I have a Debian 5.0 server with postfix, amavis-new, spamassassin and razor.
Amavis implements it's own SA daemon, it does not use spamd. So there's
a third variable in the equation.
So do I need spamassassin at all?
For some reason razor check only runs if I run the following command
Good morning Benny,
Am 2009-05-22 02:11:55, schrieb Benny Pedersen:
On Fri, May 22, 2009 00:44, Michelle Konzack wrote:
Am 2009-05-21 18:28:32, schrieb Karsten Bräckelmann:
Doh! Failed to munge the quoted Received header, featuring the
blacklisted URI. :)
X-ASF-Spam-Status: No,
On 21-May-2009, at 13:29, Benny Pedersen wrote:
On Thu, May 21, 2009 19:40, LuKreme wrote:
Gotten multiples of this spam on multiple accounts, include one that
ONLY gets spam.
dont whitelist *...@gmail, if you need to whitelist, do it with full
email addy
I don't whitelist gmail.
--
On Fri, 2009-05-22 at 08:00 +0200, Mester wrote:
I have a Debian 5.0 server with postfix, amavis-new, spamassassin and
razor.
Amavis implements it's own SA daemon, it does not use spamd. So there's
a third variable in the equation.
So do I need spamassassin at all?
Err, you will need
Hi!
I'm seeing regular FPs against FORGED_MUA_OUTLOOK from one particular
(legitimate) sender, and not really understanding the rule it's difficult
to understand why or how to go about fixing it.
Hmm, sounds familiar.
we got so many that we set the score to 0.001 maybe a year ago.. I
On Fri, 2009-05-22 at 11:00 +0200, Raymond Dijkxhoorn wrote:
we got so many that we set the score to 0.001 maybe a year ago.. I thinks
it
a combination of outlook xp and exchange 2003+
What i dont understand, i mean, i did the exact same thing. Why isnt it
either removed from SA
On May 22, 2009, at 3:00, Raymond Dijkxhoorn raym...@prolocation.net
wrote:
I'm seeing regular FPs against FORGED_MUA_OUTLOOK from one
particular (legitimate) sender, and not really understanding the
rule it's difficult to understand why or how to go about fixing it.
Hmm, sounds familiar.
Hi!
Hmm, sounds familiar.
we got so many that we set the score to 0.001 maybe a year ago.. I thinks
it a combination of outlook xp and exchange 2003+
What i dont understand, i mean, i did the exact same thing. Why isnt it
either removed from SA Update or downscored???
Because for many
FYI:
The EmailBL test zone period has been extended to July 1st.
The plugin and rules files can be found at:
http://sa.hege.li/
EmailBL.pm EmailBL.cf emailbl_lemfreemail.cf
Raymond Dijkxhoorn wrote:
What i dont understand, i mean, i did the exact same thing. Why isnt
it either removed from SA Update or downscored???
to downscore on you your box, just add the lower score to your local.cf
and restart spamd/amavisd.
as to why SA doesn't do it? don't know.
On Fri, 2009-05-22 at 11:25 +0200, Raymond Dijkxhoorn wrote:
There are new versions out that hit this rule and it should not. [...]
If anyone wants to file a bug go ahead. I wont since people seem to like
loosing regular mail, lets leave it in.
Awesome attitude, thank you very much!
So
On 5/22/2009 1:19 PM, Karsten Bräckelmann wrote:
On Fri, 2009-05-22 at 11:25 +0200, Raymond Dijkxhoorn wrote:
There are new versions out that hit this rule and it should not. [...]
If anyone wants to file a bug go ahead. I wont since people seem to like
loosing regular mail, lets leave it
On Fri, 2009-05-22 at 10:56 +0200, Karsten Bräckelmann wrote:
On Fri, 2009-05-22 at 08:00 +0200, Mester wrote:
You did enable razor in the server-wide config, right? Not per-user
settings.
I have enabled razor this way:
I have this lines in my /etc/spamassassin/local.cf
#razor
Karsten Bräckelmann wrote:
On Thu, 2009-05-21 at 20:54 +0100, Ned Slider wrote:
Hi,
I'm seeing regular FPs against FORGED_MUA_OUTLOOK from one particular
(legitimate) sender, and not really understanding the rule it's
difficult to understand why or how to go about fixing it.
Hmm, sounds
You did enable razor in the server-wide config, right? Not per-user
settings.
I have enabled razor this way:
I have this lines in my /etc/spamassassin/local.cf
#razor
use_razor2 1
razor_config /etc/razor/razor-agent.conf
I also have this line in /etc/spamassassin/v310.pre
loadplugin
Check in the ~/.spamassassin/user_prefs file for the user that runs
amavisd-new. I know the Mandriva package has that set to 'use_razor2
0', so I always have to hunt it down and fix it.
I had no use_razor2 line in the ~amavis/.spamassassin/user_prefs file
but after appending these lines to the
On Fri, 2009-05-22 at 13:55 +0200, Mester wrote:
Check in the ~/.spamassassin/user_prefs file for the user that runs
amavisd-new. I know the Mandriva package has that set to 'use_razor2
0', so I always have to hunt it down and fix it.
I had no use_razor2 line in the
On Fri, 2009-05-22 at 13:31 +0200, Yet Another Ninja wrote:
On 5/22/2009 1:19 PM, Karsten Bräckelmann wrote:
Awesome attitude, thank you very much!
Seems you don't know Raymond is and what he does for the community,
pretty silently :-)
Honestly, I am sure I don't know /all/ he does for
Arvid Ephraim Picciani wrote:
Greetings.
I'm thinking of implementing:
- greylisting
- honeypots
- rejecting broken HELO at smtp time (such as MUMS_XP_BOX)
- rejecting dynamic IPS at smtp time (PBL)
- firewalling hosts with 100% spam, forever.
Are there any oposing opinions on those?
I
Hi!
Honestly, I am sure I don't know /all/ he does for the community.
To submit a bug of that type, you need to have access to samples, and
per policy, he may not.
He dumped it on others to provide the evidence, in Raymondish
wording... but trust me, he's more that OK.
Sorry for the
On 22-May-2009, at 03:25, Raymond Dijkxhoorn wrote:
If anyone wants to file a bug go ahead. I wont since people seem to
like loosing regular mail, lets leave it in.
Ah, the old I'd rather whine than do anything gambit. Good luck
with that.
--
At 20:43 the dome of St. Elvis Cathedral
Check in the ~/.spamassassin/user_prefs file for the user that runs
amavisd-new. I know the Mandriva package has that set to 'use_razor2
0', so I always have to hunt it down and fix it.
I had no use_razor2 line in the ~amavis/.spamassassin/user_prefs file
but after appending these lines to the
On Fri, 2009-05-22 at 14:14 +0200, Arvid Ephraim Picciani wrote:
Greetings.
I'm thinking of implementing:
- greylisting
very effective. I cut my incoming mail by about 80% when we put up
greylisting. I'm using sqlgrey.
- honeypots
- rejecting broken HELO at smtp time (such as
On Fri, May 22, 2009 at 9:06 AM, McDonald, Dan
dan.mcdon...@austinenergy.com wrote:
On Fri, 2009-05-22 at 14:14 +0200, Arvid Ephraim Picciani wrote:
Greetings.
I'm thinking of implementing:
- greylisting
very effective. I cut my incoming mail by about 80% when we put up
greylisting. I'm
On Fri, 22 May 2009, Arvid Ephraim Picciani wrote:
Greetings.
I'm thinking of implementing:
- greylisting
- honeypots
- rejecting broken HELO at smtp time (such as MUMS_XP_BOX)
- rejecting dynamic IPS at smtp time (PBL)
- firewalling hosts with 100% spam, forever.
Are there any oposing
On Fri, 22 May 2009, Aaron Wolfe wrote:
On Fri, May 22, 2009 at 9:06 AM, McDonald, Dan
dan.mcdon...@austinenergy.com wrote:
On Fri, 2009-05-22 at 14:14 +0200, Arvid Ephraim Picciani wrote:
- rejecting broken HELO at smtp time (such as MUMS_XP_BOX)
We had too many false-positives when I
On Fri, 2009-05-22 at 14:43 +0200, Raymond Dijkxhoorn wrote:
Sorry for the ranting. I didn't mean to insult Raymond or anyone else
knowing the problem but not providing samples.
I didnt take it up as a insult or anything. I just confirmed this is a
generic issue, next time i'll be silent,
Hi,
is there a way to always put the razor, pyzor and ddc result into
scanned mail's x-spam header? I'd like to do it for testing purpose.
Attila Mesterhazy
Yet Another Ninja wrote:
FYI:
The EmailBL test zone period has been extended to July 1st.
The plugin and rules files can be found at:
http://sa.hege.li/
EmailBL.pm EmailBL.cf emailbl_lemfreemail.cf
Here are some stats for you from a low-volume server:
Total emails scanned: 1425
Marked
greetings,
we are testing emailbl scoring it 0.5 for now.
i am *hoping* to increase the score since i have seen 3 emails make it
through that should have been rejected.
yet, when hand checking the results in the logs today i came across this in
relationship to an email score properly by SA as
On 22.05.09 06:29, John Hardin wrote:
They will especially get a clue if many sites reject their traffic with a
message like your HELO should be your actual public FQDN, you moron.
(worded more politely, of course)
yes, it should be, but you also MUST NOT reject if it is not.
There are
My take so far is that it seems to be accurate, but it is not hitting
enough mail to be really useful.
Please clarify if by enough mail you mean enough 419 etc from freemails?
If you mean general spam, then obviously it won't match them if they don't
come from the specific freemail domains.
On Fri, 2009-05-22 at 14:14 +0200, Arvid Ephraim Picciani wrote:
Greetings.
I'm thinking of implementing:
- greylisting
On 22.05.09 08:06, McDonald, Dan wrote:
very effective. I cut my incoming mail by about 80% when we put up
greylisting. I'm using sqlgrey.
You apparently don't have
Matus UHLAR - fantomas wrote:
On 22.05.09 06:29, John Hardin wrote:
They will especially get a clue if many sites reject their traffic with a
message like your HELO should be your actual public FQDN, you moron.
(worded more politely, of course)
yes, it should be, but you also MUST NOT
My spamassassin-setup works quite fine. I've spamassassin invoked as milter
(using the perl-module Mail::SpamAssassin in the milter)
But occassionally spam comes through where it seems that spamassassin just
forgot to do all the network-checks (spamcop, sorbs, dcc, razor2) and
therefore the
On Fri, 22 May 2009, Matus UHLAR - fantomas wrote:
On 22.05.09 06:29, John Hardin wrote:
They will especially get a clue if many sites reject their traffic with a
message like your HELO should be your actual public FQDN, you moron.
(worded more politely, of course)
yes, it should be, but you
On Fri, 22 May 2009, Matus UHLAR - fantomas wrote:
On 22.05.09 06:29, John Hardin wrote:
They will especially get a clue if many sites reject their traffic with a
message like your HELO should be your actual public FQDN, you moron.
(worded more politely, of course)
yes, it should be, but
On 22.05.09 16:59, peter pilsl wrote:
But occassionally spam comes through where it seems that spamassassin just
forgot to do all the network-checks (spamcop, sorbs, dcc, razor2) and
therefore the score is low and the mail gets through.
When I run spamassassin on the same mail later its
On Fri, 22 May 2009, Matus UHLAR - fantomas wrote:
I was mentioning cases where someone compares HELO to FQDN and rejects
connections if they do not match. That was indicated by the message (even
with different wording).
Ok, agreed. If they don't match don't reject, just give that a point.
Henrik K wrote:
My take so far is that it seems to be accurate, but it is not hitting
enough mail to be really useful.
Please clarify if by enough mail you mean enough 419 etc from freemails?
If you mean general spam, then obviously it won't match them if they don't
come from the
On Fri, May 22, 2009 06:52, Henrik K wrote:
It's something that mx.google.com likes to do. Better luck next time. :)
if google changes rules i will
OVERALL% SPAM% HAM% S/ORANK SCORE NAME
9344410060833840.108 0.00 0.00 (all messages)
1752
On Fri, May 22, 2009 08:41, LuKreme wrote:
dont whitelist *...@gmail, if you need to whitelist, do it with full
email addy
I don't whitelist gmail.
there was user in def wl if i remember it
--
http://localhost/ 100% uptime and 100% mirrored :)
On Fri, May 22, 2009 17:37, RobertH wrote:
if there is more i can do to help the dev, please contact me off list for
more personal debug info
use dkim, and add to local.cf
whitelist_auth undisclosed-recipient[at]yahoo.com
changeing at to @
or did yahoo stop using domain keys ?
--
John Hardin a écrit :
On Fri, 22 May 2009, Matus UHLAR - fantomas wrote:
I was mentioning cases where someone compares HELO to FQDN and rejects
connections if they do not match. That was indicated by the message (even
with different wording).
Ok, agreed. If they don't match don't reject,
On Fri, 2009-05-22 at 12:07 +0200, Yet Another Ninja wrote:
FYI:
The EmailBL test zone period has been extended to July 1st.
Since it has been extended, I decided to go ahead and fire it up this
morning.
I'm mainly looking at overlap. It seems to be relatively distinct from
other tests that
From: Mester mes...@freemail.hu
Date: Fri, 22 May 2009 14:52:08 +0200
Check in the ~/.spamassassin/user_prefs file for the user that runs
amavisd-new. I know the Mandriva package has that set to 'use_razor2
0', so I always have to hunt it down and fix it.
I had no
John Hardin wrote:
On Fri, 22 May 2009, Matus UHLAR - fantomas wrote:
I was mentioning cases where someone compares HELO to FQDN and rejects
connections if they do not match. That was indicated by the message (even
with different wording).
Ok, agreed. If they don't match don't reject, just
On Fri, 22 May 2009, mouss wrote:
John Hardin a écrit :
On Fri, 22 May 2009, Matus UHLAR - fantomas wrote:
I was mentioning cases where someone compares HELO to FQDN and rejects
connections if they do not match. That was indicated by the message (even
with different wording).
Ok, agreed.
Jeff Mincy wrote:
From: Mester mes...@freemail.hu
Date: Fri, 22 May 2009 14:52:08 +0200
Check in the ~/.spamassassin/user_prefs file for the user that runs
amavisd-new. I know the Mandriva package has that set to 'use_razor2
0', so I always have to hunt it down and fix
The EmailBL test zone period has been extended to July 1st.
As promised, here are some results from me, now that I got some half-
decent spam throughput. Not an ISP, not a company. Have been running the
original cf for 5 days, then updated. Since then another 5 days passed.
8.7% hits in
Oops...
Am 2009-05-22 08:10:45, schrieb Michelle Konzack:
http://moensted.dk/spam/?addr=82.113.121.82Submit=Submit
Hmmm, this is the first time, my IP has changed since 21 days. So I will
have problems for the next two or three days. And of course, I have
never send spam, nor I am an
Henrik K a écrit :
On Fri, May 22, 2009 at 06:14:53AM +0200, Benny Pedersen wrote:
header HELO_WIERD_FORMAT ALL =~ /\?\d+\.\d+\.\d+\.\d+\?/
matching ALL headers? oh well, it's not my mail...
describe HELO_WIERD_FORMAT Helo with ? around nummeric ip
score HELO_WIERD_FORMAT 1.5
It's
John Hardin a écrit :
On Fri, 22 May 2009, mouss wrote:
John Hardin a écrit :
On Fri, 22 May 2009, Matus UHLAR - fantomas wrote:
I was mentioning cases where someone compares HELO to FQDN and rejects
connections if they do not match. That was indicated by the message
(even
with different
On Fri, 2009-05-22 at 12:37 +0100, Ned Slider wrote:
Karsten Bräckelmann wrote:
Can you ask the sender to generate samples? No sensitive content, and
the email address most likely can be masked by you. Just be sure to not
invalide any other data. Might require sending at different times.
On Fri, 2009-05-22 at 16:52 +0200, Mester wrote:
Hi,
is there a way to always put the razor, pyzor and ddc result into
scanned mail's x-spam header? I'd like to do it for testing purpose.
Attila Mesterhazy
You mean like this:
X-spam-pyzor: Reported 1986 times.
add this to your
Ham: 329
Spam: 192
(thats a total count since 3 May)
Totals since last Thursday 14 May
EmailBL.cf:
Rule NameScore Ham Spam %of Ham %of Spam
---
EMAILBL_TEST_LEM 0.50 0 11
What about some grep love, and splitting that up in at least less and
greater than a total of score 15? See my post about 6 hours ago, and
considerably more hits in the low-ish scoring spam.
Spam: 192
(thats a total count since 3 May)
Totals since last Thursday 14 May
Rule Name
On Sat, 2009-05-23 at 04:11 +0200, Karsten Bräckelmann wrote:
What about some grep love, and splitting that up in at least less and
greater than a total of score 15? See my post about 6 hours ago, and
considerably more hits in the low-ish scoring spam.
Spam: 192
(thats a total count
On Fri, May 22, 2009 at 09:28:55PM +0200, Karsten Bräckelmann wrote:
The EmailBL test zone period has been extended to July 1st.
As promised, here are some results from me, now that I got some half-
decent spam throughput. Not an ISP, not a company. Have been running the
original cf for 5
59 matches
Mail list logo