will now have to be done manually. What's usually a slightly better idea for a global Bayes database is to set these Bayes opt

Re: prefork error

Couple new errors now :( config: cannot write to /var/spool/uucp/.spamassassin/user_prefs: No such file or directory spamd[19476]: spamd: processing message <[EMAIL PROTECTED]> for uucp:10 Matus UHLAR - fantomas wrote: > > On 20.06.08 08:18, raulbe wrote: >> Now if I can figure out wh

Re: trusted_host breaks pretty much every form of whitelist

On Fri, Jun 20, 2008 at 01:01:53PM -0700, Jo Rhett wrote: > On Jun 20, 2008, at 12:10 PM, Henrik K wrote: >> whitelist_from_rcvd is checked on external (internal_networks) border. >> If you set up internal and trusted right, there are no problems. > > > Why not allow me to say "I trust everything f

Re: how to stop SPF checks from going past trusted host?

On Fri, Jun 20, 2008 at 12:58:55PM -0700, Jo Rhett wrote: > On Jun 20, 2008, at 12:44 PM, Henrik K wrote: >> You _need_ to have everything internal, so there will be no SPF >> lookups. >> Your fear of IP spoofers makes no sense to me, how do you think >> someone >> could accomplish that? Just p

Channel ordering?

Is it possible to determine the order channel-originated rulesets will be loaded in? Or *cause* a specific channel's rules to be loaded after another? I'm looking at creating several local channels for distributing local rules across the collection of mismatched servers doing spam filtering

Re: trusted_host breaks pretty much every form of whitelist

On Jun 20, 2008, at 12:10 PM, Henrik K wrote: whitelist_from_rcvd is checked on external (internal_networks) border. If you set up internal and trusted right, there are no problems. Why not allow me to say "I trust everything from this host" no matter what? I could possibly set internal_ne

Re: how to stop SPF checks from going past trusted host?

On Jun 20, 2008, at 12:44 PM, Henrik K wrote: You _need_ to have everything internal, so there will be no SPF lookups. Your fear of IP spoofers makes no sense to me, how do you think someone could accomplish that? Just put the 10.something there. You could have said that a lot easier ;-) U

Re: how to stop SPF checks from going past trusted host?

On Fri, Jun 20, 2008 at 12:31:06PM -0700, Jo Rhett wrote: > On Jun 20, 2008, at 12:23 PM, Henrik K wrote: >> Jo, you are unbelievable in a funny way. >> >> You always come up with dozens of posts seemingly with the attitude "I >> must >> be right". You don't configure things like they should be, a

Re: how to stop SPF checks from going past trusted host?

On Jun 20, 2008, at 12:23 PM, Henrik K wrote: Jo, you are unbelievable in a funny way. You always come up with dozens of posts seemingly with the attitude "I must be right". You don't configure things like they should be, and then complain that things don't work. Just set up the friggin netw

Re: how to stop SPF checks from going past trusted host?

On Fri, Jun 20, 2008 at 11:57:38AM -0700, Jo Rhett wrote: > On Jun 20, 2008, at 11:49 AM, John Hardin wrote: >> 10.x is (supposedly) not routable on the public internet. If you see >> 10.x (or other RFC-1918) traffic coming in from the world, your ISP is >> broken. > > > You don't run packet sni

Re: how to stop SPF checks from going past trusted host?

On Fredag, 20/6 2008, 20:49, John Hardin wrote: > 10.x is (supposedly) not routable on the public internet. If you see 10.x > (or other RFC-1918) traffic coming in from the world, your ISP is broken. pppoe, but firewall it to be sure, rule is newer accept connections from non routable ips from o

Re: Moving ham/spam from Exchange folders to sa-learn?

James Wilkinson aprilcottage.co.uk> writes: > Henry Kwan wrote: > > > Thanks for the script but I don't think I can use it as Exchange2K7 > > has dropped IMAP support for public folders. Or least this blog post > > from MSFT seems to indicate: > > > > http://msexchangeteam.com/archive/2006/02/2

Re: EuroPharmacie

On Fredag, 20/6 2008, 20:49, Evan Platt wrote: > What's wrong with the default of 5? nothing :) if bayes was better trained Benny Pedersen Need more webspace ? http://www.servage.net/?coupon=cust37098

Re: trusted_host breaks pretty much every form of whitelist

On Fri, Jun 20, 2008 at 11:08:01AM -0700, Jo Rhett wrote: > I just realized something re: the previous message about SPF failure. > > trusted_hosts is also apparently blocking whitelist_from_rcvd from > working. > > This is getting out of control. I understand the original intent here, > but ba

Re: how to stop SPF checks from going past trusted host?

On Fri, Jun 20, 2008 at 11:01:40AM -0700, Jo Rhett wrote: > On Jun 20, 2008, at 10:44 AM, Henrik K wrote: >> On Fri, Jun 20, 2008 at 10:28:25AM -0700, Jo Rhett wrote: > On Fri, Jun 20, 2008 at 12:12:45AM -0400, Matt Kettler wrote: >> That is correct, SPF checks are applied to the first untr

Re: how to stop SPF checks from going past trusted host?

On Fredag, 20/6 2008, 19:59, Jo Rhett wrote: >> netconsonance.com. IN TXT "v=spf1 ip4:64.13.134.178 ip4:64.13.143.17 >> ip4:209.157.140.144 mx ~all" >> not you ? > Nope ;-) added .17 to the domain you are sending from, but its not you so not your problem :) Benny Pedersen Need more webspace ?

Re: how to stop SPF checks from going past trusted host?

On Jun 20, 2008, at 11:49 AM, John Hardin wrote: 10.x is (supposedly) not routable on the public internet. If you see 10.x (or other RFC-1918) traffic coming in from the world, your ISP is broken. You don't run packet sniffers on your hosts much, do you? ;-) Does your ISP filter egress pac

Re: how to stop SPF checks from going past trusted host?

On Fri, 20 Jun 2008, Jo Rhett wrote: On Jun 19, 2008, at 9:21 PM, John Hardin wrote: /from \S+\.svcolo\.com (\S+ \[10\.\d+\.\d+\.\d+\]) by arran\.svcolo\.com (/ You actually need some backslashes too, but I figured it out. Thanks. D'oh! See my other note about trusted_hosts breaking all f

Re: prefork error

What I did was turn off auto_learn and that cleared up the error. So would doing this would it affect how bayes works or? Also doing the editing in confQUEUE_LA confREFUSE_LA confDELAY_LA totaly cleared up the prefork: server reached --max-children setting, consider raising it error i was ge

Re: prefork error

On Fredag, 20/6 2008, 16:55, raulbe wrote: > So should the entry look like this? > confQUEUE_LA=1 > confREFUSE_LA=1 this is based on load avage > confDELAY_LA =1 this is based on deley secunds (keep this litte more then your scan time pr mail) with 1 you scan every email/spam in just one sec,

Re: EuroPharmacie

Benny Pedersen wrote: i would set scores required to 5.8 and begin train bayes What's wrong with the default of 5?

Re: EuroPharmacie

On Fredag, 20/6 2008, 15:51, phil89 wrote: > X-Spam-Status: No, score=5.9 required=6.2 tests=BAYES_50,HTML_MESSAGE, > MR_NOT_ATTRIBUTED_IP,RCVD_IN_DYNABLOCK,RCVD_IN_SORBS,RCVD_IN_SORBS_DUL, > URIBL_SBL autolearn=no version=3.x.x i would set scores required to 5.8 and begin train bayes Benny P

Re: need a regular expression to create

On Fredag, 20/6 2008, 15:39, McDonald, Dan wrote: > I think he said it was in the content, not the envelope. nice rules, but try freemail plugin :-) Benny Pedersen Need more webspace ? http://www.servage.net/?coupon=cust37098

Re: need a regular expression to create

On Fredag, 20/6 2008, 15:26, vodamailshiva wrote: > please help me.. just dont whitelist gmail mails at all need more help ?, post the spammail on pastebin and give a link here Benny Pedersen Need more webspace ? http://www.servage.net/?coupon=cust37098

Re: Spamassassin doesn't learn / debug outputs

On Fredag, 20/6 2008, 12:09, heinztomato wrote: > > Well. Three senders of that "bad" domain made it into the users' > (auto)whitelist. well awl is for scoreing forged emails to possive and non forged senders to negative and in all that try to compensate it all to not being that will scores bas

Re: how to stop SPF checks from going past trusted host?

On Jun 19, 2008, at 9:21 PM, John Hardin wrote: /from \S+\.svcolo\.com (\S+ \[10\.\d+\.\d+\.\d+\]) by arran\.svcolo \.com (/ You actually need some backslashes too, but I figured it out. Thanks. See my other note about trusted_hosts breaking all forms of whitelisting, FYI. This kind of h

trusted_host breaks pretty much every form of whitelist

I just realized something re: the previous message about SPF failure. trusted_hosts is also apparently blocking whitelist_from_rcvd from working. This is getting out of control. I understand the original intent here, but basically what is happening is that by making a host "trusted" you

Re: how to stop SPF checks from going past trusted host?

On Fredag, 20/6 2008, 10:04, Henrik K wrote: > On Fri, Jun 20, 2008 at 12:12:45AM -0400, Matt Kettler wrote: >> That is correct, SPF checks are applied to the first untrusted host. > Matt, you should know better. ;) It's first _external_ host. and is most of the time olso first untrusted ? :) bo

Re: how to stop SPF checks from going past trusted host?

On Jun 20, 2008, at 10:44 AM, Henrik K wrote: On Fri, Jun 20, 2008 at 10:28:25AM -0700, Jo Rhett wrote: On Fri, Jun 20, 2008 at 12:12:45AM -0400, Matt Kettler wrote: That is correct, SPF checks are applied to the first untrusted host Henrik K wrote: Matt, you should know better. ;) It's fi

Re: Spamassassin doesn't learn / debug outputs

On Fredag, 20/6 2008, 09:58, heinztomato wrote: > First: The dump-data: thats ok > now with the link-parameter: [1679] dbg: util: PATH included '/home/ole/bin', which doesn't exist, >> dropping >> [1679] dbg: util: PATH included '/home/ole/perl5/bin', which doesn't >> exist, dropping problems

Re: how to stop SPF checks from going past trusted host?

On Fredag, 20/6 2008, 05:37, Jo Rhett wrote: I'm trying to figure out how to stop SPF_FAIL on messages generated on an internal rfc1918 network and routed through a trusted host. On Jun 20, 2008, at 10:37 AM, Benny Pedersen wrote: netconsonance.com. IN TXT "v=spf1 ip4:64.13.134.178 ip4:64.1

Re: how to stop SPF checks from going past trusted host?

On Fri, Jun 20, 2008 at 10:28:25AM -0700, Jo Rhett wrote: >>> On Fri, Jun 20, 2008 at 12:12:45AM -0400, Matt Kettler wrote: That is correct, SPF checks are applied to the first untrusted host >>> > >> Henrik K wrote: >>> Matt, you should know better. ;) It's first _external_ host. > > On Jun 2

Re: how to stop SPF checks from going past trusted host?

On Fredag, 20/6 2008, 05:37, Jo Rhett wrote: > I'm trying to figure out how to stop SPF_FAIL on messages generated on > an internal rfc1918 network and routed through a trusted host. netconsonance.com. IN TXT "v=spf1 ip4:64.13.134.178 ip4:64.13.143.17 ip4:209.157.140.144 mx ~all" not you ? >> R

Re: how to stop SPF checks from going past trusted host?

On Fri, Jun 20, 2008 at 12:12:45AM -0400, Matt Kettler wrote: That is correct, SPF checks are applied to the first untrusted host Henrik K wrote: Matt, you should know better. ;) It's first _external_ host. On Jun 20, 2008, at 3:54 AM, Matt Kettler wrote: Doh.. my bad. Huh? How are y

Re: how to stop SPF checks from going past trusted host?

On Jun 19, 2008, at 9:12 PM, Matt Kettler wrote: That is correct, SPF checks are applied to the first untrusted host. The question here would be if 10.x.x.x is in fact an internal, and presumably trusted, network, why isn't it trusted? The mail server I'm receiving this on is in the outside

Re: EuroPharmacie

On Fri, 20 Jun 2008, phil89 wrote: We receive some mails with EuroPharmacie How could i avoid theses SCORE is only 5.9 X-Spam-Status: No, score=5.9 required=6.2 tests=BAYES_50 Train them as spam. That should get a BAYES_99 if it's very common. Why have you changed your required from 5.0 to 6

Re: how to stop SPF checks from going past trusted host?

On Fri, 20 Jun 2008, mouss wrote: John Hardin wrote: On Thu, 2008-06-19 at 20:54 -0700, John Hardin wrote: > header XX Received =~ /from \S+\.svcolo\.com (\S+ \[10\.\d\.\d\.\d\]) > by arran\.svcolo\.com (/ > score XX -5 Oops. Need some plusses in there... /from \S+\.svcolo\.com (\

Re: prefork error

On 20.06.08 08:18, raulbe wrote: > Now if I can figure out why I keep getting the bayes.lock error any clues? > Jun 20 11:02:41 ws096 spamd[20261]: bayes: cannot open bayes databases > /home/nuonce/spamassassin/bayes_* R/W: lock failed: File exists do you have autolearning turned on? what about j

Re: prefork error

THanks so much for the help Now if I can figure out why I keep getting the bayes.lock error any clues? bayes: cannot open bayes databases /home/nuonce/spamassassin/bayes_* R/W: lock failed: File exists Jun 20 11:02:41 ws096 spamd[20261]: bayes: cannot open bayes databases /home/nuonce/spamass

Re: EMERGENCY RULE: porntube redirect

> I'd like to enjoy, stuck the above in my local.cf, restarted SA, ran > spamassassin --lint and got: That's the wrong way round, seriously. Do not restart SA after changes, unless --lint comes out clean. guenther -- char *t="[EMAIL PROTECTED]"; main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=

Re: prefork error

On 20.06.08 07:55, raulbe wrote: > So should the entry look like this? > > > confQUEUE_LA=1 > confREFUSE_LA=1 > confDELAY_LA =1 as you wish, I have those higher. My machine can handle load of 1.0 very well and so I expect yours. I have those set to (3,5,unset). instead of DELAY_LA I use FEATU

Re: prefork error

So should the entry look like this? confQUEUE_LA=1 confREFUSE_LA=1 confDELAY_LA =1 Matus UHLAR - fantomas wrote: > > On 19.06.08 13:54, raulbe wrote: >> were do I find these lines? > >> confQUEUE_LA >> confREFUSE_LA >> confDELAY_LA > >> I looked in both the sendmail.cf file and the send

Re: Rules in local.cf are not read?

On Fri, 2008-06-20 at 07:36 -0700, Simone Morandini wrote: > X-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, timed out) > > If I save the message and try "spamassassin -D < mymessage" it is correctly > detected as spam, also against the rules in local.cf file. > I know that SpamAssas

RE: Rules in local.cf are not read?

Simone This is more a mailscanner issue - try asking there.. The spamassassin is timing out. What RBL's are you running in spamassassin? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -Original Message- > From: Simone Morandini [mailto:[EMAIL PR

RATWARE_MSGID (was: Re: EuroPharmacie)

/^Microsoft (?:Office )?Outlook\b/ meta KB_RATWARE_MSGID __KB_MSGID_OUTLOOK_888 && __KB_OUTLOOK_MUA describe KB_RATWARE_MSGID Ratware Message-Id scoreKB_RATWARE_MSGID 3.0 [1] https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5830 [2] http://ruleqa.spamassassin.or

Rules in local.cf are not read?

Hi all, I'm using MailScanner with SpamAssassin, and I'm using the "Cache SpamAssassin Results = yes" option. Since I've enabled this option, I'm seeing that some spam messages pass through, although the subject or body match one or more own-written rules in my local.cf file. If I look at the hea

Re: EuroPharmacie

On Fri, 20 Jun 2008, phil89 wrote: Hi We receive some mails with EuroPharmacie How could i avoid theses SCORE is only 5.9 Only 5.9? 5.0 is the SA default score. You must have changed that.

Re: EuroPharmacie

On 20.06.08 06:51, phil89 wrote: > We receive some mails with EuroPharmacie > How could i avoid theses > SCORE is only 5.9 upgrade your spamassassin and/or rules (sa-update). turn on network ruless you can (razor, pyzor, DCC, uribl's) > Return-Path: <[EMAIL PROTECTED]> > Delivered-To: [EMAIL PROT

RE: , stretch test for SA

Yeah the whay you get a phone call once a month to the help desk when a single piece of spam ends up in users inbox ;-) -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -Original Message- > From: NGSS [mailto:[EMAIL PROTECTED] > Sent: 20 June 2008

, stretch test for SA

Is there a way or tool to test and measure/analyse how well the SA is being setup to guard against spam?

Re: +++Spam+++: EuroPharmacie

On Fri, 2008-06-20 at 06:51 -0700, phil89 wrote: > Hi > > We receive some mails with EuroPharmacie > How could i avoid theses > SCORE is only 5.9 The botnet plugin probably would have given this a little boost. I use a botnet/p0f combination under amavisd-new that is reasonably accurate at assig

Re: EuroPharmacie

On Friday, June 20, 2008, 6:51:44 AM, phil89 phil89 wrote: > Hi > We receive some mails with EuroPharmacie > How could i avoid theses > SCORE is only 5.9 > Regards > Philippe > Return-Path: <[EMAIL PROTECTED]> > Delivered-To: [EMAIL PROTECTED] > Received: by mail.x.fr (Postfix, from userid

Re: EuroPharmacie

5.0 is generally considered a level you can consider something Spam at. This scored a 5.9. What's your Spam level set at? phil89 wrote: Hi We receive some mails with EuroPharmacie How could i avoid theses SCORE is only 5.9 Regards Philippe

EuroPharmacie

Hi We receive some mails with EuroPharmacie How could i avoid theses SCORE is only 5.9 Regards Philippe Return-Path: <[EMAIL PROTECTED]> Delivered-To: [EMAIL PROTECTED] Received: by mail.x.fr (Postfix, from userid 513) id E1BD5E8D3; Fri, 20 Jun 2008 14:30:39 +0200 (CEST) X-Spam-Checker-Ver

Re: need a regular expression to create

On Fri, 2008-06-20 at 10:29 -0300, Leonardo Rodrigues Magalhães wrote: > > vodamailshiva escreveu: > > Hi, > > One of spammers is killing our SMTP servers. > > in the content of e-mail, he is mentioning 2 e-mails addresses. > > i need to create a rule to black the spammer. > > he is using [EM

Re: need a regular expression to create

vodamailshiva escreveu: Hi, One of spammers is killing our SMTP servers. in the content of e-mail, he is mentioning 2 e-mails addresses. i need to create a rule to black the spammer. he is using [EMAIL PROTECTED] , [EMAIL PROTECTED] ,i need

need a regular expression to create

Hi, One of spammers is killing our SMTP servers. in the content of e-mail, he is mentioning 2 e-mails addresses. i need to create a rule to black the spammer. he is using [EMAIL PROTECTED], [EMAIL PROTECTED] ,i need to black the spam e-mails using content of e-mail. please help me..

Re: how to stop SPF checks from going past trusted host?

Matt Kettler wrote: Why do neither of those options make sense? I do both in my network, albeit that version SPF is only in my internal view, and I actually use 10.xx.0.0/16 not 10/8. (I only use a /16, not the whole /8) Is there some detail that's missing here? ie: do you have a compelling r

Re: how to stop SPF checks from going past trusted host?

Henrik K wrote: On Fri, Jun 20, 2008 at 12:12:45AM -0400, Matt Kettler wrote: That is correct, SPF checks are applied to the first untrusted host. Matt, you should know better. ;) It's first _external_ host. Doh.. my bad.

Re: [AMaViS-user] yahoo.com adds new domains.

Rocketmail isn't new. I've had a rocketmail account since the 1990's. --Quanah --On Thursday, June 19, 2008 6:40 PM -0400 Michael Scheidell <[EMAIL PROTECTED]> wrote: As if email from freebie @yahoo.com addresses isn't enough, Yahoo has now announces two new domains that the freebie spammer

Re: Spamassassin doesn't learn / debug outputs

Well. Three senders of that "bad" domain made it into the users' (auto)whitelist. I'm not quite sure why. But now I just remove those hoping they won't appear there again. Thanks for helping! -- View this message in context: http://www.nabble.com/Spamassassin-doesn%27t-learn---debug-outputs-t

Re: [AMaViS-user] yahoo.com adds new domains.

Quanah Gibson-Mount wrote: Rocketmail isn't new. I've had a rocketmail account since the 1990's. yes, and now you belong to yahoo read the story. -- Michael Scheidell, President Main: 561-999-5000, Office: 561-939-7259 > *| *SECNAP Network Security Corporation Winner 2008 Technosium hot co

Re: yahoo.com adds new domains.

Michael Scheidell wrote: [snip] sharpen up your SA rules, justin: time to watch those rules, including the 'forged from yahoo' rules. no spf records. wonder if they will dkim sign them: $ host -t txt ymail.com ymail.com has no TXT record $ host -t txt rocketmail.com rocketmail.com has no T

Re: how to stop SPF checks from going past trusted host?

On Fri, Jun 20, 2008 at 12:12:45AM -0400, Matt Kettler wrote: > > That is correct, SPF checks are applied to the first untrusted host. Matt, you should know better. ;) It's first _external_ host.

Re: Spamassassin doesn't learn / debug outputs

>>sa-learn --dump magic >>if both nham, nspam is over 200 then show me >> >>spamassassin 2>&1 -D -t /tmp/log >>and maybe olso >>spamassassin 2>&1 -D --lint >/tmp/lint >> >>post log and lint file somewhere > > First: The dump-data: 0.000 0 3 0 non-token data: bayes

Re: points for for user in Awl

Benny Pedersen schrieb: On Thu, June 19, 2008 10:48, Robert Schetterer wrote: http://wiki.apache.org/spamassassin/AutoWhitelist http://wiki.apache.org/spamassassin/AwlWrongWay thanks i allready found and fixed it fix is ? Benny Pedersen Need more webspace ? http://www.servage.net/?coupon=c

Re: how to stop SPF checks from going past trusted host?

John Hardin wrote: On Thu, 2008-06-19 at 20:54 -0700, John Hardin wrote: header XX Received =~ /from \S+\.svcolo\.com (\S+ \[10\.\d\.\d\.\d\]) by arran\.svcolo\.com (/ score XX -5 Oops. Need some plusses in there... /from \S+\.svcolo\.com (\S+ \[10\.\d+\.\d+\.\d+\]) by arran\.svc