Re: Dinged for .Date

Hi, On Mon, Jan 15, 2024 at 05:06:11PM -0800, Cabel Sasser wrote: > If you believe every new gTLD is garbage (and I get that!), why isn’t > SpamAssassin automatically dinging, say, 1,200+ of them? I have to second the advice to send email from a different domain. It's just going to be the case

Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)

Hello, On Wed, Jan 03, 2024 at 01:24:02PM -0600, Thomas Cameron via users wrote: > On 1/2/24 17:51, Andy Smith wrote: > > - Have your users collect their your-org email by some means other > >than SMTP, such as running an IMAP server and having them view > >bot

Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)

Hi Thomas, On Tue, Jan 02, 2024 at 04:24:37PM -0600, Thomas Cameron via users wrote: > I built email servers for a non-profit I volunteer for. If email comes into > the server for presid...@myassociation.org, I would normally just create an > alias in /etc/aliases so that emails to president@ get

Re: Correct way to allowlist an IP from DNSBL checks when it's not the final Received?

Hello, On Sat, Sep 30, 2023 at 11:52:13AM -0400, Jared Hall wrote: > On 9/29/2023 10:59 AM, Andy Smith wrote: > > 3.4.2. I know, it's ancient. An upgrade is planned but I'd still > > like to know what the behaviour is. I understand if no one wants to > > help and if

Re: Correct way to allowlist an IP from DNSBL checks when it's not the final Received?

Hello, On Thu, Sep 28, 2023 at 09:08:30PM -0400, Jared Hall wrote: > 1) Are you using native SA or the spamhaus-dqs plugin? Just native SA in spamd mode. > 2) What version of SpamAssassin? 3.4.2. I know, it's ancient. An upgrade is planned but I'd still like to know what the behaviour is. I

Re: Correct way to allowlist an IP from DNSBL checks when it's not the final Received?

Hello, On Thu, Sep 28, 2023 at 06:48:54AM -0400, Jared Hall wrote: > Do you mind if I redirect the below back onto the spamassassin list > and respond to it there? Well I was going to do that, but fair enough! > On Thu, Sep 28, 2023 at 12:02:47AM -0400, Jared Hall wrote: > > SpamAssassin

Correct way to allowlist an IP from DNSBL checks when it's not the final Received?

Hi, The IP address of a supplier is currently listed by Spamhaus SBL-CSS. This is not directly causing me to reject their emails, because they are actually sending out through Mimecast. However, SpamAssassin is finding that IP in the headers as the Received line *before* Mimecast's, i.e. their

Re: new rule for kam :)

Hi, On Wed, Aug 23, 2023 at 06:14:45PM -0700, John Hardin wrote: > On Wed, 23 Aug 2023, Andy Smith wrote: > > On Wed, Aug 23, 2023 at 03:24:22PM +0200, Benny Pedersen wrote: > > > # test for empty src="" or empty href="" > > > rawbody __HREF_E

Re: new rule for kam :)

Hello, On Wed, Aug 23, 2023 at 03:24:22PM +0200, Benny Pedersen wrote: > # test for empty src="" or empty href="" > rawbody __HREF_EMPTY /href=\"\"/ > rawbody __SRC_EMPTY /src=\"\"/ I checked this against about 80k of my recent personal emails and it matched quite a lot of previously not found

Re: Discord used to share malware

I received one today as well. First time I have seen this type. It was a pretty well drawn thread overall, they are stepping it up From: Alan Sent: Monday, July 26, 2021 10:56:29 AM To: users@spamassassin.apache.org Subject: Discord used to share malware

Re: ip2location.com

Hi Benny, On Thu, Jan 28, 2021 at 03:06:12PM +0100, Benny Pedersen wrote: > https://lite.ip2location.com/database/ip-asn > > is it possible to use it in spamassassin ? SpamAssassin already has an IP to ASN plugin:

Re: The most efficient SPAM implementation ever

Hello, On Sun, Oct 11, 2020 at 10:20:32AM -0500, Ramon F Herrera wrote: > On 10/11/2020 10:07 AM, Marc Roos wrote: > >Now you can decide to reject email coming from (the whole of) sendgrid. > > I am the one who is a client of sendgrid. Are you aware that you've posted this to a list where it is

Re: mark emails as being spam originating from an ip range owner

Hello, On Tue, Sep 29, 2020 at 10:49:36AM +0200, Marc Roos wrote: > How can I mark emails as being spam originating from an ip range owned > by xserver.ua? > > % Abuse contact for '176.103.48.0 - 176.103.63.255' is I' not sure if blacklist_from accepts IP addresses or CIDR ranges, but if it

Re: Thanks to Guardian Digital & LinuxSecurity for the nice post about SpamAssassin's upcoming change

Maybelist? Neutrallist? Pcbalancedlist? Sent via the Samsung Galaxy, powered by Cricket Wireless Original message From: Olivier Date: 7/22/20 7:38 PM (GMT-08:00) To: users@spamassassin.apache.org Subject: Re: Thanks to Guardian Digital & LinuxSecurity for the nice post

RE: IMPORTANT NOTICE FOR PEOPLE RUNNING TRUNK re: [Bug 7826] Improve language around whitelist/blacklist and master/slave

The technical merit is simple, it's not broken, don't fix it. There is no technical merit to be achieved here. I feel that a lot of the argument here is just that. The is merely a moral merit. I think these types of changes should be used for new projects, but for existing projects like SA

SendGrid (Was: Re: Freshdesk (again))

Hello, On Fri, Jun 26, 2020 at 07:32:09PM -0600, Grant Taylor wrote: > I've got to say, between NANOG, SDLU, and SpamAssassin, I see a LOT of > complaints about Sendgrid. Also mailop. Have personally received phishing mails through SendGrid in the last 2 weeks in the name of citrix.com,

ASN plugin matches IPv6 addresses against IPv4 DNS lists

Hi, I'm subscribed to this long-standing bug and saw it had an update today basically saying that it's still broken in 3.4.2: https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7211 And I agree, it is still broken in 3.4.2. An IPv6 address will be looked up in a DNS list that contains IPv4

Re: Scans and Invoice spam containg HREF to something bad

This has literally just come through to me, zero BAYES and got passed my custom rule as the HREF URL has changed: https://pastebin.com/pBfhXd6B thanks, Andy. On 19-06-2018 17:33, Kevin A. McGrail wrote: > Well you are welcome to send me new Spamples to look at. As I noted, I've > never

Re: Scans and Invoice spam containg HREF to something bad

Hi Kevin, I'm not really getting any joy with the RBLs. I have, for example, a sample from the 14th and, taking away my custom rule, Bayes and KAM scores, the default score would be "0" :( Content here: https://pastebin.com/dthDn8yb thanks, Andy. On 19-06-2018 17:12, Kevin A. McGrail

Re: Scans and Invoice spam containg HREF to something bad

Hi Kevin, No I wasn't. I just added it, I get a lot of errors like "meta test KAM_WARRANTY3 has dependency 'CBJ_GiveMeABreak' with a zero score", is this normal? Testing despite these errors the only rule I'm getting a hit on from KAM is JMQ_SPF_NEUTRAL_ALL thanks, Andy. On 19-06-2018

Scans and Invoice spam containg HREF to something bad

Hi all, the last week or so we are having a lot of problems with emails either with subjects like "New Approach Contractors Ltd wants to share Scan" or "Invoice INV-03056 from Encompass Environmental Ltd" which contian an HREF to see your "scan" or "invoice" at a URL ending /share or

Off-Topic, any spamhaus people here?

I know this is way off topic, but I'm trying to get ahold of any spamhaus.org support members.

Re: How to view bayesian database in legible text

I could be absolutely wrong but isn't bayes a hash of the string parts which is part of the performance of bayes? From: Emanuel Sent: Thursday, November 9, 2017 8:15 AM To: users@spamassassin.apache.org Subject: How to view bayesian

RE: Looking for assist on a rule

@spamassassin.apache.org Subject: Re: Looking for assist on a rule On 11/1/2017 2:39 PM, Gary Smith wrote: > We have recently seen a huge uptick in spam from a bunch of different TLD's. > Bayes has been a little whacky with them as well. Our install is 3.3.1 > (we're going to be replacin

Looking for assist on a rule

We have recently seen a huge uptick in spam from a bunch of different TLD's. Bayes has been a little whacky with them as well. Our install is 3.3.1 (we're going to be replacing it soon). I'm looking to implement a rule that will assign a higher score to specific TLD's. I tried the rule

Re: sa-compile

>> 1) After compiling, my compiled ruleset is stored in >> /var/lib/spamassassin/compiled/5.014/3.004001. Do I now need to >> remove my rules from /etc/mail/spamassassin/ > > You don't need to remove anything. > > The stock rules aren't stored there anyway, it's just local rules. Ahh, I think

sa-compile

Hello list, I'm playing around with sa-compile in an attempt to improve performance, but I have a couple of questions that I can't find answered in the online docs. 1) After compiling, my compiled ruleset is stored in /var/lib/spamassassin/compiled/5.014/3.004001. Do I now need to remove my

Re: what is triggering NO_DNS_FOR_FROM

Thanks all who replied to my question, sorry for the late reply. It seems this was a temporary error on the senders DNS servers (I assume as I've only seen this issue on their email). Rerunning spamassassin on the same message now doesn't trigger NO_DNS_FOR_FROM. Thanks Matus, yes I know the

what is triggering NO_DNS_FOR_FROM

Hi all, I have a some genuine emails getting marked with NO_DNS_FOR_FROM from one particular domain and I'd like to know exactly why. I've had a dig in the Spamassasin Dns.pm but I can't work out exactly what process_dnsbl_result is doing. What exactly does it check WRT MX and A records? I

ASN plugin and IPv6 addresses

Hi, I'm using version 3.4.0 on Debian stable. I noticed that when presented with some IPv6 addresses, the ASN plugin is actually querying them as an IPv4 address e.g. turning 2600:… into 2.0.0.0 and coming back with the wrong ASN. This appears to already be documented in the bugzilla:

RDNS_NONE always being triggered

Hi, I'm using Spamassassin 3.4.1 on FreeBSD 9.3, called via a pipe from Exim. Today I created a meta rule to give additional points to FREEMAIL where also there is no RDNS. What I've noticed is that many emails are triggering RDNS_NONE when I don't think they should. DNS lookups are working

Re: RDNS_NONE always being triggered

On Jan 4, 2016, 3:42 AM, rwmaillists at googlemail wrote: > No look-up is done. RDNS_NONE tests whether rdns is recorded in the > received header. You need either to turn it on or turn the rule off. Hi, Thanks for the reply. Ok so I assume you mean its a header that has to haven been put in

Re: RDNS_NONE always being triggered

On 2016-01-04 14:31, Kevin A. McGrail wrote: > I'm guessing this might be the trick you need: > https://www.ssisg.com/galaxy/knowledgebase.php?action=displayarticle=24 Thanks Kevin, I'd taken a look at this already but I'd misunderstood the original reply, I thought I was looking for

RE: Spamassasin not as effective anymore

From: Mark London [mailto:m...@psfc.mit.edu] Sent: Monday, September 29, 2014 2:59 PM To: users@spamassassin.apache.org Subject: Re: Spamassasin not as effective anymore On 9/29/2014 12:58 PM, Mark London wrote: On 9/29/2014 4:21 AM,

bayes: no dbs present, cannot tie DB R/O - Amavis-new

=...' to confirm that the files aren't corrupt. In the spamasssin config files I have: bayes_path = /var/lib/amavis/.spamassassin/bayes All seems ok, yes? I Thanks, Peter Smith

Re: Big problems with senders who use Microsoft Bigfish (a.k.a. FrontBridge)

In the future, if you're not prepared to show the actual problem with their actual data, please don't waste our time. You know that's the sort of thing I hate about the Open Source community, the big ego trips by the crusty old dudes who've been around forever and enjoy giving the

Re: Big problems with senders who use Microsoft Bigfish (a.k.a. FrontBridge)

Yes, I have checked on the real Zen lists and the real IP is there. Then your checking software is broken.  None of the Spamhaus lists ever include anything in 10/8. John, the big hint was in the word *REAL IP*... as I said hundreds of times subsequently to the initial post, I stupidly

Big problems with senders who use Microsoft Bigfish (a.k.a. FrontBridge)

Hi, SpamAssassin version 3.3.2   running on Perl version 5.14.2 3.2.0-49-generic #75-Ubuntu SMP Tue Jun 18 17:39:32 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux   (ubuntu 12.04LTS) I'm having some major problems at the moment with people who send mail via their corporate email platforms hosted on

Re: Big problems with senders who use Microsoft Bigfish (a.k.a. FrontBridge)

  10.X is a private network.  Why is Zen listing it ? Becasuse I masked the first two octets to protect the innocent.  ;-) Have you checked that IP on the real Zen listing and not on your cached server? Yes, I have checked on the real Zen lists and the real IP is there.

Re: Big problems with senders who use Microsoft Bigfish (a.k.a. FrontBridge)

Hi Kevin (and the entire list), Many many many apologies for not making it clear that I masked the affected IP.  I don't really want to post it in public for all and sundry.  Happy to give people the REAL headers off-list.   Nigel 

Re: Big problems with senders who use Microsoft Bigfish (a.k.a. FrontBridge)

YOu're rule sort of dangerous as it may list PBL stuff on non last-external, etc, Sort of dangerous ?  It works beautifully for us !  Until the recent issues with Bigfish we've had zero false positives and many many many good catches ! I'm only following the guidelines at 

Re: Big problems with senders who use Microsoft Bigfish (a.k.a. FrontBridge)

I wonder whether you should have chosen an RFC5737 address rather than an RFC1918 address for your obfuscation purposes... Because I forgot about RFC5737. ;-( As I said, happy to give full un-munged headers off-list.

Re: Big problems with senders who use Microsoft Bigfish (a.k.a. FrontBridge)

If he borked his rbldnsd config badly, it could be possible. Please guys, can we get this thread back on track.  The RFC1918 send many of you off on the wrong tangent, I apologise for that profusely again.  ;-)

Re: Big problems with senders who use Microsoft Bigfish (a.k.a. FrontBridge)

That's a rotten idea when asking questions about RBLs... In this case, asking about X.X. would have been less confusing. Yes, I'm sorry and I've already given myself 30 lashings !  ;-( Se we have two problems here: parsing IP addresses from inappropriate headers, and (potentially) the RBL

Re: Big problems with senders who use Microsoft Bigfish (a.k.a. FrontBridge)

Irrelevant. Why is an X-* header even being parsed for IPs? Agreed.  That's what I came here to ask in the first place, even if I managed to make a right mess of even asking that !   ;-)

Re: Big problems with senders who use Microsoft Bigfish (a.k.a. FrontBridge)

Because some Webmail providers don't use a proper Received: header for the initial hop, but add an X-Originating-IP: header instead. Two things that bother me about that reply.  First,  SA  *should* know about the major filtering providers (Bigfish, Postini etc.) and be able to deal with

Re: Big problems with senders who use Microsoft Bigfish (a.k.a. FrontBridge)

Actually Axb, these are my current rules, so I might not be as wrong as you think.. # ITS Local header ITS_RCVD_IN_ZEN            eval:check_rbl('zen', 'zen.dnsbl.') describe ITS_RCVD_IN_ZEN          Received via a relay in Spamhaus Zen tflags ITS_RCVD_IN_ZEN            net reuse  

Re: Big problems with senders who use Microsoft Bigfish (a.k.a. FrontBridge)

As I posted previously, the safer way to do it is to tell your recursor  to forward all spamhaus queries to you local rblsnd and NOT to tinker with SA rules but then... My local recursor does forward to rbldnsd, as per their instructions... zone dnsbl {       type forward;       forward only;

Re: Big problems with senders who use Microsoft Bigfish (a.k.a. FrontBridge)

On 08/14/2013 05:31 PM, Nigel Smith wrote: Actually Axb, these are my current rules, so I might not be as wrong as you think.. # ITS Local header ITS_RCVD_IN_ZEN            eval:check_rbl('zen', 'zen.dnsbl.') describe ITS_RCVD_IN_ZEN          Received via a relay in Spamhaus Zen

Re: Big problems with senders who use Microsoft Bigfish (a.k.a. FrontBridge)

Close, but if you notice, the check on the full Zen bl at the top is an unscored sub-rule, while you were scoring 30 points for your version. Well, I guess my rules needed updating anyway. Spamhaus rolled out two new response codes I was not checking for !  Looking forward to seeing the

RE: Default Bayes Database

Hi, why don't you collect a selection of spam and ham emails prior to go live and use them to train the Bayes DB prior to go live. Then you have a Bayes DB trained to your own data at time of go live... thanks, Andy. Quoting Andrew Talbot andrew.talbot.ownweb...@gmail.com: Well, I

Re: Lowering spam threshold

Currently I have it at 4.8 Quoting Lars Jørgensen l...@kb.dk: Hi, We still get quite a bit of spam through and instead of fiddling with scores, I was thinking about lowering the threshold. Currently tag is at 6.2 and kill at 6.9. Would it be unwise to lower these? What thresholds are

Re: High Performance Bayes Database Configuration?

Quoting Per Jessen p...@computer.org: Matus UHLAR - fantomas wrote: ... again, does this affect BAYES? Probably not, but David was asked to explain why he was wary of using mysql, and he did just that. If those don't apply to Bayes, then he has explained why he doesn't trust MyISAM

Re: High Performance Bayes Database Configuration?

Quoting a.sm...@ukgrid.net: Quoting Per Jessen p...@computer.org: Matus UHLAR - fantomas wrote: ... again, does this affect BAYES? Probably not, but David was asked to explain why he was wary of using mysql, and he did just that. If those don't apply to Bayes, then he has explained

Re: High Performance Bayes Database Configuration?

Quoting David F. Skoll d...@roaringpenguin.com: On Tue, 21 Jun 2011 07:06:11 -0700 Marc Perkel supp...@junkemailfilter.com wrote: Trying to get MySQL bays working in a high volume environment. Dedicated MySQL server with SSD drives. Can someone send me a sample my.cnf file and make other

Re: MySQL bayes setup question

Look in the sql directory in the source code, Andy. Quoting Marc Perkel supp...@junkemailfilter.com: I must be blind but I can seem to find the files or instructions for creating the mysql databases to set up bayes.

Header handling question

I've found enough other rules hits to make for a distinct fingerprint, so that I can go after this stuff with a local rule, but to me, the case error in the header coming from a misconfigured robomailer seems to be a pretty reliable indicator. Smith

SPF fail when SPF record looks good

Hi, I just noticed this, I have an email which was marked as spam. One of the rules it flagged was: 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) In the headers I see: Received: from [62.8.109.125] (port=24079 helo=mail.dynamail.co.uk) In the SPF record for

Re: SPF fail when SPF record looks good

Quoting a.sm...@ukgrid.net: Hi, I just noticed this, I have an email which was marked as spam. One of the rules it flagged was: 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) In the headers I see: Received: from [62.8.109.125] (port=24079

RE: Should Emails Have An Expiration Date

I think this would be a great idea. Many end users never bother to delete old emails and on some, such as sales etc, there is no valid reason for them to countinue to waste disk and server space. http://www.zdnet.com/news/should-emails-have-an-expiration-date/6197888 No since emails are

RE: preventing authenticated smtp users from triggering PBL

I've got an issue where users off-campus who are doing authenticated SMTP/TLS from home networks are having their mail hit by the PBL. I have trusted_networks set to include the incoming relay, but still the PBL hits it as follows: I mentioned in a direct email (as my blackberry won't

Re: Rule works in testing, but not hitting live mail

available via normal Debian repositories. I'm going to take a look at Jon Hardin's suggestion to look at what he's got in his sandbox. Smith

Rule works in testing, but not hitting live mail

, but not on live mail? Is there something I'm missing in my rule syntax, or something that I'm not doing correctly in my testing methodology? Smith

Re: Rule works in testing, but not hitting live mail

Lawrence @ Rogers wrote: On 29/10/2010 3:32 PM, NFN Smith wrote: header LR_OBSC_RECIPS To =~ /\\\/ Is this rule being used standalone, or as part of a meta rule? Do you have a score declared for it? If so, what is it? Right now, I'm scoring at 1.25 points. Thus, it's

spamc not scanning file, spamassassin command ok

Hi all, a couple of spam email messages got passed our spamassassin scanner today, and on investigation I found some odd behaviour. Our mail system scans via a pipe using the following command /usr/local/bin/spamc -u mailnull. If I cat the spam mail file in question by doing a cat and

Re: spamc not scanning file, spamassassin command ok

Quoting John Hardin jhar...@impsec.org: Yes, the default size limit on messages that spamc enforces is less than 600k. If you want to scan larger messages you must override that default. Please see the list archives for the pros and cons. Ah ok! Thanks! Think I can up it to at least 1Mb

Re: russian spam with only two lines in the body

external queries that the score is high enough to force rejection, anyway. Thus, based on my own observations, it looks like the value of rules in this particular area is going to be in scoring stuff that arrives before the domains show up in the various SURBLs. Smith

Re: anyone running SA on Freebsd 8.0?

Quoting Michael Scheidell michael.scheid...@secnap.com: Had a report from a user who installed SA 3.3.1 from freebsd ports with perl 5.10.1 on a Freebsd AMD64 build, Freebsd 8.0, p4 and he noted that the binaries never got installed. said he default install does a 'make pure_site_install',

RE: TMPDIR as a tmpfs

It is safe to use spamassassin tmpdir on a tmpfs mounted system ? And if its safe it would have a better performance ? Here where i work we have big problems with the hard drives, because we basically are sharing virtual machines disk over nfs. and spamassasin is a virtual machine. Any

RE: TMPDIR as a tmpfs

My ram dos not get full, i do not have so many process, i limit it in postfix. It reduces the chances of losing emails if i do not have many process of spamassassin runing. So is safe or not to use tmpfs for tempdir in spamassassin. ? This way, everything that spamassassin have to do with

RE: TMPDIR as a tmpfs

I don't know if it is safe. I suspect it will function normally, but I think you'd be in danger of losing a few messages on an unexpected reboot. I had a very dramatic performance improvement by switching bayes and awl databases to MySQL instead of the default BerkeleyDB. It costs more

Re: SA checking of authenticated users' messages

Quoting Karsten Bräckelmann guent...@rudersport.de: On Wed, 2010-06-09 at 01:51 -0400, Louis Guillaume wrote: Recently I've had a lot of reports of returned mail from authenticated users. The messages are being bounced on the way out. You forgot to provide the reason (SA rules hit) for the

Re: SA checking of authenticated users' messages

You only hit the ALL_TRUSTED when mail is from a trusted relay, surely thats not going to happen if people are sending from a workstation mail to the server doing the checking? Yes, it does. The originating host (workstation) is trusted not to send spam, because the submission is authenticated.

Re: SA checking of authenticated users' messages

Quoting Karsten Bräckelmann guent...@rudersport.de: On Wed, 2010-06-09 at 13:30 +0100, a.sm...@ukgrid.net wrote: On my system outbound mails are scanned, even though they are sent using authentication (not SASL auth tho), additionally the wiki So? Yes, authentication and the ALL_TRUSTED rule

Re: SA checking of authenticated users' messages

So? Yes, authentication and the ALL_TRUSTED rule does not prevent mail from being scanned by SA. Clearly, because that is a SA rule... What *does* prevent mail from being scanned by SA is *NOT* passing it to SA in your MTA. I don't get your point. Ok I just reread ur first post, I

Re: Exim - Spamassassin

Hi all, I am using spamassassin with Exim. I have a router in the middle of the Exim configuration as such: spamcheck_router: driver = accept no_verify condition = ${if and { {!def:h_X-Spam-Flag:} {!eq {$received_protocol}\ {spam-scanned}}} {1}{0}} transport = spamcheck When the

Re: Exim - Spamassassin

Hi all, I am using spamassassin with Exim. I have a router in the middle of the Exim configuration as such: spamcheck_router: driver = accept no_verify condition = ${if and { {!def:h_X-Spam-Flag:} {!eq {$received_protocol}\ {spam-scanned}}} {1}{0}} transport = spamcheck When the

Re: SpamAssassin is a disaster for me

Hi, a few days on and things are still running well with MySQL bayes backend. If indeed my system stability does continue I wonder if the bayes DB version may have had something to do with the corruption problems that seem to have caused me these problems. The flat files are always

Re: SpamAssassin is a disaster for me

No, Im looking at the spamassassin bayes DB files on CentOS 5.5, spamassassin installed via yum Quoting RW rwmailli...@googlemail.com: On Mon, 07 Jun 2010 13:14:31 +0100 a.sm...@ukgrid.net wrote: I checked this on a dev linux box and on these the flat files are created as Berkeley DB

Re: spam score limit adivse

that a rule is going to hit only spam, is that I will score a rule at 5.5 points. The idea is that I'm not positive that the message won't hit any non-spam, but providing only a little bit of space for hitting other rules. Smith

Re: SpamAssassin is a disaster for me

Thanks very much for the detailed reply! Quoting Mark Martinec mark.martinec...@ijs.si: If you can isolate one such message which causes a crash and be able to reproduce it from a command line spamassassin, that would be ideal. Otherwise, enable debugging and when a process crashes check what

Re: SpamAssassin is a disaster for me

Hi Karsten, thanks a lot for your reply... Quoting Karsten Bräckelmann guent...@rudersport.de: I first would check bugzilla for similar issues. In this particular case, bug 6127. The comments in that bug should help to get debug logs, which we would need. I have previously had a look

Re: SpamAssassin is a disaster for me

Hi, update on this is Ive had the system running using MySQL backend for Bayes and AWL for the last 4 hours. So far all good, no 100% CPU runaway processes and no Signal 11 errors. The 100% CPU issue did seem to be resolved by my initial deleting of the bayes BDB files (prior to

Re: SpamAssassin is a disaster for me

Quoting Karsten Bräckelmann guent...@rudersport.de: That are *not* debug logs. That's standard logging, no debug. Post 1 of 3 is normal log, post 3 of 3 was from spamassassin with debug enabled. Is there some further debugging that can be enabled? Alas, as you mentioned in your reply to

Re: SpamAssassin is a disaster for me

Well, before moving servers... What is its file size? See the bug I referenced earlier, and the oddities found there. Yeah, I did have a look at this before. I dont think I have any unusually large files that would cause a prob, the sizes are: 82M./auto-whitelist 66K

Bayes implementation questions

copied from a Cyrus mailbox on one server to a mailbox on another server via scripting, rather than having to play with an IMAP client. But maybe that's a Cyrus-specific question. Thanks in advance for advice. Smith

SpamAssassin is a disaster for me

Hi, as per the subject Im having severe problems, any help much appreciated. My installation: FreeBSD 8.0-p2 Exim 4.71 SpamAssassin 3.3.1 Perl 5.10.1 All packages have been installed from source via FreeBSD ports. The problem: Two main issues really 1) Ever since this server was built (as a

Re: SpamAssassin is a disaster for me

Well firstly I have said for me so Im not trying to trash Spamassasin (I seem to be in a minority of people with any severe issues), and secondly I have posted some of the same issues previously without such a theatrical subject and I received zero replies. No offence was intended for

RE: applying patch

Why don´t you update it via FreeBSD ports? The latest version is there... Quoting Jean-Paul Natola jnat...@familycareintl.org: I setup this box YEARS ago, and only updated the versions of sa exim and clamav, (this only filters my mail before it hands it off to my exchange server. But

RE: Bayes MySQL and innoDB settings question

We've found that our MyISAM tables being used with Bayes in MySQL have caused some bottlenecks on our busier mail servers. We're contemplating using inooDB just for the Bayes database. If MySQL will only be using innoDB, does anyone have any recommendations for innoDB settings in my.cnf to

RE: SPF ignore mail clients connecting with SMTP auth

Hi Giampaolo, thanks for the info. Im not an expert on MTAs or SpamAssassin so Im trying to understand your mail. So is it the case according to what you´ve said below that with your modified logic that setting your MX servers as trusted and MSA will no longer result in all mail being

Re: Repeated spamd dying due to SIGCHLD signal 11

Hi, Ok, update 2: I proved that my system had the perl but (via a test script) as previously mentioned. Ive therefore downgraded perl to perl 5.8.9. I still have the same problem with SpamAssassin perl processes crashing. I´ve take some more logs from spamd with debugging enabled, this is

SPF ignore mail clients connecting with SMTP auth

Hi, I have another question on SPF :) Thanks to those who helped me get it working. Now its working I have a problem that Im getting fails (for the moment softfails due to my SPF config) of users sending mail from Outlook or whatever client that is connecting using SMTP Auth (simple auth

Re: Repeated spamd dying due to SIGCHLD signal 11 SOLVED

Hi all, ok I did some furhter work and when testing (sa-learn --sync) the bayes db integrity its not good. So basically the problem was caused by a corrupt bayes DB. Thanks Andy. Quoting a.sm...@ukgrid.net:

BDB version 1.85 vs 8 how to select

Hi, I´ve been trying to fix some corruption issues with my bayes DB files. I have found that if forced to create from scratch the file my installation of SpamAssassin 3.3.1 is using version 1.85. Why would it do that? It should be using BDB 4.1 with DB version 8 shouldnt it? What

RE: user_pref override options

the Mail::SpamAssassin::Conf doc/man page shows which settings are privileged and which are not. That's what I was looking for. Thanks.

Repeated spamd dying due to SIGCHLD signal 11

Hi, I have a problem on one server that I see several times an hour this problem logged by spamd Wed May 5 10:04:43 2010 [88823] info: spamd: handled cleanup of child pid [90622] due to SIGCHLD: DIED, signal 11 (000b) And in the main messages file a corresponding error regarding the

Re: Repeated spamd dying due to SIGCHLD signal 11

Hi, An update it looks like the problem may well be this Perl bug that affects Perl 5.10.1 in the FreeBSD ports tree... http://rt.perl.org/rt3//Public/Bug/Display.html?id=69973 thanks Andy.

Checking if SPF is being used

Hi, how can I check if SpamAssassin is checking SPF? I ask because we have had instances of spam being delivered using a spoofed email address that is from a domain actually hosted on our mail server, which shouldn´t happen if SPF is being used (SPF is configured in DNS for the domain

Re: Checking if SPF is being used

PS in my init.pre SPF is loaded: loadplugin Mail::SpamAssassin::Plugin::SPF Quoting a.sm...@ukgrid.net:

  1   2   3   4   5   >