, Yves Goergen wrote:
Hello,
Today SpamAssassin started failing on my server system. I could
observe the following:
* There are 5 processes named "spamd child" with very high (100%) CPU
usage
This could be the style gibberish rule hanging. There's another thread
here about that. You n
running on Perl 5.22.1
with SSL support (IO::Socket::SSL 2.024)
with zlib support (Compress::Zlib 2.068)
The system runs Ubuntu 16.04 x64.
I have never seen this behaviour before. As it is now, the spam filter
is making my mail service very unreliable for incoming mail. What can I
do to fix th
No I can't because it's a locked system. I'd need an account for that.
And I'm not going to register just for saving another admin's system. So
either stackexchange admins repair their entry themselves, or the
blacklist operator needs a review.
-Yves
to keep anything unknown away from me and only put in my
inbox what I already know.
-Yves
Von: Reindl Harald
Gesendet: Sa, 2018-07-28 21:23 +0200
Am 28.07.2018 um 21:20 schrieb Yves Goergen:
I've received a notification e-mail from stackexchange.com
because stackexchange is a service I
use often and it never sent my anything unexpected.
So what is the reason for this host being listed?
-Yves
Von: RW
Gesendet: Sa, 2018-07-28 21:35 +0200
On Sat, 28 Jul 2018 21:20:49 +0200
Yves Goergen wrote:
Hello
Hello,
I've received a notification e-mail from stackexchange.com
(stackoverflow.com) with a high spam score. It has this line in its report:
5.7 URIBL_BLACKContains an URL listed in the URIBL blacklist
[URIs: stackexchange.com]
I guess that's not
Hello,
I received a message from a friend today and it was rated this, among
others:
> 2.5 FROM_WORDY From address looks like a sentence
I have no idea what the author of this rule considers a sentence, but
that line looks like it always looked, with the well-known legitimate
with everything else they don't need anymore.
Yves Goergen
http://unclassified.software
Von: Bill Cole
Gesendet: Sa, 2016-03-26 05:56 +0100
On 24 Mar 2016, at 13:50, Yves Goergen wrote:
Hello,
I'm getting more and more spam every day and SpamAssassin can't handle
and rejects a message every
now and then as a result. So Exim and clamav are connected. It's just
that Sanesecurity doesn't seem to catch anything.
Yves Goergen
http://unclassified.software
Von: Bowie Bailey
Gesendet: Do, 2016-03-24 20:05 +0100
On 3/24
-recommended sanesecurity data which
is included in clamav-unofficial-sigs doesn't help at all. I can't see
any difference between before and after its installation.
Yves Goergen
http://unclassified.software
Von: Reindl Harald
Gesendet: Do, 2016-03-24 19:06
t want to fiddle around with
databases and such for days in a running system.
Yves Goergen
http://unclassified.software
Am 25.02.2015 um 20:42 schrieb Bill Cole:
On 24 Feb 2015, at 17:06, Yves Goergen wrote:
I can't block all archives with executable files in them.
Then in all seriousness: why bother filtering email specifically for
malware?
Email is an inherently untrustworthy transport medium. Any sort
at all. It is just an additional
effort to keep unwanted e-mails away, just like the spam filter. Nobody
claimed that there is any guarantee associated with it, not even for
false rejects. Considering what still passes the filters this should
quickly become obvious.
--
Yves Goergen
http
-mails.
--
Yves Goergen
http://unclassified.software
,
many domains, etc?
It's the mail server for a small web hosting service with multiple
domains and users. I don't know whether any of them wishes to receive
Polish messages.
--
Yves Goergen
http://unclassified.software
. Unfortunately I'm not an SA wizard so I can't make new
rules for such things.
--
Yves Goergen
http://unclassified.software
Am 24.02.2015 um 18:39 schrieb Jeremy McSpadden:
Usually scores are 6 low 10 high. Are you running any RBLs ?
I have the default settings plus the attached custom configuration.
There are several RBLs among them.
--
Yves Goergen
http://unclassified.software
# BAYES
WWW-Server
[2.50.6.22 listed in dnsbl.sorbs.net]
0.0 FREEMAIL_FORGED_FROMDOMAIN 2nd level domains in From and EnvelopeFrom
freemail headers are different
1.0 XPRIO Has X-Priority header
--
Yves Goergen
http
*4
zen.spamhaus.org=127.0.0.2*3
These are evil...
--
Yves Goergen
http://unclassified.software
Am 24.02.2015 um 22:00 schrieb Axb:
On 02/24/2015 09:28 PM, Yves Goergen wrote:
https://drive.google.com/file/d/0B8CN0ghdY1SdSzBqdkswRUdOb0U/view
ZIP password: spam
(Google thinks there's a virus in it so I needed to encrypt it.)
didn't need a password to extract but... whatever format those
blocks all .exe in .zip without actually scanning the
contents, they're going to complain.
--
Yves Goergen
http://unclassified.software
On 14.07.2011 08:13 CE(S)T, Yves Goergen wrote:
On 12.07.2011 10:39 CE(S)T, Kārlis Repsons wrote:
There is the other thread about some patching for IPv6, but could someone
post
the current status with this problem or some idea what should be done for
now
better than just not loading
patches again. I have enabled
it again since then. But I don't have real statistics about it yet.
--
Yves Goergen LonelyPixel nospam.l...@unclassified.de
Visit my web laboratory at http://beta.unclassified.de
On 30.06.2011 13:06 CE(S)T, Matthew Newton wrote:
On Wed, Jun 29, 2011 at 09:59:52PM +0200, Yves Goergen wrote:
Received: from sp***ck.di***ie.com ([2001:***::40])
by do***rd.de with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
(Exim 4.71)
(envelope-from L***e@Di***ie.com)
id
didn't catch it. Maybe there was a DNS configuration problem
with the first one's server?
Is somebody else interested in testing this Botnet version and have me
sending a message to him?
--
Yves Goergen LonelyPixel nospam.l...@unclassified.de
Visit my web laboratory at http://beta.unclassified.de
not be
caught by Botnet...)
Is this fix supposed to avoid IPv6 false positives only, or also to do
its job in detecting IPv6 bots correctly?
--
Yves Goergen LonelyPixel nospam.l...@unclassified.de
Visit my web laboratory at http://beta.unclassified.de
On 29.06.2011 21:03 CE(S)T, Yves Goergen wrote:
Could somebody please just send me a message from an IPv6
mail server to my address? (Preferably from a host that should not be
caught by Botnet...)
Here's a mail I just received: (thank you to the sender)
Received: from sp***ck.di***ie.com
10.4 Server x64 with SpamAssassin 3.3.1-1.
--
Yves Goergen LonelyPixel nospam.l...@unclassified.de
Visit my web laboratory at http://beta.unclassified.de
myself
and asked for a fix on this list on 2010-09-20 but received no helpful
reply. I couldn't fix it myself because I'm not familiar with Perl. I'll
give this patch I try now. I had Botnet disabled since then.
--
Yves Goergen LonelyPixel nospam.l...@unclassified.de
Visit my web laboratory at http
which the sender submitted his message.
--
Yves Goergen LonelyPixel nospam.l...@unclassified.de
Visit my web laboratory at http://beta.unclassified.de
On 20.09.2010 20:03 CE(S)T, Yves Goergen wrote:
I'm currently testing a rather simple fix: I've added the following line
to Botnet.cf to ignore anything from IPv6 (hope it works):
botnet_skip_ip :
It doesn't seem to work. I received an e-mail via IPv6 that was sent to
the other MTA from
a rather simple fix: I've added the following line
to Botnet.cf to ignore anything from IPv6 (hope it works):
botnet_skip_ip :
Can anybody assist me with this issue?
[1]
http://www.mail-archive.com/users@spamassassin.apache.org/msg70589.html
(and other copies)
--
Yves Goergen LonelyPixel nospam.l
complicated job. I'm also considering setting up
the entire machine anew on Ubuntu basis and only use platform packages
but that's not something I can do in the near future.
--
Yves Goergen LonelyPixel nospam.l...@unclassified.de
Visit my web laboratory at http://beta.unclassified.de
days. And still some spam is passing the filter (though most
should be catched).
What do I need to do more than declaring the channel in sa-update for it
to be used?
--
Yves Goergen LonelyPixel nospam.l...@unclassified.de
Visit my web laboratory at http://beta.unclassified.de
spamd. I saw
that it did in my syslog report. This usually applied my local
configuration changes. It just doesn't seem to apply this.
Or maybe the new rules don't catch a thing for me? How could I test that?
--
Yves Goergen LonelyPixel nospam.l...@unclassified.de
Visit my web laboratory at http
just disable the GPG verification feature or is there another
solution? Can somebody provide me with the necessary steps to get this
to work? The official documentation doesn't help me.
This is the channel URL: 70_zmi_german.cf.zmi.sa-update.dostech.net
--
Yves Goergen LonelyPixel nospam.l
--channel 70_zmi_german.cf.zmi.sa-update.dostech.net
--gpgkeyfile /path/to/your_channel_keyfile.chan
Thanks, that worked. sa-update doesn't seem to know what keys to use on
its own.
--
Yves Goergen LonelyPixel nospam.l...@unclassified.de
Visit my web laboratory at http://beta.unclassified.de
On 24.07.2008 22:33 CE(S)T, Yves Goergen wrote:
I'm forwarding this issue to the Hetzner support team now. It seems that
some other customers have the same problem.
I had to keep telling them that it's their fault or at least not mine,
they finally confirmed me that one node in their load
see what will happen.
--
Yves Goergen LonelyPixel [EMAIL PROTECTED]
Visit my web laboratory at http://beta.unclassified.de
/113366
--
Yves Goergen LonelyPixel [EMAIL PROTECTED]
Visit my web laboratory at http://beta.unclassified.de
the case. And if, I know some other DNS servers
to set in the configuration for awhile.
I'm forwarding this issue to the Hetzner support team now. It seems that
some other customers have the same problem.
--
Yves Goergen LonelyPixel [EMAIL PROTECTED]
Visit my web laboratory at http
. I'm currently
in the process of preparing the upgrade, but it will take some time.
--
Yves Goergen LonelyPixel [EMAIL PROTECTED]
Visit my web laboratory at http://beta.unclassified.de
On 23.07.2008 19:28 CE(S)T, jdow wrote:
Since you are experiencing a DNS problem and there is an exploit
for the Kaminsky DNS bug that was fixed in a massive multi-vendor
roll out, are you patched or are you sure you are not getting your
DNS spoofed?
I'm not running a DNS server.
--
Yves
Jul 22 19:53:07 2008
;; MSG SIZE rcvd: 49
I don't know what this output means, as it looks all like commented out.
Does it say anything at all?
--
Yves Goergen LonelyPixel [EMAIL PROTECTED]
Visit my web laboratory at http://beta.unclassified.de
that tell us? It's broken for 3 weeks now and it doesn't come
from my domain.
--
Yves Goergen LonelyPixel [EMAIL PROTECTED]
Visit my web laboratory at http://beta.unclassified.de
Thank you for the explanation of the output.
Basically it says the same as the host command before, if I understand
this right, and doesn't explain the observed SA behaviour.
--
Yves Goergen LonelyPixel [EMAIL PROTECTED]
Visit my web laboratory at http://beta.unclassified.de
, with Thunderbird in mbox format (on
Windows).
--
Yves Goergen LonelyPixel [EMAIL PROTECTED]
Visit my web laboratory at http://beta.unclassified.de
. The IP addresses are:
# cat /etc/resolv.conf
nameserver 213.133.100.100
nameserver 213.133.99.99
nameserver 213.133.98.98
nameserver 213.133.98.97
--
Yves Goergen LonelyPixel [EMAIL PROTECTED]
Visit my web laboratory at http://beta.unclassified.de
and see a lot messages with 20+ points in my filter log.
--
Yves Goergen LonelyPixel [EMAIL PROTECTED]
Visit my web laboratory at http://beta.unclassified.de
that is completely wrong?
--
Yves Goergen LonelyPixel [EMAIL PROTECTED]
Visit my web laboratory at http://beta.unclassified.de
services.
--
Yves Goergen LonelyPixel [EMAIL PROTECTED]
Visit my web laboratory at http://beta.unclassified.de
points on and deny anything from a
higher score that is defined per incoming mail address.
--
Yves Goergen LonelyPixel [EMAIL PROTECTED]
Visit my web laboratory at http://beta.unclassified.de
On 20.07.2008 20:21 CE(S)T, Karsten Bräckelmann wrote:
On Sun, 2008-07-20 at 20:07 +0200, Yves Goergen wrote:
On 20.07.2008 16:39 CE(S)T, Karsten Bräckelmann wrote:
Bad DNS response? That probably would explain why the domain ended up on
RED, GRAY and BLACK. See above. Do you see hits like
On 20.07.2008 20:54 CE(S)T, Duane Hill wrote:
smtpgate# host 2.0.0.127.zen.spamhaus.org
2.0.0.127.zen.spamhaus.org has address 127.0.0.10
2.0.0.127.zen.spamhaus.org has address 127.0.0.4
2.0.0.127.zen.spamhaus.org has address 127.0.0.2
Same here, for whatever it's worth.
--
Yves
/Mail/SpamAssassin/AsyncLoop.pm line 172, GEN501
line 31.
Jun 6 13:46:08 mond spamd[16931]: )
Jun 6 13:46:08 mond spamd[16931]: (oops, no id at
/usr/local/share/perl/5.8.4/Mail/SpamAssassin/AsyncLoop.pm line 172, GEN501
line 31.
Jun 6 13:46:08 mond spamd[16931]: )
--
Yves Goergen LonelyPixel
On 09.04.2008 17:13 CE(S)T, Yves Goergen wrote:
On 09.04.2008 12:41 CE(S)T, Justin Mason wrote:
Yves Goergen writes:
I keep getting this error since I installed SpamAssassin 3.2.4 on my
Debian 3.1 Linux machine:
Apr 9 11:52:20 mond spamd[2087]: Exception: incomplete data at
/usr/local/lib
/share/perl/5.8.4/Mail/SpamAssassin/DnsResolver.pm line 419
It happens once a day on average. Is this error remotely caused or can I
do something against it?
--
Yves Goergen LonelyPixel [EMAIL PROTECTED]
Visit my web laboratory at http://beta.unclassified.de
On 09.04.2008 12:41 CE(S)T, Justin Mason wrote:
Yves Goergen writes:
I keep getting this error since I installed SpamAssassin 3.2.4 on my
Debian 3.1 Linux machine:
Apr 9 11:52:20 mond spamd[2087]: Exception: incomplete data at
/usr/local/lib/perl/5.8.4/Net/DNS/RR.pm line 513, GEN770 line
see
is that web folder with the tarballs, latest from Nov 2007 or so.
How can I enable it in SA 3.2.4? Do I still need to get that 3rd party
file and install it? Is there a status/news website anywhere?
--
Yves Goergen LonelyPixel [EMAIL PROTECTED]
Visit my web laboratory at http
On 06.04.2008 03:26 CE(S)T, Matt Kettler wrote:
Yves Goergen wrote:
Just remember to su to that user when running sa-learn.
This is getting a problem now! My spamd user has no access on the
mailbox directories from which I am usually learning. What's the
proposed solution for that?
The new
On 06.04.2008 03:26 CE(S)T, Matt Kettler wrote:
The new fangled way would be to use spamc for learning instead of
sa-learn.
And yes, it's a lot faster I believe.
--
Yves Goergen LonelyPixel [EMAIL PROTECTED]
Visit my web laboratory at http://beta.unclassified.de
/local.
Switching from CPAN to the tarball, I wasn't sure if this would change.
--
Yves Goergen LonelyPixel [EMAIL PROTECTED]
Visit my web laboratory at http://beta.unclassified.de
? I mean, it can only reject it by policy or let it pass. There's
nothing to tell about the actual message contents, is there?
--
Yves Goergen LonelyPixel [EMAIL PROTECTED]
Visit my web laboratory at http://beta.unclassified.de
it again where I can. This SA was installed from the tarball.
The /root/.spamassassin directory was created automatically then.
So if it doesn't work out of the box, what can I do next?
--
Yves Goergen LonelyPixel [EMAIL PROTECTED]
Visit my web laboratory at http://beta.unclassified.de
(running SA 3.1.8 with sa-update from time to time), is it
simply Hotmail-bashing or should I disable it for other reasons?
--
Yves Goergen LonelyPixel [EMAIL PROTECTED]
Visit my web laboratory at http://beta.unclassified.de
On 04.02.2008 13:15 CE(S)T, Matt Kettler wrote:
Well, 3.1.8 is, by definition, outdated.. As for that rule, well, it no
longer exists, and has been replaced by FORGED_HOTMAIL_RCVD2 in the
3.2.x family.
Good, so I'll just disable it until I manage to do the SA upgrade.
--
Yves Goergen
but it
doesn't seem to be fixed until that version. Maybe it's still in the
latest one... This is only for your information. I have now configured
logcheck to ignore those messages, I don't care about them. I hope it
doesn't break spam analysis...
--
Yves Goergen LonelyPixel [EMAIL PROTECTED]
Visit
of the message alone, without any headers that I can also
check otherwise?
Using SA 3.1.8 on Linux.
--
Yves Goergen LonelyPixel [EMAIL PROTECTED]
Visit my web laboratory at http://beta.unclassified.de
On 12.07.2007 18:47 CE(S)T, Theo Van Dinter wrote:
On Thu, Jul 12, 2007 at 06:11:55PM +0200, Yves Goergen wrote:
is always prepended, I can't do that. Is there a way to get the text or
html parts of the message alone, without any headers that I can also
check otherwise?
rawbody.
Hm
to that. Also I believe
rules that fire on various amounts of body text.
Okay, and what about an HTML part like this:
html
head
some garbage here
/head
bodypnbsp;/p/body
/html
I consider this empty, but ^$ does not. Any suggestions?
--
Yves Goergen LonelyPixel [EMAIL PROTECTED]
Visit my web
.
Is that a problem?
--
Yves Goergen LonelyPixel [EMAIL PROTECTED]
Visit my web laboratory at http://beta.unclassified.de
On 27.01.2007 14:01 CE(S)T, Dan Barker wrote:
I don't understand the use of an invalid IP address.
Wasn't that just a funny example? Use 1.2.3.4 instead if you feel
better then. :) Though it could be that 1.2.3.4 must resolve to your
machine then, I'm not sure.
--
Yves Goergen LonelyPixel
a bunch of files in the given
directory, so I think it actually did something useful.)
--
Yves Goergen LonelyPixel [EMAIL PROTECTED]
Visit my web laboratory at http://beta.unclassified.de
On 18.12.2006 18:04 CE(S)T, Theo Van Dinter wrote:
On Mon, Dec 18, 2006 at 06:01:38PM +0100, Yves Goergen wrote:
BTW, to make the update work on a default SA installation, you need to
specify a different path:
# sa-update --updatedir /usr/local/share/spamassassin
Is that by intent
On 31.10.2006 17:42 CE(S)T, Theo Van Dinter wrote:
On Tue, Oct 31, 2006 at 11:56:35AM +0100, Yves Goergen wrote:
I've installed SpamAssassin 3.1.6 on Debian Linux 3.1. Is there a way to
get rid of this error message?
The whole message follows:
Oct 31 10:53:06 mond spamd[19424]: Day '31' out
Hello,
does anybody know when there'll be an update to the ImageInfo plug-in so
that it can detect that new animated images stuff? I keep getting more
of them and none is detected, whereas they have been detected formerly.
--
Yves Goergen LonelyPixel [EMAIL PROTECTED]
http
On 26.08.2006 10:18 CE(S)T, John Andersen wrote:
On Saturday 26 August 2006 00:12, Yves Goergen wrote:
Hello,
does anybody know when there'll be an update to the ImageInfo plug-in so
that it can detect that new animated images stuff? I keep getting more
of them and none is detected, whereas
but that seems to be the price of a
clean mailbox. I don't know so many bad words in English to express what
I feel about that spam (maybe that's better) but I'm really fed up with it!
--
Yves Goergen LonelyPixel [EMAIL PROTECTED]
http://beta.unclassified.de – My web laboratory.
Hello,
I found this syslog entry a few times recently:
Jul 16 23:02:25 mond spamd[4500]: Minute '60' out of range 0..59 at
/usr/local/share/perl/5.8.4/Mail/SpamAssassin/Util.pm line 429
What does this mean?
Using SA 3.1.1 on Debian Linux 3.1.
--
Yves Goergen LonelyPixel [EMAIL PROTECTED]
http
On 21.06.2006 03:22 CE(S)T, jdow wrote:
SARE and SpamAssassin
plus the BLs have not let a ONE of either of those through yet this
year.
Can you please explain me, what exact rules you added from SARE? I
cannot find anything usable there.
--
Yves Goergen LonelyPixel [EMAIL PROTECTED]
http
On 19.06.2006 18:26 CE(S)T, Chris Santerre wrote:
Why not just use black.uribl.com ? It lists PHISHes.
Trying this out now.
--
Yves Goergen LonelyPixel [EMAIL PROTECTED]
http://beta.unclassified.de – My web laboratory.
On 18.06.2006 04:29 CE(S)T, Theo Van Dinter wrote:
Actually that is a rule already in 3.1 (HTTPS_IP_MISMATCH) (anchor text
has to be https w/ some http href which is an IP).
Well, if it really is, it doesn't work.
--
Yves Goergen LonelyPixel [EMAIL PROTECTED]
http://beta.unclassified.de – My
misses to do things like that is a 'rawbody' match that uses the entire
message, not only single lines. Content can be arbitrary split over many
lines so that any 'rawbody' rule can become useless pretty fast. :(
--
Yves Goergen LonelyPixel [EMAIL PROTECTED]
http://beta.unclassified.de – My web
. (See the line-by-line
problem with 'rawbody' and encoding problems with 'full'.)
--
Yves Goergen LonelyPixel [EMAIL PROTECTED]
http://beta.unclassified.de – My web laboratory.
understand Perl very well, and this specific function is way too
complex for me. Also I don't know where to add my own Perl functions.
The documentation doesn't tell me.
--
Yves Goergen LonelyPixel [EMAIL PROTECTED]
http://beta.unclassified.de – My web laboratory.
with non-standard configuration, this is
all too hacky to me. I'm looking for a way to do that with SpamAssassin
directly.
--
Yves Goergen LonelyPixel [EMAIL PROTECTED]
http://beta.unclassified.de – My web laboratory.
86 matches
Mail list logo