On fre 24 sep 2010 04:33:33 CEST, Chris wrote
Or is it needed since I have the def_whitelist_from_spf line?
you trigger on def_ in shourtcicuit thats the error you made if any,
do change the shortcicuit rule to only doit it if its whilelist not
just def_whitelist
def_ rules is for grey
Hello *,
my server has arround 680 Mailinglists and over 100.000 Users and usualy
I get between 2-3 mio legitim messages plus arround 14 mio spams where
80% are rejected on SMTP level.
But since some days, my servers are hit by more then 90 mio spams per
day... OK, most of them are
http://pastebin.com/zAvghCQJ
Hello sorry for the newbie question, one of our users is getting slammed by
these. I'm wondering which rules should be stopping these.
thanks
--
View this message in context:
http://old.nabble.com/What-rules-should-be-stopping-these-tp29801831p29801831.html
Sent
On Fri, 24 Sep 2010, njjrdell wrote:
http://pastebin.com/zAvghCQJ
Hello sorry for the newbie question, one of our users is getting slammed
by these. I'm wondering which rules should be stopping these.
That hits URIBL. Do you have network tests and URIBL lookups enabled?
--
John Hardin
I actually take that back in our local.cf we have
urirhssub URIBL_BLACK multi.uribl.com.A 2
bodyURIBL_BLACK eval:check_uridnsbl('URIBL_BLACK')
describeURIBL_BLACK Contains an URL listed in the URIBL blacklist
tflags URIBL_BLACK net
score
On fre 24 sep 2010 21:28:53 CEST, njjrdell wrote
http://pastebin.com/zAvghCQJ
Content analysis details: (15.0 points, 5.0 required)
pts rule name description
-- --
2.5 RCVD_IN_PSBL RBL:
On Fri, 2010-09-24 at 13:03 -0700, njjrdell wrote:
we have setup on our mailservers.
sbl-xbl.spamhaus.org
dnsbl.njable.org
bl.spamcop.net
b.barracudacentral.org
Hmm, that seems to hint checking at SMTP time and outright rejecting
based on the sender's IP. While that certainly is a good idea
On Fri, 2010-09-24 at 22:43 +0200, Karsten Bräckelmann wrote:
Hello sorry for the newbie question, one of our users is getting
slammed
by these. I'm wondering which rules should be stopping these.
Your sample is missing the rules actually triggered, which usually would
be in the
Where is the user's user_prefs file supposed to live?
Mine is in ~/.spamassassin/user_prefs, but it is ignored (presently
full of whitelist_rcvd entries that never fire). This is where it has been
since spamassassin 2.6.xxx
If I put all of those into /etc/mail/spamassassin/local.cf they
On Fri, 2010-09-24 at 17:14 -0500, Chuck Campbell wrote:
Where is the user's user_prefs file supposed to live?
What does your question have to do with this Subject?
You just hi-jacked a thread. Well, granted, you actually just hi-jacked
the Subject, abandoning your own thread -- the threading
On Fri, 2010-09-24 at 13:13 +0200, Benny Pedersen wrote:
On fre 24 sep 2010 04:33:33 CEST, Chris wrote
Or is it needed since I have the def_whitelist_from_spf line?
you trigger on def_ in shourtcicuit thats the error you made if any,
do change the shortcicuit rule to only doit it if its
On Fri, 2010-09-24 at 17:31 -0500, Chris wrote:
Here's what rules hit in a short circuit ham:
X-spam-status: No, score=-124.2 required=5.0 tests=RCVD_IN_PBL=3.335,
RCVD_IN_SORBS_DUL=0.001,SC_NET_HAM=-20,SHORTCIRCUIT=-100,
USER_IN_DEF_DKIM_WL=-7.5 RCVD_IN_PBL,RCVD_IN_SORBS_DUL,SC_NET_HAM,
On lør 25 sep 2010 00:31:18 CEST, Chris wrote
# slower, network-based whitelisting
meta SC_NET_HAM (USER_IN_DKIM_WHITELIST||USER_IN_DK_WHITELIST||
USER_IN_SPF_WHITELIST||USER_IN_DEF_DK_WL||USER_IN_DEF_DKIM_WL||
USER_IN_DEF_SPF_WL||USER_IN_WHITELIST||USER_IN_DEF_WHITELIST)
change this meta to
On Sat, 2010-09-25 at 01:07 +0200, Karsten Bräckelmann wrote:
On Fri, 2010-09-24 at 17:31 -0500, Chris wrote:
Here's what rules hit in a short circuit ham:
X-spam-status: No, score=-124.2 required=5.0 tests=RCVD_IN_PBL=3.335,
RCVD_IN_SORBS_DUL=0.001,SC_NET_HAM=-20,SHORTCIRCUIT=-100,
On Sat, 2010-09-25 at 02:04 +0200, Benny Pedersen wrote:
On lør 25 sep 2010 00:31:18 CEST, Chris wrote
# slower, network-based whitelisting
meta SC_NET_HAM (USER_IN_DKIM_WHITELIST||USER_IN_DK_WHITELIST||
USER_IN_SPF_WHITELIST||USER_IN_DEF_DK_WL||USER_IN_DEF_DKIM_WL||
On Fri, 2010-09-24 at 19:40 -0500, Chris wrote:
On Sat, 2010-09-25 at 01:07 +0200, Karsten Bräckelmann wrote:
Ham!? PBL, SORBS DUL. Are you trying to use whitelisting to protect
outgoing messages? Shouldn't you be using authenticated SMTP instead?
No Karsten, this is incoming mail to my
On Sat, 2010-09-25 at 03:31 +0200, Karsten Bräckelmann wrote:
On Fri, 2010-09-24 at 19:40 -0500, Chris wrote:
http://pastebin.com/LqVtvjgM
OK, wait. That sample is really an example showing the DKIM headers,
sent by *you*. Right? It's authenticated.
Hmm, from your original pastebin:
On lør 25 sep 2010 02:53:30 CEST, Chris wrote
meta SC_NET_HAM (USER_IN_DKIM_WHITELIST||USER_IN_DK_WHITELIST||
USER_IN_SPF_WHITELIST||USER_IN_DEF_DK_WL||USER_IN_DEF_DKIM_WL||
USER_IN_DEF_SPF_WL||USER_IN_WHITELIST)
there is still user in def :=)
user_in_whitelist includes whitelist_from with
On lør 25 sep 2010 03:46:09 CEST, Karsten Bräckelmann wrote
Anyone wonder how to steal those user passwords?
(BTW, you did not use TLS either. :/)
dont blame chris on this one, he needs a isp that dont accept passwors
in non tls tunnels, well spotted
/me back on my problem with kernel that
On Sat, 2010-09-25 at 03:31 +0200, Karsten Bräckelmann wrote:
On Fri, 2010-09-24 at 19:40 -0500, Chris wrote:
On Sat, 2010-09-25 at 01:07 +0200, Karsten Bräckelmann wrote:
Ham!? PBL, SORBS DUL. Are you trying to use whitelisting to protect
outgoing messages? Shouldn't you be using
On Fri, 2010-09-24 at 22:16 -0500, Chris wrote:
On Sat, 2010-09-25 at 03:31 +0200, Karsten Bräckelmann wrote:
Begs the question why the phish that started this thread has been DKIM
signed by your ISP, too. Seriously.
Hmm, from your original pastebin:
Authentication-Results:
On Sat, 2010-09-25 at 04:47 +0200, Benny Pedersen wrote:
meta SC_NET_HAM (USER_IN_DKIM_WHITELIST||USER_IN_DK_WHITELIST||
USER_IN_SPF_WHITELIST||USER_IN_DEF_DK_WL||USER_IN_DEF_DKIM_WL||
USER_IN_DEF_SPF_WL||USER_IN_WHITELIST)
there is still user in def :=)
user_in_whitelist includes
22 matches
Mail list logo