Hope for some insight into what I'm looking at...
Brand new install Scalix/SuSE11.1/Amavis/Amavisd1.4/SA/ClamAV
Following "How To" published on the Scalix Wiki at
http://www.scalix.com/wiki/index.php?title=Scalix/Sendmail_%26_Amavisd-New_HOWTO
All seemed to be working except when I attempted
Quoting Luis campo :
The service is still active spamd just does not process the emails,
all giving a score of zero and then get the error message
ServerA spamc [7277]: connect to spamd on 172.16.0.14
> Failed, retrying (# 1 of 3): Interrupted system call
When this problem occurs restar
Quoting Luis campo :
The service is still active spamd just does not process the emails,
all giving a score of zero and then get the error message
ServerA spamc [7277]: connect to spamd on 172.16.0.14
> Failed, retrying (# 1 of 3): Interrupted system call
When this problem occurs restarte
On Wed, 3 Jun 2009, Adam Katz wrote:
Matus UHLAR - fantomas wrote:
181.188.252.222.in-addr.arpa domain name pointer localhost.
That is why FcRDNS is being used everywhere...
localhost has address 127.0.0.1 => fail.
Actually, localhost doesn't resolve via DNS; it has no A record, nor
any oth
On 3-Jun-2009, at 14:02, Jari Fredriksson wrote:
`ip` varchar(10) NOT NULL DEFAULT '',
10?
--
There is NO Rule six!
-general.sa.khopesh.com channel contains:
# Sendmail's FCrDNS, see http://www.sendmail.org/faq/section3#3.38
header KHOP_MAYBE_FORGED Received =~ /\(may be forged\)/
describe KHOP_MAYBE_FORGED Relay IP's reverse DNS does not resolve to IP
scoreKHOP_MAYBE_FORGED 0.8 # 20050802, rai
On Wed, 2009-06-03 at 16:23 -0700, John Hardin wrote:
> On Thu, 4 Jun 2009, Karsten Bräckelmann wrote:
> > > user_scores_dsn DBI:mysql:spamassassin:localhost
> > > user_scores_sql_usernamespamuser
> >
> > Any chance your SQL backend actually is the culprit and taking way to
On Thu, 4 Jun 2009, Karsten Br?ckelmann wrote:
On Wed, 2009-06-03 at 22:54 +, Luis campo wrote:
user_scores_dsn DBI:mysql:spamassassin:localhost
user_scores_sql_usernamespamuser
Any chance your SQL backend actually is the culprit and taking way too
long?
Especi
On Wed, 2009-06-03 at 22:54 +, Luis campo wrote:
> We have increased the 20 as well as samples:
That's not exactly slowly, as I suggested. Well, your server, feel free
to kill it.
> In simscan have configured as follows
>
> . / configure - enable-clamav = y - enable-clamdscan = / usr / lo
On Wed, 3 Jun 2009, Luis campo wrote:
In simscan have configured as follows
- enable-per-domain = y - enable-attach = y - enable-spam = y -
enable-ripmime = / usr / local / bin / ripmime - enable-received = y -
enable -
spam-hits = 5.0 - enable-spamc = / usr / bin / spamc -
enable-spamc-args =-
On Wed, 3 Jun 2009, Luis campo wrote:
this is an example of var / log / qmail / spamd
2009-06-03 12:00:16.531889500 [19168] info: prefork: child states: BB
2009-06-03 12:00:16.531949500 [19168] info: prefork: server reached
--max-children setting, consider raising it
There is a probl
We have increased the 20 as well as samples:
/ usr / bin / spamd-v-u vpopmail-m 20-x-q-s stderr-r / var / run / spamd /
spamd.pid \
172.16.10.9-A-i 172.16.10.0/24 2> & 1 | \
/ usr / local / bin / setuidgid qmaill \
/ usr / local / bin / multilog t! spamdappend / var
On Wed, 2009-06-03 at 22:00 +, Luis campo wrote:
> this is an example of var / log / qmail / spamd
>
> 2009-06-03 12:00:16.471682500 [775] info: spamd: result: Y 15 -
> DCC_CHECK,DIGEST_MULTIPLE,HTML_MESSAGE,MIME_HTML_ONLY,MISSING_DATE,RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CH
On Wed, 03 Jun 2009 11:28:59 -0400
Adam Katz wrote:
> The other is RelayCountry, which you'll have to enable in init.pre,
> which lets you discriminate against countries rather than just their
> domain names.
>
> This discrimination is unfair and quite prone to biting back at you,
> for example
On Tue, 2 Jun 2009, Charles Gregory wrote:
This *really* suggests that one of two things MUST be occuring:
1) What you are seeing is NOT what spamassassin "sees".
Charles,
Quite possible.
2) A character (null/ascii-zeros?) has been injected into the e-mail
somewhere in the headers, caus
this is an example of var / log / qmail / spamd
2009-06-03 12:00:16.471682500 [775] info: spamd: result: Y 15 -
DCC_CHECK,DIGEST_MULTIPLE,HTML_MESSAGE,MIME_HTML_ONLY,MISSING_DATE,RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK,RDNS_NONE,URIBL_BLACK
scantime=8.3,size=5837,user=fri
fchan a écrit :
> I recently was checking on servers that were sending out spam and found
> one of them had the hostname called "localhost" which I think is a
> attempt to bypass SA. The IP address is 222.252.188.181 which maps back
> to Vietnam.
SA will not use "localhost" unless your MTA is bor
On Wed, 3 Jun 2009, Karsten Br?ckelmann wrote:
There are a bunch of word-triplets in the copy-n-paste, re-arranged
randomly, making the text hard to comprehend -- a repeating pattern all
over the reply.
Yeah, I suspect he's using Babelfish or some such to translate to ...
Spanish perhaps?
Hello to all ,
We would like to create our own plugin . I red custom plugin section but
maybe I do not understand, I would like to find out how spamassasin can
provide me header of mail , body of mail because I would like to play on
body and header. Could somebody show me the way for from where
On Wed, 2009-06-03 at 13:09 -0700, John Hardin wrote:
> On Wed, 3 Jun 2009, Luis campo wrote:
> > > Does the maillog file on the machine running spamd log have any
> > > messages that might indicate problems at the time the err
On Wed, 3 Jun 2009, Luis campo wrote:
Is spamd running on the same machine?
if spamd is running on the same machine.
Does the maillog file on the machine running spamd log have any
messages that might indicate problems at the time the error occurred?
mailog I get this:
ServerA spamc [727
On Jun 3, 2009, at 10:41 AM, Martin Gregorie wrote:
The following assumes that your system uses the Unix System V / RedHat
daemon startup system.
Thank you. I should have mentioned I'm running Fedora 9, so yes
System V applies. There was no init.d script but the Spamassassin
source distr
> On Tuesday 02 June 2009, Michael Scheidell wrote:
> What "optional" fields are you refering to?
>
> I have seen this, on the spamassassin WIKI:
>
> CREATE TABLE awl (
> username varchar(100) NOT NULL default '',
> email varchar(200) NOT NULL default '',
> ip varchar(10) NOT NULL default '',
Is spamd running on the same machine?
if spamd is running on the same machine.
Does the maillog file on the machine running spamd log have any messages
that might indicate problems at the time the error occurred?
mailog I get this:
ServerA spamc [7277]: connect to spamd on 172.16.0.
>
> But keep in mind that newer hardware may or may not be
> more energy efficient but it has more processing power.
> So you can use one faster newer machine with x Watt
> energy or use several x Watt older machines to do the
> same task.
>
> I now have a new HP DL385G5p using 80Watt running
> > It's getting a little off topic, but keeping old hardware
> > because it still works can be a bit of a false economy.
> > Yeh, it's nice to have it working and useful rather than
> > landfill. But on the other hand, they are so inneficient
> > as far as watts used, you could pay for new hardwar
On Wed, 3 Jun 2009, Jari Fredriksson wrote:
Hah. The CPU does not even have a cooler on it! All there is PSU fan.
Such a machine can not waste energy, at least it does not generate
heat..
I'd think that in Finland that would be a drawback rather than a
benefit... :)
--
John Hardin KA7OHZ
> It's getting a little off topic, but keeping old hardware
> because it still works can be a bit of a false economy.
> Yeh, it's nice to have it working and useful rather than
> landfill. But on the other hand, they are so inneficient
> as far as watts used, you could pay for new hardware with
> t
On Wed, 3 Jun 2009, Luis campo wrote:
The service is still active spamd just does not process the emails, all
giving a score of zero and then get the error message
ServerA spamc [7277]: connect to spamd on 172.16.0.14
> Failed, retrying (# 1 of 3): Interrupted system call
When this problem oc
The service is still active spamd just does not process the emails, all giving
a score of zero and then get the error message
ServerA spamc [7277]: connect to spamd on 172.16.0.14
> Failed, retrying (# 1 of 3): Interrupted system call
When this problem occurs restarted spamd and runs appr
On 3-Jun-2009, at 11:07, John Hardin wrote:
What I'd like to see is "tflags exponential", so that each hit would
add score*hits_so_far, to make it easier to punish stuff harder the
more it is repeated.
Oooo! can you imagine the scores MS WOrd -> HTML -> Email would get if
you did that? M
On Wed, 3 Jun 2009, Charles Gregory wrote:
Good morning!
Seeing some messages come through with large amounts of bayes poison text
inserted between style /style tags.
Short of using a 'rawbody' test, is there some other characteristic that
we could catch?
Nope, If you want to match tags,
Good morning!
Seeing some messages come through with large amounts of bayes poison text
inserted between style /style tags.
Short of using a 'rawbody' test, is there some other characteristic that
we could catch?
For example, and another question:
Is there any mechanism in SpamAssassin to
On Wed, 2009-06-03 at 10:47 -0400, jp wrote:
> It's getting a little off topic, but keeping old hardware because it
> still works can be a bit of a false economy. Yeh, it's nice to have it
> working and useful rather than landfill. But on the other hand, they are
> so inneficient as far as watts
On Wed, 3 Jun 2009, Lists wrote:
I am trying to trouble shoot why a particular server cannot send into
our email system. There is no reference in the logs to this server ever
trying to connect.
Are users of that system getting reject notifications? Have them forward
one such to an address th
ryefish wrote:
> Hello: I am attempting to configure SA to mark as spam all email from
> Top-Level-Domains other than .com, .net, and .edu.
What about .org, .us, .ca, .co.uk, and all the others that you have no
good reason to filter?
Usually, when I see this kind of reasoning, it's resulting fr
> -Original Message-
> From: Maurice Lucas - TAOS-IT [mailto:mslu...@taos-it.nl]
> Sent: Wednesday, June 03, 2009 5:06 PM
> To: ryefish; users@spamassassin.apache.org
> Subject: RE: best way to mark TLDs as spam
>
> > Hello: I am attempting to configure SA to mark as spam all email from
>
> Hello: I am attempting to configure SA to mark as spam all email from
> Top-Level-Domains other than .com, .net, and .edu.
> I have found three possible ways to do this. Which if any is the
> preferred
> method:
>
> 1) blacklisting in local.cf:
>add blacklist_from *.info, blacklist_from *.t
On 3-Jun-2009, at 08:41, Martin Gregorie wrote:
Take a look at the daemon management scripts in /etc/rc.d/init.d
You should find one called spamassassin (or possibly spamd - its
called
spamassassin in Fedora distros).
On my FreeBSD it is
/usr/local/etc/rc.d/sa-spamd
and requires the follo
It's getting a little off topic, but keeping old hardware because it
still works can be a bit of a false economy. Yeh, it's nice to have it
working and useful rather than landfill. But on the other hand, they are
so inneficient as far as watts used, you could pay for new hardware with
the energ
On Wed, 2009-06-03 at 09:41 -0400, Bob Cohen wrote:
> Sorry for the dumb question but I can't seem to find the answer in the
> documentation or by googling. I'm trying to follow the Integrated
> Spamd In Postfix recipe
> (http://wiki.apache.org/spamassassin/IntegratedSpamdInPostfix
> ). How
Bob Cohen schrieb:
> Sorry for the dumb question but I can't seem to find the answer in the
> documentation or by googling. I'm trying to follow the Integrated Spamd
> In Postfix recipe
> (http://wiki.apache.org/spamassassin/IntegratedSpamdInPostfix). How do
> I invoke spamd and then make sure it
On Tuesday 02 June 2009, Michael Scheidell wrote:
> > I have been using the AWL ( --add-addr-to-blacklist ) for some time, to
> > bump new spam senders above the "Bayes-99" score.
> >
> > My problem is that this feature seems, extreemly slow.
> >
> > I'm now trying to use the "( --add-to-blacklist
On Tuesday 02 June 2009, Adam Katz wrote:
> Larry Starr wrote:
> >> I have been using the AWL ( --add-addr-to-blacklist ) for some
> >> time, to bump new spam senders above the "Bayes-99" score.
>
> Theo Van Dinter responded:
> > Well, the first problem is that the AWL has no impact on Bayes.
> >
Sorry for the dumb question but I can't seem to find the answer in the
documentation or by googling. I'm trying to follow the Integrated
Spamd In Postfix recipe (http://wiki.apache.org/spamassassin/IntegratedSpamdInPostfix
). How do I invoke spamd and then make sure it runs at boot? I'm
s
On Wed, 2009-06-03 at 00:48 -0700, ryefish wrote:
> Hello: I am attempting to configure SA to mark as spam all email from
> Top-Level-Domains other than .com, .net, and .edu.
> I have found three possible ways to do this. Which if any is the preferred
> method:
>
> 1) blacklisting in local.cf:
On Mon, 2009-05-25 at 23:12 +0200, Rudy Gevaert wrote:
> Hi Matus,
>
> On Mon, May 25, 2009 at 10:48:25PM +0200, Matus UHLAR - fantomas wrote:
> > On 25.05.09 17:12, Rudy Gevaert wrote:
> > > Is it possible to generate a rule that when it applies gives the message
> > > that specific score? If so
On Wed, 2009-06-03 at 13:29 +1200, Kate wrote:
> MailScanner 4.76.24
> spamassassin 3.2.5
> MTA - postfix
> ClamAV 0.95.1
>
> I am trying to trouble shoot why a particular server cannot send into
> our email system.
> There is no reference in the logs to this server ever trying to connect.
Err,
On Wed, 2009-06-03 at 10:35 +0100, Martin Gregorie wrote:
> On Wed, 2009-06-03 at 00:48 -0700, an anonymous Nabble user wrote:
> > Hello: I am attempting to configure SA to mark as spam all email from
> > Top-Level-Domains other than .com, .net, and .edu.
> > I have found three possible ways to d
On Wed, 2009-06-03 at 00:48 -0700, an anonymous Nabble user wrote:
> Hello: I am attempting to configure SA to mark as spam all email from
> Top-Level-Domains other than .com, .net, and .edu.
> I have found three possible ways to do this. Which if any is the preferred
> method:
So that's why yo
On Wed, 2009-06-03 at 00:48 -0700, ryefish wrote:
> Hello: I am attempting to configure SA to mark as spam all email from
> Top-Level-Domains other than .com, .net, and .edu.
> I have found three possible ways to do this. Which if any is the preferred
> method:
>
> 3) Create custom rule:
>d
> Jari Fredriksson wrote:
>
> However the killer bad thing for me is this:
>
>Note that this fail-over behaviour is incompatible
> with -x; if that switch is used, fail-over will
> not occur.
>
> I am not willing to stop filtering mail through
> spamassassin if my spamd machine is
On Wed, 2009-06-03 at 09:49 +0200, Kerstin Espey wrote:
> Am Mittwoch 03 Juni 2009 schrieb Stefan Luetje:
> > Am 03. Jun 2009 um 08:57 CEST schrieb Timo Schoeler:
> > > thus Michael Monnerie spake:
> > >> But maybe, if response and urge is high, I will include them. What do
> > >> you think? Is it
Am Mittwoch 03 Juni 2009 schrieb Stefan Luetje:
> Am 03. Jun 2009 um 08:57 CEST schrieb Timo Schoeler:
> > thus Michael Monnerie spake:
> >> But maybe, if response and urge is high, I will include them. What do
> >> you think? Is it spam for you?
> >
> > Hi,
> >
> > yes, this is spam.
>
> ack
>
ACK
Hello: I am attempting to configure SA to mark as spam all email from
Top-Level-Domains other than .com, .net, and .edu.
I have found three possible ways to do this. Which if any is the preferred
method:
1) blacklisting in local.cf:
add blacklist_from *.info, blacklist_from *.tv, blacklist
On 6/3/2009 8:53 AM, Michael Monnerie wrote:
Dear users of the ZMI-GERMAN ruleset. I manage those ruleset, and just
(again) received the message below, about "you won a trip". Those
messages are spammy, although you really can do such a trip and only pay
the flight ticket (which then costs enou
> Jari Fredriksson wrote:
> > But if the connection is refused, there simply is no-one
> > listening. How about trying the other alternatives?
On 02.06.09 23:04, Bob Proulx wrote:
> The documentation leads me to believe it does that now.
>
>If host resolves to multiple addresses, then
On 02.06.09 17:01, fchan wrote:
> I recently was checking on servers that were sending out spam and found
> one of them had the hostname called "localhost" which I think is a
> attempt to bypass SA. The IP address is 222.252.188.181 which maps back
> to Vietnam.
> Also I found that a large perc
Am 03. Jun 2009 um 08:57 CEST schrieb Timo Schoeler:
> thus Michael Monnerie spake:
>> But maybe, if response and urge is high, I will include them. What do
>> you think? Is it spam for you?
>
> Hi,
>
> yes, this is spam.
ack
mfg
Stefan
--
"Der Holocaust war eine schlimme Zeit in der Gesc
59 matches
Mail list logo
