-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Benny Pedersen a écrit :
> On tor 01 okt 2009 18:09:38 CEST, "to...@starbridge.org" wrote
>> thank for your answers. It's done:
>> https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6214
>
> also
>
> spamassassin 2>&1 -D -t msg > output.log and ano
On fre 02 okt 2009 04:47:56 CEST, "Steven W. Orr" wrote
I have all my SA tables up and running using InnoDB and using the
above table definitions. I just have one question:
Will the cronjob that was described here earlier
#!/bin/sh
howfar='where lastupdate < date_sub(now(), interval 3 month)'
m
Hi,
When I add the string like:
whitelist_from s...@domain.mail
it works OK.
But:
whitelist_from_rcvd s...@domain.mail prefix.domain.mail
doesn't work.
I've checked rDNS of the prefix.domain.mail with 'host' utility - it's
all right.
And the appropriate mail header seems to be correct:
Received
On fre 02 okt 2009 10:34:55 CEST, Igor Bogomazov wrote
And the appropriate mail header seems to be correct:
Received: from prefix.domain.mail (unknown [12.12.12.12])
What's the matter?
unknown reverse dns is postfix answer for not found reverse dns, so
host was in the test you did wrong
hos
From: Igor Bogomazov
Date: Fri, 2 Oct 2009 12:34:55 +0400
When I add the string like:
whitelist_from s...@domain.mail
it works OK.
But:
whitelist_from_rcvd s...@domain.mail prefix.domain.mail
doesn't work.
I've checked rDNS of the prefix.domain.mail with 'hos
On Fri, 2 Oct 2009, Igor Bogomazov wrote:
whitelist_from_rcvd s...@domain.mail prefix.domain.mail
doesn't work.
I've checked rDNS of the prefix.domain.mail with 'host' utility - it's
all right.
You don't check rDNS using "host", you check it using "dig -x
host.ip.addr.here"
And the appro
On Thu, 1 Oct 2009, empiric wrote:
Oct 1 13:22:39 mail postfix/smtp[17579]: E0EAD19B349:
to=, relay=mail.example.com[10.65.200.72]:25, delay=7.1,
delays=0.09/0/0.01/7, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as
3DD1212B701)
None of that really logs useful information to troubleshoot this
I have some questions:
- How to calculate the amount of memory and CPU used by each process Spamd?
- Approximately 85% of spam are in Spanish, this can be a problem for
SpamAssassin?
- Which tool can I use to get statistics of SpamAssassin, I am currently using
the script "sa-stats.pl".
John Hardin wrote:
You don't check rDNS using "host", you check it using "dig -x
host.ip.addr.here"
Actually, unless your DNS configuration is doing something bizarre, they
should give back the same basic info - dig is just a lot more verbose:
[kdeu...@turboprop ~]$ host 209.91.179.62
62.179
On Thu, 1 Oct 2009 18:54:40 -0600
LuKreme wrote:
> On Oct 1, 2009, at 18:36, Karsten Bräckelmann
> wrote:
>
> > Same for RCVD_IN_DNSWL. If it positively matches, it either it is
> > correct, or wrong. A false positive is a match, that is wrong. No
> > matter
> > the score you assign the test.
John Hardin wrote:
> On Fri, 2 Oct 2009, Igor Bogomazov wrote:
>
>> whitelist_from_rcvd s...@domain.mail prefix.domain.mail
>> doesn't work.
>>
>> I've checked rDNS of the prefix.domain.mail with 'host' utility - it's
>> all right.
>
> You don't check rDNS using "host", you check it using "dig -x
On Fri, 2 Oct 2009, Kris Deugau wrote:
John Hardin wrote:
You don't check rDNS using "host", you check it using "dig -x
host.ip.addr.here"
Actually, unless your DNS configuration is doing something bizarre, they
should give back the same basic info - dig is just a lot more verbose:
-kgd,
On Fri, 2 Oct 2009, Jose Luis Marin Perez wrote:
- Approximately 85% of spam are in Spanish, this can be a problem for
SpamAssassin?
Possibly. Most of the default rules and most third-party rules are for
English. This would tend to reduce your hit rate, but a properly-trained
Bayes would h
On Fri, 2 Oct 2009, RW wrote:
However, if you want to be understood you need to speak the Lingua
Franca. If you choose to use a term differently than everyone else
you WILL be misunderstood and corrected.
If everyone calls an apple an orange, then yeah, it's an orange.
A false match on a test
I have recently updated to 3.2.4 - for some reason my required_score keeps
reverting to 5, basically ignoring or everriding the settings in local.cf.
The ruleset 10_default_prefs.cf has these settings, and this is where it
appears to come from. While I have commented out the offending line(s)
Hi All,
Regarding the .cn oddity, I added these to my rules, and of about 79k
messages today so far, I have the following:
uri LOC_URI_CN m;^https?://[^/?]+\.cn\b;
uri T_CN_8_URL /[\/.]+\w{8}\.cn(?:$|\/|\?)/i
LOC_URI_CN: 2926
T_CN_8_URL: 1634
HTH,
Alex
On Fri, 2 Oct 2009, Jefferson Davis wrote:
I have recently updated to 3.2.4 - for some reason my required_score keeps
reverting to 5, basically ignoring or everriding the settings in local.cf.
Some Linux (presumed) disties have non-standard configuration
directories - but when you manually upg
Charles Gregory wrote:
On Fri, 2 Oct 2009, RW wrote:
However, if you want to be understood you need to speak the Lingua
Franca. If you choose to use a term differently than everyone else
you WILL be misunderstood and corrected.
If everyone calls an apple an orange, then yeah, it's an orange.
Some just mentioned sa-stats.pl statistics, and I then wrote a script for me to
post daily stats for me into email.
This is not nuclear science, but I still share it.
It is HTML formatted because I use Outlook Express to read mail, but it is easy
to fix
The file is named so that it runs just
not to be outdone by hackers and thieves, phishing for PPI, southwest
airlines is sending out their own DKIM signed, SPF PASSED, from their
own servers, their very own phishing email. (didn't one of the major
banks do something like this 3 years ago?)
all servers in the links are http (not htt
On Fri, 2 Oct 2009, Bill Landry wrote:
John Hardin wrote:
On Fri, 2 Oct 2009, Igor Bogomazov wrote:
I've checked rDNS of the prefix.domain.mail with 'host' utility - it's
all right.
You don't check rDNS using "host", you check it using "dig -x
host.ip.addr.here"
Why not, they come up with
http://ruleqa.spamassassin.org/
If you are capable of processing your mail nightly in cron, why don't
you join the nightly mass check? You can help to test the rules and
make the sa-update channel better. We especially need non-English ham
in the nightly masscheck.
http://wiki.apache.org/sp
On Fri, 2009-10-02 at 20:45 +0300, Jari Fredriksson wrote:
> Sendmail command is available with sendmail and postfix emailers,
> dunno about others.
>
You don't need to use sendmail: if the cron job writes anything to
stdout (or stderr) this is automatically mailed to root.
If you'd rather that
> On Fri, 2009-10-02 at 20:45 +0300, Jari Fredriksson wrote:
>
>> Sendmail command is available with sendmail and postfix
>> emailers, dunno about others.
>>
> You don't need to use sendmail: if the cron job writes
> anything to stdout (or stderr) this is automatically
> mailed to root.
>
> If
> http://ruleqa.spamassassin.org/
> If you are capable of processing your mail nightly in
> cron, why don't you join the nightly mass check? You can
> help to test the rules and make the sa-update channel
> better. We especially need non-English ham in the
> nightly masscheck.
>
> http://wiki.a
>> http://ruleqa.spamassassin.org/
>> If you are capable of processing your mail nightly in
>> cron, why don't you join the nightly mass check? You can
>> help to test the rules and make the sa-update channel
>> better. We especially need non-English ham in the
>> nightly masscheck.
>>
>> http:/
On 10/02/09 13:52, quoth Michael Scheidell:
> not to be outdone by hackers and thieves, phishing for PPI, southwest
> airlines is sending out their own DKIM signed, SPF PASSED, from their own
> servers, their very own phishing email. (didn't one of the major banks do
> something like this 3 years
Steven W. Orr wrote:
On 10/02/09 13:52, quoth Michael Scheidell:
not to be outdone by hackers and thieves, phishing for PPI, southwest
airlines is sending out their own DKIM signed, SPF PASSED, from their own
servers, their very own phishing email. (didn't one of the major banks do
somethi
On Fri, 2009-10-02 at 21:33 +0300, Jari Fredriksson wrote:
> > On Fri, 2009-10-02 at 20:45 +0300, Jari Fredriksson wrote:
> >
> >> Sendmail command is available with sendmail and postfix
> >> emailers, dunno about others.
> >>
> > You don't need to use sendmail: if the cron job writes
> > anythin
On Fri, 2009-10-02 at 13:52 -0400, Michael Scheidell wrote:
> not to be outdone by hackers and thieves, phishing for PPI, southwest
> airlines is sending out their own DKIM signed, SPF PASSED, from their
> own servers, their very own phishing email. (didn't one of the major
> banks do something
My employer's travel department just sent out a memo asking for the same
information. No reference to Southwest Airlines in the memo.
Coincidence?
--
Art Greenberg
a...@eclipse.net
On fre 02 okt 2009 21:42:22 CEST, Michael Scheidell wrote
southwest's phone has a 1 hour hold time.
nope, in time waiting do this "spamassassin 2>&1 -D -t msg | grep
domain | less"
what domains is listed ?, some trd party domains that does not use
known nameserver ?, eg why would a airlin
On Fri, 2009-10-02 at 15:42 -0400, Michael Scheidell wrote:
> it REALLY looks like someone at southwest had this done.
>
> its stupid.. it encourages users to disclose private data over an
> insecure channel, and whoever authorized this (if its southwest) needs
> a LONG vacation.
>
Should somebod
Benny Pedersen wrote:
On fre 02 okt 2009 21:42:22 CEST, Michael Scheidell wrote
southwest's phone has a 1 hour hold time.
nope, in time waiting do this "spamassassin 2>&1 -D -t msg | grep
domain | less"
what domains is listed ?, some trd party domains that does not use
known nameserver ?,
from other that have see this email from other airlines:
(and, sw needs to protect my PPI by using SSL servers, not plain text
servers that belong to a marketing company)
Is the TSA “trying to scare me into providing personal information”?
June 2, 2009
Secure Flight. Just the mention of tho
On fre 02 okt 2009 22:03:23 CEST, Michael Scheidell wrote
still doesn't answer, dkim signed, spf passes, all domains end in
.southwest.com
then some using a smtp auth or hacked computer inside, or dkim-sign
any mails ?
send to abuse at theredomain dot tld, yes its a grey area where one
like m
> On Fri, 2009-10-02 at 21:33 +0300, Jari Fredriksson wrote:
>>> On Fri, 2009-10-02 at 20:45 +0300, Jari Fredriksson
>>> wrote:
>>>
Sendmail command is available with sendmail and postfix
emailers, dunno about others.
>>> You don't need to use sendmail: if the cron job writes
>>>
On Fri, 2009-10-02 at 23:28 +0300, Jari Fredriksson wrote:
> There is a blank line between Content-Type and Hello, but the
> Content-Type line WILL get to the body, and the html gets injected
> after it as raw html code, not as html (because the actual content
> type will be text not html).
>
> Cr
> On Fri, 2009-10-02 at 23:28 +0300, Jari Fredriksson wrote:
>> There is a blank line between Content-Type and Hello,
>> but the Content-Type line WILL get to the body, and the
>> html gets injected after it as raw html code, not as
>> html (because the actual content type will be text not
>> html)
>> Warren Togami wrote:
>> # 2005/07/29, http://www.apnic.net/db/ranges.html
>> header RCVD_VIA_APNIC Received =~
>> /[^0-9.](?:5[89]|6[01]|12[456]|20[23]|21[0189]|22[012])(?:\.[012]?[0-9]{1,2}){3}(?:\]|\)|
>>
>> )/
>> describe RCVD_VIA_APNIC Received through a relay in Asia/Pacific Network
RW wrote:
> On Fri, 02 Oct 2009 00:14:52 +0200
> mouss wrote:
>
>> RW wrote:
>
>>> The term false-positive can apply to any test. A test for ham
>>> that matches a spam is a false-positive, it's a matter of context.
>> spam too can be (re)defined. and actually any term. but it is assumed
>> her
Karsten Bräckelmann wrote:
> On Fri, 2009-10-02 at 00:08 +0200, mouss wrote:
>> Karsten Bräckelmann wrote:
>>> False positive. Something, that matches (positive) the criterion for a
>>> certain test, but should not (false).
>
> I stand to what I said.
>
I'm not surprised:)
>> you can certainly
Benny Pedersen wrote:
On fre 02 okt 2009 22:03:23 CEST, Michael Scheidell wrote
still doesn't answer, dkim signed, spf passes, all domains end in
.southwest.com
then some using a smtp auth or hacked computer inside, or dkim-sign
any mails ?
SUPPRIZE.. its legit folks.
SF phone lines, and we
Warren Togami wrote:
> # 2005/07/29, http://www.apnic.net/db/ranges.html
> header RCVD_VIA_APNIC Received =~
> /[^0-9.](?:5[89]|6[01]|12[456]|20[23]|21[0189]|22[012])(?:\.[012]?[0-9]{1,2}){3}(?:\]|\)|
>
> )/
> describe RCVD_VIA_APNIC Received through a relay in Asia/Pacific Network
> Adam Kat
What causes a spamd 3.2.5 child process to be terminated by receiving a
SIGCHLD signal?
I've looked at the spamc and spamd manpages but there's no mention of
them there. I can't remember seeing them discussed on this maillist
either.
My last month's logs show 7 of them and I can't work out what
On Sat, 2009-10-03 at 00:03 +0300, Jari Fredriksson wrote:
> This is something that I have no knowledge.
>
It was a surprise to me too!
> Could you see the "source" format of the mail? I can't think anything
> except it being in HTML format, as there is no AFAIK no other formats
> for "rich text"
On Sat, 2009-10-03 at 00:25 +0200, mouss wrote:
> Karsten Bräckelmann wrote:
> > > > False positive. Something, that matches (positive) the criterion for a
> > > > certain test, but should not (false).
> >
> > I stand to what I said.
>
> I'm not surprised:)
;)
> > IFF you are talking about th
On Sat, 03 Oct 2009 00:12:37 +0200
mouss wrote:
> RW wrote:
> > On Fri, 02 Oct 2009 00:14:52 +0200
> > mouss wrote:
> >
> > The source of your confusion is that you are mixing-up the
> > terminology of the overall classification and individual test
> > results. Think of this way, in a fingerpr
> On Sat, 2009-10-03 at 00:03 +0300, Jari Fredriksson wrote:
>> This is something that I have no knowledge.
>>
> It was a surprise to me too!
>
>> Could you see the "source" format of the mail? I can't
>> think anything except it being in HTML format, as there
>> is no AFAIK no other formats for
On Sat, 2009-10-03 at 03:57 +0300, Jari Fredriksson wrote:
> But let us keep in mind that it is the client that renders the mail
> for us to see.
>
> it must be some format the the client must understand.
> postfix.sendmail is not a client, and whatever it does must be
> understandable by the clie
On 10/02/09 02:43, quoth Warren Togami:
> # 2005/07/29, http://www.apnic.net/db/ranges.html header RCVD_VIA_APNIC
> Received =~
> /[^0-9.](?:5[89]|6[01]|12[456]|20[23]|21[0189]|22[012])(?:\.[012]?[0-9]{1,2}){3}(?:\]|\)|
> )/ describe RCVD_VIA_APNIC Received through a relay in Asia/Pacific
> Net
51 matches
Mail list logo
