Interesting that I'm just now running into this... I've been using
Botnet on this server for several months without issue.
Thanks for the link, shorter timeouts should cure it. :)
Jake
On Wed, Jun 10, 2009 at 12:26 PM, Jason Haar wrote:
> On 06/11/2009 07:05 AM, Jake Maul wrote:
Howdy all,
The last couple days I've been seeing a lot of Botnet-related
timeouts. Obviously the Botnet plugin itself hasn't changed...
DNS problems maybe? Anyone else seen this? It's causing my SA children
to hang and for the server to hit the max-children setting. I had to
disable Botnet to get
Heh, yeah, the first one is in SaneSecurity now. I call clamd directly
from Exim before SA, so I wouldn't see this one anymore.
Thanks,
Jake
On Mon, Mar 2, 2009 at 8:40 PM, Chris wrote:
> On Mon, 2009-03-02 at 05:16 +0100, Michelle Konzack wrote:
>> Am 2009-03-01 09:44:00, sch
That's an interesting observation. Yes, the initial host is US for
both, bounced through the UK (80.82.114.106 in both cases). I thought
RelayCountry would show *all* the countries represented in Received:
lines?
Jake
On Sun, Mar 1, 2009 at 11:56 AM, wrote:
> Hi Jake,
>
> both examples seem to
On Sun, Mar 1, 2009 at 11:32 AM, Karsten Bräckelmann
wrote:
> On Sun, 2009-03-01 at 09:44 -0700, Jake Maul wrote:
>> Howdy,
>>
>> Lately I've been getting a lot of spam like this:
>>
>> http://pastebin.com/m58b01a0b
>> http://pastebin.com/me13959a
, Mar 01, 2009 at 09:44:00AM -0700, Jake Maul wrote:
>> The domain changes, but it's virtually always in the .de TLD
>> [31067] dbg: metadata: X-Relay-Countries: GB
>>
>> They don't seem to trigger any remote tests at all DNSBLs, URIBLs,
>> Pyzor, Razo
Would you mind posting (or mailing me directly) what rules you're
triggering to get those scores?
Many thanks,
Jake
On Sun, Mar 1, 2009 at 9:16 PM, Michelle Konzack
wrote:
> Am 2009-03-01 09:44:00, schrieb Jake Maul:
>> http://pastebin.com/m58b01a0b
>
> Score 7.6
>
Howdy,
Lately I've been getting a lot of spam like this:
http://pastebin.com/m58b01a0b
http://pastebin.com/me13959a
The domain changes, but it's virtually always in the .de TLD
("somedomain.de"). RelayCountries has this to say about that message
(I'm in the US, btw):
[31067] dbg: metadata: X-Rel
The point of the GPG sig check is to verify the authenticity of the
source of the rules you're downloading. To get in the frame of mind as
to what it means to skip this, consider what it would mean to have an
unknown (obviously malicious) person masquerade as your wife/husband
for a while. What mig
On Mon, Nov 10, 2008 at 6:29 AM, Michael Scheidell <[EMAIL PROTECTED]> wrote:
> looks like spammers are using (some random text from books)
> to try to poison baysian
>
> seems text inside of
On Fri, Nov 7, 2008 at 4:45 AM, Samy Ascha, Xel Media B.V. <[EMAIL PROTECTED]>
wrote:
> I have recently setup a mailbox and a sa-learn script to start teaching
> SpamAssassin. This was all no problem, but:
>
> We have an MX group of usually about 3 MTAs, which all run their own content
> filter (a
On Mon, Oct 13, 2008 at 8:44 AM, Bill Landry <[EMAIL PROTECTED]> wrote:
> Here are some stats for this past weekend comparing Pyzor to other hash
> tests:
>
> 36 CTYME_IXHASH
> 38 HOSTEUROPE_IXHASH
> 92 GENERIC_IXHASH
>129 NIXSPAM_IXHASH
>218 RAZOR2_CF_RANGE_E4_51_100
>256 P
Some common configurations of Exim are set up such that Exim does
*NOT* use the message as provided by Spamassassin. It gives SA a
*copy* of the message, then puts the SA headers from the copy into the
main message. This has the effect of ignoring any SA-modified headers,
like the subject. Notably,
I get spam like this too. I'd tell you to train your bayes db better,
but no amount of learning these things seems to have any effect for
me- the next one in just just right back at BAYES_50. Mine are also
largely from Yahoo, some from Hotmail.
One thing that bothers me is how painfully obvious th
up)
iXhash plugin
Freemail plugin
SAGrey plugin
Justin Mason's automated ruleset
If I could just get Pyzor working again now too... :)
Thanks!
Jake
On Sat, Aug 2, 2008 at 8:00 AM, Chris <[EMAIL PROTECTED]> wrote:
> On Friday 01 August 2008 10:47 pm, Jake Maul wrote:
>> Okay, g
Howdy all,
Have I gone insane or has Pyzor stopped working?
My last successful hit was yesterday ~7am GMT-7.
mail:~# cat /etc/spamassassin/.pyzor/servers
82.94.255.100:24441
---
mail:~# pyzor --homedir=/etc/spamassassin/ ping
Traceback (most recent call last):
File "/usr/bin/pyzo
Okay, got some samples online to look at:
http://66.213.231.82/spam/sample1.txt
http://66.213.231.82/spam/sample2.txt
http://66.213.231.82/spam/sample3.txt
http://66.213.231.82/spam/sample4.txt
http://66.213.231.82/spam/sample5.txt
http://66.213.231.82/spam/sample6.txt
http://66.213.231.82/spam/sa
On Fri, Aug 1, 2008 at 6:07 AM, Karsten Bräckelmann
<[EMAIL PROTECTED]> wrote:
> On Thu, 2008-07-31 at 21:58 -0700, Jake Maul wrote:
>> Greetings,
>>
>> I've recently been getting more simple drug-related spam that has no
>> real obfuscation and often d
On Fri, Aug 1, 2008 at 6:42 AM, Richard Frovarp
<[EMAIL PROTECTED]> wrote:
> Jake Maul wrote:
>>
>> Greetings,
>>
>> I've recently been getting more simple drug-related spam that has no
>> real obfuscation and often doesn't get flagged with anyth
On Fri, Aug 1, 2008 at 12:53 AM, Matus UHLAR - fantomas
<[EMAIL PROTECTED]> wrote:
> On 31.07.08 21:58, Jake Maul wrote:
>> I've recently been getting more simple drug-related spam that has no
>> real obfuscation and often doesn't get flagged with anything other
Greetings,
I've recently been getting more simple drug-related spam that has no
real obfuscation and often doesn't get flagged with anything other
than HTML_MESSAGE (0.0) and BAYES_XX (generally 50-99).
A few sample Subject lines:
Subject: Use Generik Viagra and forget about your sexual nightmar
21 matches
Mail list logo