Re: How to configure spamassassin to stop unwanted mails

score RCVD_IN_NJABL_SPAM 15.0 Thanks for that i did add this rule in local.cf can you tell me what it will do. It will add 15 points (instead of the 2.072 points in the default ruleset) to any messages which are received by a relay in the NJABL blacklist, ensuring that they are pret

Re: Incorrect DNSBL evaluation

Matthias Leisi wrote: jdow schrieb: | (And if you're running an "'ix" operating system - why aren't you running a | DNS server. That's one of the first "hairy chested 'ix things" I ever Since operating a sizeable DNS infrastructure, I came to prefer to people using a shared/common/ISP-provided

Re: How to configure spamassassin to stop unwanted mails

Thanks for that i did add this rule in local.cf can you tell me what it will do. > >> From: Nitin Bhadauria <[EMAIL PROTECTED]> >> Date: Wed, 23 Jul 2008 19:02:13 +0530 (IST) >> To: >> Subject: How to configure spamassassin to stop unwanted mails >> >> RCVD_IN_NJABL_SPAM > In local.cf > >

Re: Incorrect DNSBL evaluation

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 jdow schrieb: | (And if you're running an "'ix" operating system - why aren't you running a | DNS server. That's one of the first "hairy chested 'ix things" I ever Since operating a sizeable DNS infrastructure, I came to prefer to people using a sh

Re: Incorrect DNSBL evaluation

From: "Yves Goergen" <[EMAIL PROTECTED]> Sent: Wednesday, 2008, July 23 15:24 On 23.07.2008 19:28 CE(S)T, jdow wrote: Since you are experiencing a DNS problem and there is an exploit for the Kaminsky DNS bug that was fixed in a massive multi-vendor roll out, are you patched or are you sure you

RE: listed

Try using senderbase: http://www.senderbase.org Not as accurate as it would appear. They list faked Received headers. We had a host at columbia.edu that did not send any mail (confirmed by its own logs and by our network traffic monitor) listed as the largest source of mail in the c

Re: Exclude domain from WHOIS_MYPRIVREG?

John Wilcock <[EMAIL PROTECTED]> writes: > Greg Troxel a écrit : >> What I want, basically is >> >> domains_exclude WHOIS_MYPRIVREG nabble.com > > AFAIK the best you can do is > > uridnsbl_skip_domainnabble.com > > which excludes nabble from all URIBL lookups. Thank you for the suggestion -

Re: Incorrect DNSBL evaluation

On 23.07.2008 19:28 CE(S)T, jdow wrote: Since you are experiencing a DNS problem and there is an exploit for the Kaminsky DNS bug that was fixed in a massive multi-vendor roll out, are you patched or are you sure you are not getting your DNS spoofed? I'm not running a DNS server. -- Yves Goerg

Re: Incorrect DNSBL evaluation

jdow wrote: From: "Yves Goergen" <[EMAIL PROTECTED]> Sent: Wednesday, 2008, July 23 09:05 On 23.07.2008 10:03 CE(S)T, Dirk Bonengel wrote: Just a thought, but could you install a local nameserver (bind9) to act as a caching nameserver? AFAIK, at least in Debian you just need to 'apt-get insta

Re: parsing original SMTP not working properly?

Michelle Konzack wrote: Hello Tom, Am 2008-07-15 00:09:33, schrieb Tom Fernandes: But to answer your question: Received: by localhost (fdm 1.5, account "gmx"); Mon, 14 Jul 2008 01:04:12 +0200 is the header you are asking for - if I understood you correctly. With fetchmail it is the

Re: How to configure spamassassin to stop unwanted mails

Nitin Bhadauria wrote: Hello frnds can we stop these kinda mails which are coming repeatedly ... find the cat who ate the Received headers and tell him to send us the _full_ headers (yes, i'll send "him" my mouse, 3 buttons, wheel, but no tail :).

Re: How to configure spamassassin to reject mails having invalid return path

Nitin Bhadauria wrote: Hello Frnds I am having spam mails in my inbox and spamassesion can't do any thing about it because mail are coming from my own mail id I don't know what is a mail id? anyway, SA cannot reject mail. SA can only tag mail as spam. but the return path and massage-id are

WrongMX from amavisd-new?

I installed WrongMX.pm today, on my secondary MX, but it does not appear to be firing. A spamassassin -D --lint does show the module to be loaded, and the module shows up in my amavisd-new logs: Jul 23 13:33:56 foo amavis[17285]: (17285-01) extra modules loaded: /etc/mail/spamassassin/Botnet.pm,

Re: OT: listed

Jean-Paul Natola wrote: Hi all, We have been having problems for a couple of days emailing some our insurance providers- I then emailed them from a hotmail account and it went through- how can I see if we've been blacklisted 68.167.21.154 what does "having problems" means exactly? did they

Re: [OT] Odd spammer tactic?

Matus UHLAR - fantomas wrote: On Tue, Jul 22, 2008 at 12:00 PM, Bob McClure Jr <[EMAIL PROTECTED]> wrote: I figure only the latter will be the Final Solution to spam. But there are probably only two chances of that - slim and none. Guess which one are you? http://www.rhyolite.com/anti-spam/y

RE: listed

> -Original Message- > From: Jean-Paul Natola [mailto:[EMAIL PROTECTED] > Sent: Wednesday, July 23, 2008 7:22 PM > To: users@spamassassin.apache.org > Subject: OT: listed > > Hi all, > > We have been having problems for a couple of days emailing some our > insurance providers- I then ema

RE: listed

You google for real time blocklist and plug in your IP address :) Rubin Bennett rbtechnologies, LLC (802)223-4448 [EMAIL PROTECTED] http://thatitguy.com - Original Message - From: Jean-Paul Natola <[EMAIL PROTECTED]> Sent: Wed, 7/23/2008 1:22pm To: users@spamassassin.apache.org Subject:

Re: OT: listed

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jean-Paul Natola schrieb: | through- how can I see if we've been blacklisted | | 68.167.21.154 http://www.robtex.com/rbl/68.167.21.154.html is a good start. You don't seem to be (publicly) blacklisted. - -- Matthias -BEGIN PGP SIGNATURE-

Re: Incorrect DNSBL evaluation

From: "Yves Goergen" <[EMAIL PROTECTED]> Sent: Wednesday, 2008, July 23 09:05 On 23.07.2008 10:03 CE(S)T, Dirk Bonengel wrote: Just a thought, but could you install a local nameserver (bind9) to act as a caching nameserver? AFAIK, at least in Debian you just need to 'apt-get install' bind. De

OT: listed

Hi all, We have been having problems for a couple of days emailing some our insurance providers- I then emailed them from a hotmail account and it went through- how can I see if we've been blacklisted 68.167.21.154 Thanks, jp

Re: Incorrect DNSBL evaluation

On 23.07.2008 10:03 CE(S)T, Dirk Bonengel wrote: Just a thought, but could you install a local nameserver (bind9) to act as a caching nameserver? AFAIK, at least in Debian you just need to 'apt-get install' bind. Default config is OK This is Debian 3.1, it's pretty likely to be out of date. I'

Re: Exclude domain from WHOIS_MYPRIVREG?

Greg Troxel a écrit : What I want, basically is domains_exclude WHOIS_MYPRIVREG nabble.com AFAIK the best you can do is uridnsbl_skip_domainnabble.com which excludes nabble from all URIBL lookups. John. -- -- Over 3000 webcams from ski resorts around the world - www.snoweye.com -- Tr

RE: Exclude domain from WHOIS_MYPRIVREG?

Greg Troxel wrote: > > domains_exclude WHOIS_MYPRIVREG nabble.com > > Why not write a rule to see if your MTA received the message from > nabble.com and subtract a few points? > > I suppose I could, but that would be in my view a kludge. Basically I > think it's wrong to give positive poi

Re: Exclude domain from WHOIS_MYPRIVREG?

> domains_exclude WHOIS_MYPRIVREG nabble.com Why not write a rule to see if your MTA received the message from nabble.com and subtract a few points? I suppose I could, but that would be in my view a kludge. Basically I think it's wrong to give positive points to a mail with a nabble.com f

Re: Exclude domain from WHOIS_MYPRIVREG?

On Wed, 23 Jul 2008, Greg Troxel wrote: domains_exclude WHOIS_MYPRIVREG nabble.com Why not write a rule to see if your MTA received the message from nabble.com and subtract a few points? -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ [EMAIL PROTECTED]FALahol

Exclude domain from WHOIS_MYPRIVREG?

I got somewhat spammy-looking ham that scored 1.7, and I'd like to fix WHOIS_MYPRIVREG not to fire on nabble.com. While I see the piont of WHOIS_MYPRIVREG, I know that nabble isn't particularly a source of spam. What I want, basically is domains_exclude WHOIS_MYPRIVREG nabble.com to cause nab

Re: How to configure spamassassin to stop unwanted mails

RCVD_IN_NJABL_SPAM In local.cf score RCVD_IN_NJABL_SPAM 15.0 That's a bit drastic - any blacklist can have false positives. In any case only one of the original poster's samples was on that list anyway. I've tried a few of the samples which also hit LOTTERY_PH_004470 (from sa-update to 3.2

Re: Memory Leak?

I've tried anywhere from 4 to 10 children with the same results. I've used the scanspam script (which I have for years before now) and even tried using spamd from the cgpav. Cgpav failed quickly also and at first I thought that was the issue, but there has been no difference with the cgpav

Re: How to configure spamassassin to stop unwanted mails

> From: Nitin Bhadauria <[EMAIL PROTECTED]> > Date: Wed, 23 Jul 2008 19:02:13 +0530 (IST) > To: > Subject: How to configure spamassassin to stop unwanted mails > > RCVD_IN_NJABL_SPAM In local.cf score RCVD_IN_NJABL_SPAM 15.0 Restart/recomple spamd. -- Michael Scheidell, CTO >|SECNAP Network S

Re: [OT] Odd spammer tactic?

Noel Jones wrote: On Tue, Jul 22, 2008 at 12:00 PM, Bob McClure Jr <[EMAIL PROTECTED] > wrote: If I may extend this OT thread, I'd like to know how draconian admins get with their mail servers. Without considering RBLs, how much do you limit client connect

Re: Memory Leak?

Ron Smith wrote: Since upgrading to SA 3.2.5 on Mac OS 10.5.4 with perl5 (revision 5 version 8 subversion 8) and mysql ver 14.12 Distrib 5.0.51b I've seen a serious memory leak. Over the course of 16 hours or so while looking at the Activity viewer I watch an ever-increasing inactive memory. I

Memory Leak?

Since upgrading to SA 3.2.5 on Mac OS 10.5.4 with perl5 (revision 5 version 8 subversion 8) and mysql ver 14.12 Distrib 5.0.51b I've seen a serious memory leak. Over the course of 16 hours or so while looking at the Activity viewer I watch an ever-increasing inactive memory. I have 4 gigs of r

Re: parsing original SMTP not working properly?

Hello Tom, Am 2008-07-15 00:09:33, schrieb Tom Fernandes: > But to answer your question: > > Received: by localhost (fdm 1.5, account "gmx"); > Mon, 14 Jul 2008 01:04:12 +0200 > > is the header you are asking for - if I understood you correctly. With fetchmail it is the same problem...

Re: How to configure spamassassin to reject mails having invalid return path

Nitin Bhadauria wrote: Hello Frnds I am having spam mails in my inbox and spamassesion can't do any thing about it because mail are coming from my own mail id but the return path and massage-id are different. So how can tell spamassassin to block the mail not having from id and return path same

RE: How to configure spamassassin to reject mails having invalid return path

Hi That's because you've put 'from [EMAIL PROTECTED]' in the whitelist. This is a bad idea as you've found out, as spammers almost always fake the from address. I find it's best not to call SA when the email if from trusted IP-Addresses not email addresses, esp for my local domain. Depends on

How to configure spamassassin to reject mails having invalid return path

Hello Frnds I am having spam mails in my inbox and spamassesion can't do any thing about it because mail are coming from my own mail id but the return path and massage-id are different. So how can tell spamassassin to block the mail not having from id and return path same. Here is the header ..

Re: [OT] Odd spammer tactic?

> On Tue, Jul 22, 2008 at 12:00 PM, Bob McClure Jr <[EMAIL PROTECTED]> wrote: > > I figure only the latter will be the Final Solution to spam. But > > there are probably only two chances of that - slim and none. Guess which one are you? http://www.rhyolite.com/anti-spam/you-might-be.html On 22.

Re: Spamc

> Eduardo Júnior wrote: >> >> Hi, >> >> >> >> >> I'm configuring the spamassassin + postfix. >> I´ve done the follow modifications in /etc/postfix/master.cf >> : >> >> >> smtp inet n - n - - smtpd -o content_filter=spamd >> >> spamd unix - n n - - pipe >> user=spam argv=/usr/bin

Re: [OT] Odd spammer tactic?

Bob McClure Jr wrote: [snip] - delay (or block, depending on your implementation) good networks in case of DNS problems. (the dspam domain was once under DDoS. delaying their _sollicted_ mail is not really nice). Yeah, bummer. Maybe make an exception if DNS is unavailable, or soft fail. I