Claudia Burman wrote:
...if the URI is not listed in www.uribl.com ?
Another message from the same domain doesn't hit the rule
uribl.com checks embedded URIs in the message, not the from domain. The
content of the two messages was obviously different. One contained a
listed URI, the
Justin Mason wrote:
have you seen this?
http://blog.vipul.net/2008/08/24/redhat-perl-what-a-tragedy/
That bug in Red Hat perl will almost definitely slow down SpamAssassin,
too, I would say. Can anyone verify?
--j.
I don't notice any difference between my RHEL 4 (not affected) and my
Greg Troxel wrote:
Sort of related, occasionally some messages on the list get so many
points that my MTA rejects them (score 10). I'd like to not do that,
since it seems rude to the list (although ezmlm seems to not really
care). I'm guessing that I need a custom rule to assign negative
Sahil Tandon wrote:
Do all the emails ask users to reply to [EMAIL PROTECTED] I notice
you're using Postfix, so it's worth setting up a quick access map that
intercepts all messages to that address and redirects them to postmaster.
You'll then have to contact those users and ask them to change
Jake Maul wrote:
Greetings,
I've recently been getting more simple drug-related spam that has no
real obfuscation and often doesn't get flagged with anything other
than HTML_MESSAGE (0.0) and BAYES_XX (generally 50-99).
A few sample Subject lines:
Subject: Use Generik Viagra and forget about
Leonardo Rodrigues Magalhães wrote:
i was checking spamassassin definition files, which are updated
daily in my site, and could find some interesting entries with
'lastexternal'.
20_dnsbl_tests.cf:header RCVD_IN_XBL
eval:check_rbl('zen-lastexternal', 'zen.spamhaus.org.',
Leonardo Rodrigues Magalhães wrote:
Hello,
Is it possible to configure SA to check only last Received address
against RBL tests ??? I would like to avoid checking ALL Received
addresses, because they can possible have DSL/cable addresses that can
be blacklisted somewhere.
I would
Kai Schaetzl wrote:
Eduardo Júnior wrote on Fri, 25 Jul 2008 08:58:25 -0300:
Peguei of the includes updates_spamassassin_org.cf and put in
/etc/spamassassin/local.cf and I made a copy of my *. cf / etc /
spamassassin to maintain consistently referenced in the path includes.
Not sure
Noel Jones wrote:
On Tue, Jul 22, 2008 at 12:00 PM, Bob McClure Jr [EMAIL PROTECTED]
mailto:[EMAIL PROTECTED] wrote:
If I may extend this OT thread, I'd like to know how draconian admins
get with their mail servers. Without considering RBLs, how much do
you limit client
Per Jessen wrote:
body PND_STOCK_PAYI /[^a-z](P[^a-z]{0,4}A[^a-z]{0,4}Y[^a-z]{0,4}I[^a-z]
Pay88)/i
(all on one line of course).
In SA3.2.5, I get the following message:
[5183] info: config: invalid regexp for rule PND_STOCK_PAYI: /[^a-z
(P[^a-z]{0,2}A[^a-z]{0,2}Y[^a-z]{0: missing or invalid
mouss wrote:
Skip wrote:
Periodically I have seen spam come in my inbox and after reviewing
the headers, I'd see that it didn't hit any of the DNS/URL BL
checks. So I left SA running in debug mode for a while and saw some
strange entries (sorry for the long post here). Fortunately, these
Yet Another Ninja wrote:
On 7/2/2008 6:05 PM, Marc Perkel wrote:
Is there an easy way to detect the registrar of a domain through DNS?
For example - can I easilly figure out if an email I'm processing is
hosted by GoDaddy or Tucows?
Here's what I'm thinking. I think there's some expensive
Marc Perkel wrote:
Matus UHLAR - fantomas wrote:
On 03.07.08 13:22, Henrik K wrote:
If lesser registrar means that it's probably ham, why couldn't someone use
that to add some negative scores or use it as a part of whitelist
trustworthiness? Even if it's handful of domains, it's useful.
Marc Perkel wrote:
Michele Neylon wrote:
On 2 Jul 2008, at 19:56, Marc Perkel wrote:
Again - it's not to figure out where spam comes from. It's figuring
out where non-spam comes from. I think there are registrars out
there that don't have any spam domains registered.
What are you
Benny Pedersen wrote:
On Fri, June 27, 2008 03:09, Jo Rhett wrote:
Personal attacks are not relevant to the topic.
hmm
AppleMail is the only mua i have seen that cant make a reply to maillist
without sending cc
you talk like its my problem right ?
is AppleMail the only option you
/spamassassin/RuleUpdates
--
Richard Frovarp
EduTech System Administrator
1-701-231-5127 or
1-800-774-1091
NGSS wrote:
Hi,
I am losing confident in SA, the training process is pretty slow or it
doesn’t seem to be learning.
I am training SA with around 30-50 manually identified spam (moving
spam mails to and spam folder created in squirrelmail and crond the
sa-train command on that folder every
Marcin Praczko wrote:
Hi,
I am not sure that I am writing to correct list, but maybe you will
help me.
On one of my server qmail has been installed, SpamAssassin and
qmail-scanner.
There is a several virtual domains, and Spam filter is working quite OK.
But I have some message
Andrew Hearn wrote:
http://pastebin.ca/961075
I've only seen one so far but apart from the 0.0 BAYES_50 (I will
learn this message), does anyone have rules that pushes this kind of
message over 5.0?
thanks!
Andrew
pts rule name description
--
Tuc at T-B-O-H.NET wrote:
Seriously...
How hard is it to setup the MX boxen to only allow 4 email addresses to pass
for that particular domain, rejecting all others in the SMTP conversation?
Unless the customer is dropping BIG DADDY $$$ with you, tell him policy
change and that he isn't losing
Michael Hutchinson wrote:
--- original message ---
From: Tony Bunce [mailto:[EMAIL PROTECTED]
Sent: Tuesday, 26 February 2008 5:54 a.m.
To: users@spamassassin.apache.org
Subject: [OT] Yahoo Deferred
Sorry for the Off Topic thread but I'm at a loss.
Marc Perkel wrote:
Mark Johnson wrote:
Marc Perkel wrote:
Because there is occasionally some server doing something very weird
you might have to open up port 25 one some specific IP who is
running something really dumb. I think I've had to do this only once
or twice. But once you open
Marc Perkel wrote:
Michael Scheidell wrote:
Didn't qmail have a problem if it hit a 'dead' primary mx server first?
Qmail has a problem if it gets a 421 on the lowest MX. But if the
lowest MX is totally dead Qmail is fine with it.
We issue tcp-reset via iptables and have never heard
Marc Perkel wrote:
Richard Frovarp wrote:
We issue tcp-reset via iptables and have never heard of any problems.
Doing this also makes connecting servers fail out quickest, instead
of waiting to timeout.
Interesting. How do you do that?
-A ports_deny -d de.st.i.p -p tcp -m tcp --dport 25
mouss wrote:
Francesco Abeni wrote:
Good morning everyone, i'm in charge of reducing SPAM at a customer
site. Already have SPAMASSASSIN, sa-update weeklyexecuted.
I'd like to implement a Bogus MX for further filtering of SPAM. I
don't know if this is the correct name, by Bogus MX i mean
mouss wrote:
Richard Frovarp wrote:
We do something like nolisting. You will lose legit mail no matter
which trick you use. So it's best if you have a method of fixing
that. Our first mx record is a real smtp server, it's just firewalled
off to most of the world. It's used as a fast lane
Bowie Bailey wrote:
I completely agree with you. I have no idea what effect our solution
is having on spam. I know that our internal mail isn't slowed down by
large influxes of spam as they can't get to the server that processes
internal mail, which was the goal of our system. I know for a
Randy Ramsdell wrote:
Randy Ramsdell wrote:
Theo Van Dinter wrote:
On Thu, Dec 13, 2007 at 11:29:21AM -0500, Randy Ramsdell wrote:
I have doing some checking of spam messages that make it through
our mail filtering systems and noticed that the spam score does not
reflect what I get when
Randal, Phil wrote:
Unfortunately, people who should know better (e.g. McAfee) do this all
the time.
There'd have to be a huge whitelist of safe URLs to make this workable.
We use MailScanner, which has this sort of phishing detection built
in, flagging suspicious links.
Cheers,
Phil
[EMAIL PROTECTED] wrote:
Hi gurus,
Recently, I've upgraded to spamassassin 3.2.0 called from amavisd-new.
I've seen that this version is more agressive, and for example it
detect as spam
a legitimate email with next score:
X-Spam-Status: Yes, score=4.884 tagged_above=-999 required=3.5
denversteve wrote:
I am running qmailrocks mail server and have not found a good answer to this
question for blocking IP instead of just processing the spam emails and
overwhelming my server.
Is there someone with a script to modify qmail-scanner-queue.pl or another
script to run /sbin/iptables
I'm pretty sure that the FAKE_HELO_LYCOS rule is hitting legit mail from
Lycos. Add that on top of the fact it is sending bogus HTML mail and it
is pushed above 5.0. Looking at the check_for_rdns_helo_mismatch code, I
do see there are debug statements in there to indicated why the rule
fired.
Qnet .. wrote:
Hi,
My Qmail server work with spamassassin + clamav. The processes Spamd
take the most part of the *load *so it 's Spamassassin crash. Do you
know any way to solve it?
Please look the attach file( top -d1 ). Thank you so munch !
jason lingnau wrote:
shalom hipsters
Running nuonce BQ machine(s) and this has been the deal with all of them.
At some point our filters drop.( currenly the case see below)...mail
still gets sent as sendmail must not wait forever to hear back from MS.
My ( newbie ) self thinks spamassassitn
Michael Scheidell wrote:
-Original Message-
From: ram [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 14, 2007 6:07 AM
To: users@spamassassin.apache.org
Subject: fake MX records
http://wiki.apache.org/spamassassin/OtherTricksthis page mentions
setting up fake MXes
Is this
John D. Hardin wrote:
On Wed, 15 Aug 2007, Richard Frovarp wrote:
Michael Scheidell wrote:
Yes, and some systems might not ever send you email (they violate
RFC's)
We've had one issue with this. ... There was on weird mailer that
is being used that doesn't try other MXs. We
Fletcher Mattox wrote:
Spamhaus has determined that my query rate is too high to continue
using their servers for free. So they have, apparently, blocked my
queries at their router, which incurs a 5 second timeout. How do I
tell SpamAssassin to stop using all spamhaus servers, including zen?
I
The author of RDJ has indicated on lists that they are no longer
maintain the script and recommend switching to sa-update.
Martin.Hepworth wrote:
Maybe obsolete for sare rules (due to ddos issues etc), but its very handy for
other peoples rulesets you want to keep up-to date..
--
Martin
Raquel wrote:
On Thu, 26 Jul 2007 10:02:21 +0100
Adam Wilbraham [EMAIL PROTECTED] wrote:
RulesDuJour is obsolete, you should use sa-update instead.
Ahhh. Is sa-update compatible with SpamAssassin 3.0.3? Some of us
are still using that version for what we feel is a good reason
Skip Brott wrote:
I ran with the --nogpg option and was able to get all the files to
download. Yay! But do I really want to run it that way?
And on that note, how does SA know where to find the .cf files in
/var/lib/spamassassin? Does it see subfolders and load the .cf files
from there?
Gene Heskett wrote:
On Friday 20 July 2007, Richard Frovarp wrote:
Skip Brott wrote:
I ran with the --nogpg option and was able to get all the files to
download. Yay! But do I really want to run it that way?
And on that note, how does SA know where to find the .cf files in
/var/lib
Gene Heskett wrote:
Also, how about /etc/mail/spamassassin/RuleDuJour? Can that copy of all this
go away also? It is not being mentioned in the --lint -D report output.
That was just a staging area for RDJ and never used by spamassassin.
Updates were downloaded there first and then
Marc Perkel wrote:
I've written a best practices guide and suggestions on how to defeat
the spam bot armies. If anyone wants to comment I'm looking for
feedback and new ideas.
http://wiki.junkemailfilter.com/index.php/How_to_put_an_end_to_Virus_Infected_Spam_Bots
You didn't listen to
Jari Fredriksson wrote:
[EMAIL PROTECTED] wrote:
If port 25 were blocked from consumers and they were forced to talk to
servers on port 587, even without authentication, then a server could
distinguish consumers from other servers. I think this kind of
configuration could be used to help
Robert - eLists wrote:
John
What stops them from submitting on port 25 is admin-ing it so that no smtp
auth is available on port 25
And, isn't port 465 designated for ssl and smtp auth ?
- rh
465 is SSL, but it isn't the port you should be using. Do TLS via 587 or
25. I can't
Marc Perkel wrote:
The idea is that you would close port 25 to consumers as part of the
solution. Actually ideally all cable modems and DSL modems should
provide NAT and have port 25 closed by default. But it should be
settable so people who are sharp can turn off the blocking. But you
Matthias Schmidt [c] wrote:
Am/On Mon, 16 Jul 2007 06:11:32 -0700 schrieb/wrote Marc Perkel:
One of the problems with SMTP in my opinion is that it allows end users
to talk on port 25 to servers and therefore can't be distinguished from
server to server traffic.
Imagine a policy where
Matus UHLAR - fantomas wrote:
On 16.07.07 10:21, Andy Jezierski wrote:
Now that the SORBS DUL has been emptied out, what are you using as a
replacement, if anything? That list used to block quite a number of spam
emails from entering my system while it was active.
NJABL dynablock or
Matt Kettler wrote:
Note: for this to work 10_default_prefs.cf MUST NOT be in your
/etc/mail/spamassassin. It belongs in /usr/share/spamassassin, as do ALL
the rulefiles that come with SA.
Or in /var/lib/spamassassin/... after running sa-update
Jeff Chan wrote:
Quoting Peter Farrell [EMAIL PROTECTED]:
Hi all.
Testing new setup:
CentOS 4.4
amavisd-new-2.5.1
SpamAssassin version 3.2.1
running on Perl version 5.8.5
+RulesDuJour
Quad proc Dell PE w/ 4 GB RAM.
Using calls to the timestamp function I've been testing this setup
over
JT DeLys wrote:
Checking where the updates SHOULD be,
ls -d
/usr/local/etc/spamassassin/Updates/3.003000/updates_spamassassin_org
returns,
/usr/local/bin/ls: cannot access
/usr/local/etc/spamassassin/Updates/3.003000/updates_spamassassin_org:
No such file or directory
Well, that's
Marc Perkel wrote:
Terry Soucy wrote:
In the testing we have done here, less than 1% of connections to our low
priority MX actually cycled around to one of the higher priority MX
systems to deliver the message. I'm still not sure if this is a growing
pattern yet, but it could be a sign of
Marc Perkel wrote:
Richard Frovarp wrote:
Marc Perkel wrote:
Terry Soucy wrote:
In the testing we have done here, less than 1% of connections to
our low
priority MX actually cycled around to one of the higher priority MX
systems to deliver the message. I'm still not sure
Susan Barnes wrote:
Greetings.
We have upgraded to SA 3.2 and yesterday I needed to quickly adjust
scores, because of messages being flagged as spam which should not.
However I was at a loss where to put these adjustments.
We use mimedefang and sa-update. So if I am right the main
Peter Pluta wrote:
Thanks, I got these.
reject_rbl_client zen.spamhaus.org
reject_rbl_client list.dsbl.org,
reject_rbl_client bl.spamcop.net,
reject_rbl_client sbl-xbl.spamhaus.org
sbl-xbl.spamhaus.org is contained within zen.spamhaus.org. Therefore you
are doing an extra,
Sujit Acharyya-Choudhury wrote:
We are using spamassassin at the gateway level with exim. Is it a good
idea to use bayes as we don't know which is ham or spam - and the users
are unlikely to give us the feed back from different system. In that
case bayes learning ability will be compromised.
You'll also probably want to join the MailScanner list as well. 1.14 is
quite old.
--[ UxBoD ]-- wrote:
Hi Jason,
Yes it will work fine. A few minor tweaks are required so nothing major.
Best thing is to join the mailwatch mailing list and introduce yourself :)
Regards,
On Mon, 4 Jun 2007
Jerry Durand wrote:
On Jun 1, 2007, at 9:48 AM, Ken A wrote:
see http://www.spamhaus.org/zen/
Quote from that page:
Do not use ZEN in filters that do any ‘deep parsing’ of Received
headers, or for other than checking IP addresses that hand off to your
mailservers.
That's assuming you
Michael Scheidell wrote:
I wish you people would stop that crap.
You are phucking up the AWL scored for users@spamassassin.apache.org
If your SA doesn't pick that up, and you want to post a spam, post it to
a web site and post a link.
If you have a problem with yahoo, fwd that copy to yahoo.
Mário Gamito wrote:
Justin Mason wrote:
Apache SpamAssassin 3.2.0 is now available! This is the official
release, and contains a significant number of changes and major
enhancements
And what are they ?
I'm not very fond of messing around with a very stable server.
I'm using 3.1.8
Regards,
Larry Ludwig wrote:
Us too. I'm sick of yahoo with their free email service allowing spam
through.
Today yahoo's network is #1 in spam:
http://www.senderbase.org/
If a wide group starts blacklisting them maybe they would get their act
together and fix the problem.
-L
The question is how
Robert Fitzpatrick wrote:
I just got a report of ham blocked with the following rules. This is a
repeated ham report for TVD_FW_GRAPHIC_ID1 and thinking of setting its
score to zero. Is there any recommendations on how to handle any of
these rules?
X-Spam-Status: Yes, score=8.692 tag=-999
Joey Davis wrote:
I am running into memory allocation problems and am not sure how to
resolve it. My question: Is it advisable to limit the number of child
processes started by spamassassin in my situation. I'm green and not
sure how to handle this.
I am on a VPS with thirty email users.
Jean-Paul Natola wrote:
Hi all,
I'm getting killed with a slew of OEM SOFTWARE spams
I'm trying to add scores to these as they are not scoring anything at all
0.0 HTML_MESSAGE BODY: HTML included in message
Not a direct indicator as spam. A ton of ham hits this rule
0.0
Emre BALCI wrote:
Hii All
My spamassasin and amavis and postfix working so
slowly and queue is growing fastly If I set enable
skip_rbl_check to 1 then computer working fastly this
problem appeared recently.There isnt connection
problem.
I guess there is dead rbl servers ?
Which rbl servers that
Jeff Chan wrote:
On Tuesday 20 February 2007 06:08, Luis Hernán Otegui wrote:
Hi, List, my users are getting increasing amounts of Mail Delivery
Subsystem mails, and I suspect spammers are using their addresses as
senders. I have my servers registered with SPF, but now I wonder how
could I
.
--
Richard Frovarp
EduTech System Administrator
1-701-231-5127 or
1-800-774-1091
Marc Perkel wrote:
Michael Scheidell wrote:
Raul Dias wrote:
On Sun, 2007-01-28 at 22:26 -0500, Michael Scheidell wrote:
Better yet, just block port 25 TO that ip address and spammers will not
even get the chance t send you spam. They just try for the highest mx
and give up.
Miles Fidelman wrote:
Mike,
I'm not sure why It is not considered acceptable to force the users
to authenticate a second time when they want to send email - we all
do that all do that all the time anyway. Pretty much all MTAs ask
clients for a username and password as part of the connection
Giampaolo Tomassoni wrote:
See: http://www.ordb.org/news/?id=38
Does SA uses it somewhere somehow by default?
Regards,
Giampaolo
Doing a grep through the rules, I don't see it anywhere. MailScanner
will use it by default. I have posted the news over on their list. Kind
of short notice.
Jason Haar wrote:
Theo Van Dinter wrote:
On Wed, Dec 13, 2006 at 03:35:30PM -0600, Mike French wrote:
Do these normally timeout or do they need to be removed from a rule? I'm
thinking they are timed out because nothing was found?
The problem is likely related to your
Kenneth Porter wrote:
On Thursday, November 30, 2006 5:01 PM -0600 Richard Frovarp
[EMAIL PROTECTED] wrote:
Kenneth Porter wrote:
--On Wednesday, November 29, 2006 5:17 PM -0600 Richard Frovarp
[EMAIL PROTECTED] wrote:
I have a few legit messages that are scoring over 5.0 due
Bret Miller wrote:
Hello, I was wondering if there is a way to write a rule for
HTML source code contained in an email. I am getting many of
these Buy This Stock emails and I am finding that the
pictures contained in them all have a portion of a line of
source that says...
src=cid:
Thanks in
Steven W. Orr wrote:
Here's the game. I host my own domain on my own machine off the cable
modem. I have maybe 6 accounts of legit users. I'm running
sendmail/spamassassin/spamass-milter to reject spam before it's
accepted. I have a problem with spam coming in that's from addresses
on my own
?
--
_
John Andersen
--
Richard Frovarp
EduTech System Administrator
1-701-231-5127 or
1-800-774-1091
I've got a FP on the TVD_FW_GRAPHIC_ID1 rule. It is a message with a
single in line image from Outlook Express.
I can't post the whole message, here are what I hope are the relevant parts:
X-Mailer: Microsoft Outlook Express 6.00.2900.2869
X-MimeOLE: Produced By Microsoft MimeOLE
Justin Mason wrote:
Richard Frovarp writes:
I am trying to go through and remove some of the DNSBL lookups that are
being performed. I have found previous posts that state just set the
meta rule to a score of 0 to disable. I have also found previous posts
that state only these evals
in the first place.
Thanks!
Richard Frovarp [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
I am trying to go through and remove some of the DNSBL lookups that are
being performed. I have found previous posts that state just set the meta
rule to a score of 0 to disable. I have
I am trying to go through and remove some of the DNSBL lookups that are
being performed. I have found previous posts that state just set the
meta rule to a score of 0 to disable. I have also found previous posts
that state only these evals are performing lookups: check_rbl,
check_rbl_txt and
Chris Santerre wrote:
Just for giggles! Keeping exact numbers out of it, here are the stats
compared to a year ago:
RBL blocks up 3 fold!
Spam caught by SA doubled.
Legit email traffic also doubled.
Whe, what a year!
Thanks,
Chris Santerre
SysAdmin and Spamfighter
Jo Rhett wrote:
Robert Swan wrote:
Guys, I don't need a lesson on what you think should be done or what you
think is the right thing to do, I just need help writing a rule. I setup
mail servers all the time and I always make sure the: Mail server
broadcast name, the 'A' record and the PTR all
But I specifically mentioned RBL checks. Those can take a while.
Things
like Razor2, Pyzor, and dcc checks can take a good while, too. I have
Razor2 and Pyzor timeouts set to 30 seconds. And sometimes they really
need that, too.
I have all of those, all of the default RBLS and 12 RBLs
Jo Rhett wrote:
Richard Frovarp wrote:
This is partially a function of scale. Machines that handle large
numbers of messages probably don't want to hold the SMTP connection
open while the scanning takes place, even if scan time is 9 seconds.
Of course these users are possibly using
unreachables
from our replies to them)
Richard Frovarp wrote:
Large array of mail servers? What does that mean exactly? We have a
small number of machines that scan mail and pass it on to a slightly
larger number of mail storage machines. However, each of our scanning
machines handles 150,000
Robert Swan wrote:
OK the rule to block an unknown or a mail server without a PTR works
great:
*header LOCAL_INVALID_PTR2 Received =~ /from \S+ \(unknown /*
*score LOCAL_INVALID_PTR2 2*
*describe LOCAL_INVALID_PTR2 Header contains no PTR2*
Now how can I make a
85 matches
Mail list logo