Re: SA-3.2 need help

I've inserted "score FH_DATE_PAST_20XX 0" without the quotes to the end of your local.cf file to disable the rule for 2010 bug. If i'm upgrading SA to 3.3.1, my mail processing is very slow and my server load average is going up. I've googled all the stuff in my local.cf its not inherited from

RE: Reducing scan time

On Thu, 2010-04-22 at 08:44 -0400, Kaleb Hosie wrote: > Our scan time use to be much longer and it was because of clamav. I realized > that I was scanning with clamscan and not clamdscan. > > The clamdscan uses the daemon that's already loaded, so it's not loading the > virus database everytime

Re: Amavisd Down after HUP'ing server

Hello, On Thu, Apr 22, 2010 at 8:56 PM, Mark Martinec > wrote: > Kalpin Erlangga Silaen wrote: > > I always get this error (once a day) > > > > Apr 22 14:07:35 stargate amavis[7147]: (!)Net::Server: > 2010/04/22-14:07:35 > > HUP'ing server > > > > after that, amavis down and can not connect to p

Re: dcc: [26896] terminated: exit 241

On 4/22/2010 2:43 PM, Micah Anderson wrote: Ted Mittelstaedt writes: Actually it's not even that. The notion that Debian spent effort detecting and removing DCC source is rather farfetched. Sorry, but you are pretty off here. Debian does this all the time. I'm an official Debian Developer

Re: dcc: [26896] terminated: exit 241

Ted Mittelstaedt writes: > Actually it's not even that. The notion that Debian spent effort > detecting and removing DCC source is rather farfetched. Sorry, but you are pretty off here. Debian does this all the time. I'm an official Debian Developer and I have personally been involved in doing

Re: dcc: [26896] terminated: exit 241

On 4/22/10 5:24 PM, Micah Anderson wrote: In fact the whole thread here has continued on as a result of that very reason why Debian did not update it. I'll cite it again for you[2] "The Distributed Checksum Clearinghouse source carries a license that is free to organizations that do not s

Re: dcc: [26896] terminated: exit 241

Michael Scheidell writes: > On 4/21/10 1:25 PM, Ted Mittelstaedt wrote: >> >> >> Distributed Checksum Clearinghouse quite obviously feels that they have >> captured enough fishes in the ocean and are making plenty of money now >> and so do not require all of the free advertising that inclusion of

SA + spampd: keep a copy of refused mail ?

Hello, Please forgive me, if this question is more related to the glue than to SA itself. I have a mail server with low to moderate traffic. Here is my setup: Postfix invokes SA through the spam proxy daemon (spampd) in a setup so that inbound spam can be rejected during the smtp transaction

Re: did I misunderstand DKIM_ADSP_DISCARD or is there a bug?

> > You don't have an author domain signature, the signature there > > is a 3rd party signature, twitter.com != postmaster.twitter.com > >DKIM-Signature: [...] d=twitter.com > >From: Twitter<@postmaster.twitter.com> > is there an author subdomain signature ? No, it has no more value

Re: did I misunderstand DKIM_ADSP_DISCARD or is there a bug?

On 4/22/10 3:40 PM, Mark Martinec wrote: You don't have an author domain signature, the signature there is a 3rd party signature, twitter.com != postmaster.twitter.com DKIM-Signature: [...] d=twitter.com From: Twitter<@postmaster.twitter.com> 'author domain signature' (AD) is the ke

Re: did I misunderstand DKIM_ADSP_DISCARD or is there a bug?

Michael, > Getting lots of twits sending out phishing emails 'from' twitter.com > (the spam looks good, the only thing they change is the a href in the > email, other than that, its exactly the twitter mail) > > Twitter DKIM signs all their emails (and they come from > postmaster.twitter.com, NOT

Re: Top Ten Rules

Hi, >> How many entries? Does it just keep growing? We have a local one too, >> and every so often correlate it with the public RBLs so as to not >> duplicate the check and overhead. > > They expire in 2 weeks. They should make it into a public RBL by > that time. Maybe it should even be shorter.

Checking AWL is working

Hi I am trying to identify whether the AWL is working, I am no longer getting a rule hit in the report. What is the best way to see if its hitting as the spamassassin -D output suggests it is working. [29200] dbg: auto-whitelist: tie-ing to DB file of type DB_File R/W in /home/spamd/.spamassass

did I misunderstand DKIM_ADSP_DISCARD or is there a bug?

Getting lots of twits sending out phishing emails 'from' twitter.com (the spam looks good, the only thing they change is the a href in the email, other than that, its exactly the twitter mail) Twitter DKIM signs all their emails (and they come from postmaster.twitter.com, NOT twitter.com) I

Re: bypass spam check if SPF is OK

On Thu, 22 Apr 2010, Rejaine Monteiro wrote: Sorry if I was not very clear (my english is a little poor) in fact, I wanted to decrease the score obtained if SPF return OK My point is still valid, you don't want to reduce the score on _just_ SPF Pass. Take a look at whitelist_auth. John Ha

RE: Reporting (Off Topic)

> Is there a process to report the IP so they can be black > listed from doing this to others? > One way is to go to SpamCop's website to report it. www.spamcop.net/ Another (more automated way) is to use the following command: spamassassin -r < the_spam_message_file Hope that helps. Kaleb

Reporting (Off Topic)

I am wondering how I can report spam to Spamhaus & Spamcop sites if it hasn't already been reported? I started to get massive spam from one particular IP as shown below: Apr 20 09:30:45 mail postgrey[2219]: action=greylist, reason=new, client_name=hst1pilot.com, client_address=188.72.217.47, sende

Re: SA-3.2 need help

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 4/22/10 10:45 AM, Tux Techie wrote: > I'm new to linux and Need help in configuring spamassassin on my > mail server,I'm using spamassassin-3.2.4-1.el4.1 on CentOS4 with My first guess without seeing real samples would be that you are hitti

Re: SA-3.2 need help

On Thu, 2010-04-22 at 21:15 +0530, Tux Techie wrote: > I'm new to linux and Need help in configuring spamassassin on my mail > server,I'm using spamassassin-3.2.4-1.el4.1 on CentOS4 with > sendmail-8.13.1-3.3.el4 [ massive snip ] > This is my /etc/procmailrc > > DROPPRIVS=yes > :0fw > | /usr/bin

Re: SA-3.2 need help

Tux Techie wrote: > > > hi, > > I'm new to linux and Need help in configuring spamassassin on my > mail server,I'm using spamassassin-3.2.4-1.el4.1 on CentOS4 with > sendmail-8.13.1-3.3.el4 > > This is my local.cf > > bayes_ignore_header X-Spa

SA-3.2 need help

hi, > > I'm new to linux and Need help in configuring spamassassin on my mail > server,I'm using spamassassin-3.2.4-1.el4.1 on CentOS4 with > sendmail-8.13.1-3.3.el4 > > This is my local.cf > > > > # This is the right place to customize your installation of SpamAssassin. > # > # See 'perldoc Mail:

Re: Top Ten Rules

 29,148 messages : Host sending mail was in our local blocklist How many entries? Does it just keep growing? We have a local one too, and every so often correlate it with the public RBLs so as to not duplicate the check and overhead. They expire in 2 weeks. They should make it into a public

Re: UCEPROTECT

Nigel, It takes two to tango. 1) If your recipient's Email server didn't use UCEPROTECT, you would not be having this issue. 2) If your recipient's ISP ran their own local cached copy of the UCEPROTECT zone file(s), they could simply remove your IP address. 3) If your recipient's ISP ran a local

Re: UCEPROTECT

On Thu, 2010-04-22 at 13:53 +0100, n.frank...@gmail.com wrote: > Hi All, > > For reference the SORBS issue is still ongoing, my ISP (BT) is working > hard to resolve it. > > I mentioned in one of my posts how UC (UCPROTECT) were also an issue. > > They seem to have taken entire netblocks and are

Re: bypass spam check if SPF is OK

Rejaine Monteiro wrote: > Sorry if I was not very clear (my english is a little poor) > in fact, I wanted to decrease the score obtained if SPF return OK Probably not a good idea. The last set of stats that I saw indicated that SPF_PASS was more likely to occur in spam than in ham. This is why

Re: Amavisd Down after HUP'ing server

Kalpin Erlangga Silaen wrote: > I always get this error (once a day) > > Apr 22 14:07:35 stargate amavis[7147]: (!)Net::Server: 2010/04/22-14:07:35 > HUP'ing server > > after that, amavis down and can not connect to port 10024 > > amavisd-new-2.6.4 (20090625) Versions older than 2.7.0 (not yet

Re: UCEPROTECT

UCProtect and backscatterrer.org are BOTH doing this. In my opinion they even could well be controlled by spammers and taking money on both ends of the this. I personally feel abused by them since they appear to be stroking their lists simply to make money. Ron Smith postmas...@pmbx.net "Havin

Re: bypass spam check if SPF is OK

Benny Pedersen escreveu: > > perldoc Mail::SpamAssassin::Conf > perldoc Mail::SpamAssassin::Plugin::SPF > > read them, search for whitelist and do test with spamassassin 2>&1 > -D -t hammsg | less // ok, thanks for the tip!.. > > make sure you dont just give -100 for a possible spam msg :( > ho

Re: bypass spam check if SPF is OK

On tor 22 apr 2010 15:24:02 CEST, Rejaine Monteiro wrote Sorry if I was not very clear (my english is a little poor) in fact, I wanted to decrease the score obtained if SPF return OK perldoc Mail::SpamAssassin::Conf perldoc Mail::SpamAssassin::Plugin::SPF read them, search for whitelist and

Re: bypass spam check if SPF is OK

On tor 22 apr 2010 15:20:47 CEST, John Hardin wrote It's not a good idea to whitelist on just SPF Pass. What is to prevent a spammer from publishing valid SPF records for their sources and thus whitelisting themselves to you? yep thats the problem, here i use def_whitelist_from_spf to grey

Re: bypass spam check if SPF is OK

Sorry if I was not very clear (my english is a little poor) in fact, I wanted to decrease the score obtained if SPF return OK John Hardin escreveu: > On Thu, 22 Apr 2010, Rejaine Monteiro wrote: > The appropriate place to do things like that is in the glue layer. > > It's not a good idea to white

Re: bypass spam check if SPF is OK

On tor 22 apr 2010 15:09:32 CEST, Rejaine Monteiro wrote There is anyway to bypass a spam when SPF check results result is equal to 'SPF_PASS'? yes, but that rule will be silly spammers can also just add a spf with "ipv4:0.0.0.0/0 -all" in it, so atleast dont make spf pass stop just there

Re: expedia emails broken, anyone got a contact?

Le 22/04/2010 15:13, John Hardin a écrit : Bayes 50 is neutral and you're scoring it at 0.8? Agreed that's not a good idea. Except that 0.8 is the default score for BAYES_50 under 3.3.0 and 3.3.1... John. -- -- Over 4000 webcams from ski resorts around the world - www.snoweye.com -- Transla

Re: bypass spam check if SPF is OK

On Thu, 22 Apr 2010, Rejaine Monteiro wrote: There is anyway to bypass a spam when SPF check results result is equal to 'SPF_PASS'? The appropriate place to do things like that is in the glue layer. It's not a good idea to whitelist on just SPF Pass. What is to prevent a spammer from publ

bypass spam check if SPF is OK

Hi all There is anyway to bypass a spam when SPF check results result is equal to 'SPF_PASS'?

Re: expedia emails broken, anyone got a contact?

On Thu, 22 Apr 2010, LuKreme wrote: On 21-Apr-2010, at 14:58, Michael Scheidell wrote: BAYES_50=0.8, TML_MESSAGE=0.001, INVALID_DATE=1.096, MIME_HTML_ONLY=0.223, NO_REAL_NAME=1, RELAY_COUNTRY_US=0.001, SARE_OEM_S_PRICE=1, TO_EQ_FM_DIRECT_MX=0.001, TO_EQ_FM_HTML_DIRECT=1.728, TO_EQ_FM_HTML_O

UCEPROTECT

Hi All, For reference the SORBS issue is still ongoing, my ISP (BT) is working hard to resolve it. I mentioned in one of my posts how UC (UCPROTECT) were also an issue. They seem to have taken entire netblocks and are demanding 20Euro's per year to remove individual IP's Does anyone have any in

RE: Reducing scan time

> On Thu, 2010-04-22 at 02:05 +0100, Martin Hepworth wrote: > > > > > > On 22 April 2010 00:44, Chris wrote: > > I've posted two files below, one is the time output > for a spam > > and one > > for ham. Seems like over the past few weeks SA scan > times have > > bec

Re: spamc randomization

On Wed, 21 Apr 2010 10:59:26 -0400 Micah Anderson wrote: > > I'm using the --randomize option to spamc, along with the -d switch > that has a hostname which resolves to multiple IP addresses. > > Does the --randomize get passed the full set of IPs that are resolved > from the -d hostname and t

Re: Reducing scan time

On tor 22 apr 2010 04:21:40 CEST, Chris wrote Clam was running really slow and sucking a bunch of memory however, the problem there was found to be that I had a mail.cvd and main.cld db, I removed the .cld file and it seemed to speed up somewhat. this one is really a design bug in clamav when v

Re: expedia emails broken, anyone got a contact?

On 21-Apr-2010, at 14:58, Michael Scheidell wrote: > > AYES_50=0.8, TML_MESSAGE=0.001, INVALID_DATE=1.096, MIME_HTML_ONLY=0.223, > NO_REAL_NAME=1, RELAY_COUNTRY_US=0.001, SARE_OEM_S_PRICE=1, > TO_EQ_FM_DIRECT_MX=0.001, TO_EQ_FM_HTML_DIRECT=1.728, > TO_EQ_FM_HTML_ONLY=0.001, T_LOTS_OF_MONEY=0.01

Cyrillic spam mail

Hi, following mail got through SpamAssassin today: http://pastebin.com/Z50yqmij I was just wondering why there were nearly none of standard SpamAssassin rules hitting, it's even been whitelisted by HostKarma. X-Spam-Status: No, hits=2.0, required= 5.0, autolearn=no, shortcircuit=no X-Spam-Repor

Re: How to I disable spam checking for a domain

Hi, >> I have a server with multiple virtual domain, >> I want to disable spam checking on some of them. >> >> Is this possible? > > You can't disable a domain *in* SA, but you can whitelist a domain in > local.cf like so: > > # Disable SpamAssassin for this user/domain > whitelist_to    some...@e

Re: How to I disable spam checking for a domain

Osax wrote: By the "glue" I assume you mean you maildir or vdeliver? Whatever mechanism you use to pass mail to SpamAssassin to be scanned. Don't pass mail for domains you don't want scanned, just deliver straight to the users mailbox (or do whatever else you may do with mail after SA has

Re: Problems with sa-update

On 22-Apr-2010, at 02:30, Personal Técnico wrote: > > I'm getting this error when I run sa-update: sa-update -D and maybe sa-update -V ? -- Ahahahahaha! Ahahahaha! Aahahaha! BEWARE! Yrs sincerely The Opera Ghost --Maskerade

Problems with sa-update

Hi, I'm getting this error when I run sa-update: config: failed to parse line, skipping, in "/tmp/.spamassassin26787Cjo628tmp/72_active.cf": mimeheader __TVD_MIME_ATT_AOPDF Content-Type =~ /^application\/octet-stream.*\.pdf/i config: failed to parse line, skipping, in "/tmp/.spamassassin2678

SpamAssassin on LinuxTag Berlin

hi, the Perl community is going to have a Perl booth on LinuxTag Berlin in June. We would like to represent a number of Perl based projects there. Is there anyone from SpamAssasin team is around who would be interested in participating (on some of the days) and show SpamAssasin to the visitors?

RE: Interesting use of html comments

> Giampaolo Tomassoni wrote: > > But, anyway, I see SA 3.3.1 comes with a very good HTMLEval plugin. > However, > > it seems to me that it misses a way to, in example, count the length > of the > > text commented out with respect to the uncommented one and eventually > > trigger a rule if the ratio

Amavisd Down after HUP'ing server

Hello, I always get this error (once a day) Apr 22 14:07:35 stargate amavis[7147]: (!)Net::Server: 2010/04/22-14:07:35 HUP'ing server after that, amavis down and can not connect to port 10024 Apr 22 14:08:06 stargate postfix/smtp[17561]: connect to 127.0.0.1[127.0.0.1]:10024: Connection refused