Am 24.06.2015 um 02:00 schrieb Philip Prindeville:
On 06/19/2015 01:07 PM, Dianne Skoll wrote:
On Fri, 19 Jun 2015 12:51:28 -0600
Philip Prindeville wrote:
[stuff]
With this, we avoid ever accepting about 98% of the SPAM that we’d
otherwise receive.
Really? 98%? I find that surprising
On Tue, 23 Jun 2015 18:00:27 -0600
Philip Prindeville wrote:
> I should have mentioned we also blacklist yahoo... and are thinking
> about blocking google, too.
I see. If we did this, then yes, we'd probably stop a lot of spam
(though nowhere near 98%) but we'd also lose 98% of our customers,
On 06/19/2015 01:07 PM, Dianne Skoll wrote:
On Fri, 19 Jun 2015 12:51:28 -0600
Philip Prindeville wrote:
[stuff]
With this, we avoid ever accepting about 98% of the SPAM that we’d
otherwise receive.
Really? 98%? I find that surprising. We get quite a lot of spam
from gmail, hotmail, yah
On Jun 19, 2015, at 6:02 PM, Philip Prindeville
wrote:
> Given how many vulnerabilities CentOS 5 has, why would you want to keep
> running that?
Because, while "I wish I could upgrade ... various circumstances prevent that
right now."
It is fully patched, FWIW.
--- Amir
thumbed via iPhone
On 06/10/2015 04:34 AM, Amir Caspi wrote:
On Jun 10, 2015, at 12:32 AM, Matus UHLAR - fantomas wrote:
FEATURE(`block_bad_helo')
define(`confALLOW_BOGUS_HELO', `False')
Argh, unfortunately, that feature is only on sendmail 8.14 and higher, which
means RHEL/CentOS 6 or higher. For those of
On Jun 19, 2015, at 3:28 PM, David Jones wrote:
>> From: Philip Prindeville
>> Sent: Friday, June 19, 2015 3:53 PM
>> To: David Jones
>> Cc: users@spamassassin.apache.org
>> Subject: Re: Must-Have Plugins?
>
>> On Jun 19, 2015, at 2:35 PM, David Jones
>From: Philip Prindeville
>Sent: Friday, June 19, 2015 3:53 PM
>To: David Jones
>Cc: users@spamassassin.apache.org
>Subject: Re: Must-Have Plugins?
>On Jun 19, 2015, at 2:35 PM, David Jones wrote:
>>
>>> But I’m on a LOT of high volume mailing lists (like mozi
On Jun 19, 2015, at 2:35 PM, David Jones wrote:
>
>> But I’m on a LOT of high volume mailing lists (like mozilla-general and
>> netdev) that get heavily spammed.
>
> Filtering mailing lists is a slightly different ballgame than filtering
> regular email. Some of the items listed above
> don
>>> From: Philip Prindeville
>>
>>> On Jun 9, 2015, at 12:29 PM, John Hardin wrote:
>>
On Tue, 9 Jun 2015, David Jones wrote:
> Some of the best and easiest things you can enable to block spam are
> outside of SpamAssassin at your MTA (sendmail, postfix, etc.).
> - Enab
On Jun 19, 2015, at 1:01 PM, David Jones wrote:
>> From: Philip Prindeville
>
>> On Jun 9, 2015, at 12:29 PM, John Hardin wrote:
>
>>> On Tue, 9 Jun 2015, David Jones wrote:
>>>
Some of the best and easiest things you can enable to block spam are
outside of SpamAssassin at your MT
On Fri, 19 Jun 2015 12:51:28 -0600
Philip Prindeville wrote:
[stuff]
> With this, we avoid ever accepting about 98% of the SPAM that we’d
> otherwise receive.
Really? 98%? I find that surprising. We get quite a lot of spam
from gmail, hotmail, yahoo etc. that would pass all of your tests.
R
>From: Philip Prindeville
>On Jun 9, 2015, at 12:29 PM, John Hardin wrote:
>> On Tue, 9 Jun 2015, David Jones wrote:
>>
>>> Some of the best and easiest things you can enable to block spam are
>>> outside of SpamAssassin at your MTA (sendmail, postfix, etc.).
>>
>>> - Enable greylisting. This
On Jun 9, 2015, at 12:29 PM, John Hardin wrote:
> On Tue, 9 Jun 2015, David Jones wrote:
>
>> Some of the best and easiest things you can enable to block spam are
>> outside of SpamAssassin at your MTA (sendmail, postfix, etc.).
>
>> - Enable greylisting. This is just about the only way you c
On 10.06.15 04:34, Amir Caspi wrote:
To: Matus UHLAR - fantomas
Cc: users@spamassassin.apache.org
pleaase, avoid personal mail. The list is for public discussion.
Subject: Re: Must-Have Plugins?
On Jun 10, 2015, at 12:32 AM, Matus UHLAR - fantomas wrote:
FEATURE(`block_bad_helo')
d
On 10 Jun 2015, at 10:26, Kevin A. McGrail wrote:
On 6/10/2015 10:18 AM, Dianne Skoll wrote:
I'm not disputing that running a caching DNS server is a good idea,
but
you may be quite surprised at the low cache hit rate for IP-based
DNSBLs.
IMO, the primary goal of a caching-only nameserver is i
On 10 Jun 2015, at 10:55, Alex Regan wrote:
Hi,
Not everyone is running a dedicated mail server. My server is an
everything-server running on a hosted VPS that only has a few
"users"
that get significant amounts of email. I'm not sure I want another
daemon that can break or take up clock cyc
On 11/06/2015 00:18, Dianne Skoll wrote:
> On Wed, 10 Jun 2015 13:56:49 +
> David Jones wrote:
>
> [One should run a caching DNS server on a mail server.]
>
>> We are giving you solid advice based on real experiences where we
>> ran into problems and worked around them. Just try to enab
Am 11.06.2015 um 19:28 schrieb Michael B Allen:
On Thu, Jun 11, 2015 at 10:03 AM, RW wrote:
You don't need a full-blown DNS server, you just need a resolver which
is typically ~ 100kB plus whatever space you want for caching.
Mine is currently using 9MB of resident memory compared with 103MB
On Thu, Jun 11, 2015 at 10:03 AM, RW wrote:
> On Wed, 10 Jun 2015 18:45:10 -0400
> Michael B Allen wrote:
>
>> On Wed, Jun 10, 2015 at 9:56 AM, David Jones wrote:
>> >>> given that install unbound as local resolver takes 2 minutes it's
>> >>> even not worth to argue on that topic and a spamfilter
On Wed, 10 Jun 2015 18:45:10 -0400
Michael B Allen wrote:
> On Wed, Jun 10, 2015 at 9:56 AM, David Jones wrote:
> >>> given that install unbound as local resolver takes 2 minutes it's
> >>> even not worth to argue on that topic and a spamfilter without
> >>> RBL's and URIBL's is just nonsense
> >
[I have lost the attribution, but someone wrote:]
> >That's not what I'm saying. It should not be necessary to run a
> >full-blown DNS server for SA to do it's queries. It should be
> >possible to call a library and create a DNS context that has all of
> >it's own parameters and then use that in a
given that install unbound as local resolver takes 2 minutes it's even not
worth to argue on that topic and a spamfilter without RBL's and URIBL's is
just nonsense
>>
>>>I have installed a caching DNS server before (albeit probably about 15
>>>years ago). But it just shouldn't be nec
Am 11.06.2015 um 03:33 schrieb Dianne Skoll:
On Thu, 11 Jun 2015 01:00:45 +0200
Reindl Harald wrote:
cache-min-ttl: 600
Even a 10-minute cache time buys you very little. My original analysis
assumed a 15-minute TTL
calling 32% cache hits on a single day "very little" is questionable
On Thu, 11 Jun 2015 01:00:45 +0200
Reindl Harald wrote:
> cache-min-ttl: 600
Even a 10-minute cache time buys you very little. My original analysis
assumed a 15-minute TTL.
Regards,
Dianne.
Am 10.06.2015 um 16:18 schrieb Dianne Skoll:
On Wed, 10 Jun 2015 13:56:49 +
David Jones wrote:
[One should run a caching DNS server on a mail server.]
We are giving you solid advice based on real experiences where we
ran into problems and worked around them. Just try to enable RBLs
and
On Wed, Jun 10, 2015 at 9:56 AM, David Jones wrote:
>>> given that install unbound as local resolver takes 2 minutes it's even not
>>> worth to argue on that topic and a spamfilter without RBL's and URIBL's is
>>> just nonsense
>
>>I have installed a caching DNS server before (albeit probably abou
On Wed, 10 Jun 2015, David Jones wrote:
[One should run a caching DNS server on a mail server.]
My point was that running a local caching server is the only way one
can know exactly how the lookups are happening. If you point to a
DNS server that you don't manage, it could be forwarding to an
On Wed, 10 Jun 2015, Bill Cole wrote:
> (2) Check the HELO the other guy sends and reject if it's not a FQDN
> (i.e. it's not got any periods at all).
or if it's your FQDN, or your IP - they should use their FQDN, not yours.
And if you don't/can't use a greeting pause, these are useful in
On Wed, 10 Jun 2015, Kevin A. McGrail wrote:
On 6/10/2015 12:45 AM, Michael B Allen wrote:
But I just can't
bring myself to install a caching DNS server and run everything
through localhost. This is why software should be librarified.
I strongly advise you to install a caching DNS server a
On Wed, 10 Jun 2015 14:56:40 +
David Jones wrote:
> My point was that running a local caching server is the only way one
> can know exactly how the lookups are happening.
Ah, true. I missed that point I guess.
Regards,
Dianne.
>[One should run a caching DNS server on a mail server.]
>> We are giving you solid advice based on real experiences where we
>> ran into problems and worked around them. Just try to enable RBLs
>> and see how it works for you.
>I'm not disputing that running a caching DNS server is a good idea,
Hi,
Not everyone is running a dedicated mail server. My server is an
everything-server running on a hosted VPS that only has a few "users"
that get significant amounts of email. I'm not sure I want another
daemon that can break or take up clock cycles and memory on a system
processing 10 spams /
On 9 Jun 2015, at 14:39, Matus UHLAR - fantomas wrote:
On 09.06.15 11:29, John Hardin wrote:
Two things that I have found very useful at the MTA level are:
(1) Delay sending your SMTP banner a second or two and reject any
sender that starts sending information before that. This is a
built-in
On 6/10/2015 10:18 AM, Dianne Skoll wrote:
I'm not disputing that running a caching DNS server is a good idea, but
you may be quite surprised at the low cache hit rate for IP-based DNSBLs.
IMO, the primary goal of a caching-only nameserver is in fact, not the
caching, but rather the unique sourc
On Wed, 10 Jun 2015 13:56:49 +
David Jones wrote:
[One should run a caching DNS server on a mail server.]
> We are giving you solid advice based on real experiences where we
> ran into problems and worked around them. Just try to enable RBLs
> and see how it works for you.
I'm not disputin
>> given that install unbound as local resolver takes 2 minutes it's even not
>> worth to argue on that topic and a spamfilter without RBL's and URIBL's is
>> just nonsense
>I have installed a caching DNS server before (albeit probably about 15
>years ago). But it just shouldn't be necessary.
It
Am 10.06.2015 um 15:49 schrieb Michael B Allen:
By "librarified" I mean the DNS "server" is just a code context that
can be constructed with it's own config precisely and only as needed
by the software that will be querying it (possibly temporarily if it's
just client-only activity like a barrag
On Wed, Jun 10, 2015 at 7:25 AM, Reindl Harald wrote:
>
>
> Am 10.06.2015 um 13:21 schrieb Kevin A. McGrail:
>>
>> On 6/10/2015 12:45 AM, Michael B Allen wrote:
>>>
>>> But I just can't
>>> bring myself to install a caching DNS server and run everything
>>> through localhost. This is why software
>> - Enable RBLs and DBLs. zen.spamhaus.org is the best way to block the
>>majority of junk before it reaches SA. Just make sure you are below their
>>free threshold limit. One important way to do this is
>"One important way to do this" in terms of the Spamhaus threshold limit
>is to no
>> Some of the best and easiest things you can enable to block spam are
>> outside of SpamAssassin at your MTA (sendmail, postfix, etc.).
>> - Enable RBLs and DBLs. zen.spamhaus.org is the best way to block the
>> majority of junk before it reaches SA. Just make sure you are below their
>> fr
Am 10.06.2015 um 13:21 schrieb Kevin A. McGrail:
On 6/10/2015 12:45 AM, Michael B Allen wrote:
But I just can't
bring myself to install a caching DNS server and run everything
through localhost. This is why software should be librarified.
I strongly advise you to install a caching DNS server
On 6/10/2015 12:45 AM, Michael B Allen wrote:
But I just can't
bring myself to install a caching DNS server and run everything
through localhost. This is why software should be librarified.
I strongly advise you to install a caching DNS server and using a few RBLs.
regards,
KAM
Am 10.06.2015 um 13:17 schrieb Kevin A. McGrail:
On 6/10/2015 2:32 AM, Matus UHLAR - fantomas wrote:
I'm not sure whether or not I have enabled requiring valid rDNS... given
how many legitimate mailservers out there don't have proper rDNS,
how many? I'm happy to block them for years...
Fr
On 6/10/2015 2:32 AM, Matus UHLAR - fantomas wrote:
I'm not sure whether or not I have enabled requiring valid rDNS... given
how many legitimate mailservers out there don't have proper rDNS,
how many? I'm happy to block them for years...
From what I've see, the effectivness and false positive
On Jun 10, 2015, at 12:32 AM, Matus UHLAR - fantomas wrote:
> FEATURE(`block_bad_helo')
> define(`confALLOW_BOGUS_HELO', `False')
Argh, unfortunately, that feature is only on sendmail 8.14 and higher, which
means RHEL/CentOS 6 or higher. For those of us running RHEL/CentOS 5, that's
only avai
- Enable RBLs and DBLs. zen.spamhaus.org is the best way to block the
majority of junk before it reaches SA. Just make sure you are below their
free threshold limit. One important way to do this is
"One important way to do this" in terms of the Spamhaus threshold limit
is to not be
On Jun 9, 2015, at 12:29 PM, John Hardin wrote:
(2) Check the HELO the other guy sends and reject if it's not a FQDN
(i.e. it's not got any periods at all). This probably shouldn't be done
on mail originating locally, but for mail coming in from the Internet the
other MTA should always be send
would do by itself. Unfortunately quite a lot of spam is
>>>getting through. So far 40 of 142 spams have passed.
>>>
>>>So my question is, what is the best way to improve things? Is there
>>>any particular must-have plugins? What is the one thing I can do to a
On Jun 9, 2015, at 12:51 PM, RW wrote:
> Bogofilter is pretty easy to use without a plugin. Typically it's just
> a matter of piping your mail through bogofilter -e -p
> In general the most efficient way to score-in an external filter is to
> run it separately and have SA score the result - by s
On Tue, 9 Jun 2015, Amir Caspi wrote:
On Jun 9, 2015, at 12:29 PM, John Hardin wrote:
(2) Check the HELO the other guy sends and reject if it's not a FQDN
(i.e. it's not got any periods at all). This probably shouldn't be done
on mail originating locally, but for mail coming in from the Inte
On Tue, 9 Jun 2015, Matus UHLAR - fantomas wrote:
On 09.06.15 11:29, John Hardin wrote:
Two things that I have found very useful at the MTA level are:
(1) Delay sending your SMTP banner a second or two and reject any sender
that starts sending information before that. This is a built-in optio
On Tue, 9 Jun 2015 12:36:58 +
David Jones wrote:
> I also have added CRM114 and BOGOFILTER plugins which are similar to
> BAYES but don't require the manual training.
They need manual training to the same extent that Bayes needs it.
> These are fairly difficult to install
Bogofilter is
On Jun 9, 2015, at 12:29 PM, John Hardin wrote:
> (2) Check the HELO the other guy sends and reject if it's not a FQDN (i.e.
> it's not got any periods at all). This probably shouldn't be done on mail
> originating locally, but for mail coming in from the Internet the other MTA
> should always
On 09.06.15 11:29, John Hardin wrote:
Two things that I have found very useful at the MTA level are:
(1) Delay sending your SMTP banner a second or two and reject any
sender that starts sending information before that. This is a
built-in option in Sendmail, google "greet_pause".
even 15...
Am 09.06.2015 um 20:29 schrieb John Hardin:
On Tue, 9 Jun 2015, David Jones wrote:
Some of the best and easiest things you can enable to block spam are
outside of SpamAssassin at your MTA (sendmail, postfix, etc.).
- Enable greylisting. This is just about the only way you can block
zero-
On Tue, 9 Jun 2015, David Jones wrote:
Some of the best and easiest things you can enable to block spam are
outside of SpamAssassin at your MTA (sendmail, postfix, etc.).
- Enable greylisting. This is just about the only way you can block
zero-hour spam from compromised accounts that come
Am 09.06.2015 um 17:23 schrieb Alex Regan:
My top hit counts from last week from dnsblcount.pl script (using
postscreen so the numbers are most likely skewed based on ordering and
thresholds being met with multiple RBL hits):
Where did you find dnsblcount.pl? Or is this is your own? T
Hi,
My top hit counts from last week from dnsblcount.pl script (using
postscreen so the numbers are most likely skewed based on ordering and
thresholds being met with multiple RBL hits):
Where did you find dnsblcount.pl? Or is this is your own? That sounds
like a great compliment to
ing through. So far 40 of 142 spams have passed.
>>
>>So my question is, what is the best way to improve things? Is there
>>any particular must-have plugins? What is the one thing I can do to a
>>default install that is going to give me the biggest return on
>>investe
have passed.
So my question is, what is the best way to improve things? Is there
any particular must-have plugins? What is the one thing I can do to a
default install that is going to give me the biggest return on
invested effort?
network checks like razor/pyzor/dcc (they all require third-party pro
spams have passed.
So my question is, what is the best way to improve things? Is there
any particular must-have plugins? What is the one thing I can do to a
default install that is going to give me the biggest return on
invested effort?
train your bayes, preferred a global one to benfit all users
best way to improve things? Is there
any particular must-have plugins? What is the one thing I can do to a
default install that is going to give me the biggest return on
invested effort?
Mike
62 matches
Mail list logo
