Hallo und Guten Tag Justin,
Heute (am 20.08.2005 - 04:50 Uhr)
schriebst Du:
> unfortunately, there's no sign of a pyzor process starting there.
> a search for "pyzor" finds nothing.
yeah, sorry. But I have logged a long time and this was not. :(
Another possibility?
--
Viele Grüße, Kind r
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jim Knuth writes:
> Hallo und Guten Tag Justin,
>
> Gestern (am 18.08.2005 - 22:39 Uhr)
>schriebst Du:
>
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA1
>
> > hmm -- sounds like a bug.
>
> > If you can capture an "strace" trace of a spa
ry couple of minutes
(when pyzor times out) on an otherwise normally running system.
I even suspect that an implicit Perl close (in subsequent open)
does not reclaim (wait(2)) a child process. These zombies eventually
go away by themselves when the parent process retires (being
reclaimed by th
> > > > Since I use SpamAssassin 3.001000, I have sometimes zombies. And
> > > > I`ve found out it. The zombie was pyzor.
> > My first guess it that it is a symptom of:
> > http://bugzilla.spamassassin.org/show_bug.cgi?id=4518
> Yep, that's a pos
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jim Knuth writes:
> Hallo und Guten Morgen Justin,
>
> Heute (am 19.08.2005 - 01:45 Uhr)
>schriebst Du:
>
> >
> > Yep, that's a possibility... Jim, you use
>
> > strace -fo LOG -p $pid
>
> > to trace an amavisd-new process (or spamd proce
Hallo und Guten Morgen Justin,
Heute (am 19.08.2005 - 01:45 Uhr)
schriebst Du:
>
> Yep, that's a possibility... Jim, you use
> strace -fo LOG -p $pid
> to trace an amavisd-new process (or spamd process etc.), then
> scan some mails until it happens. If it occurs due to a traced
> proce
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mark Martinec writes:
> Jim Knuth writes:
> > > Since I use SpamAssassin 3.001000, I have sometimes zombies. And
> > > I`ve found out it. The zombie was pyzor. Before this was not.
> > > What can I do? Switch off pyzor
Jim Knuth writes:
> > Since I use SpamAssassin 3.001000, I have sometimes zombies. And
> > I`ve found out it. The zombie was pyzor. Before this was not.
> > What can I do? Switch off pyzor? Or?
> >
> > Spamassassin works with amavisd-new 2.3.3pre1 and Postfix 2
Hallo und Guten Abend Justin,
Heute (am 18.08.2005 - 22:39 Uhr)
schriebst Du:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> hmm -- sounds like a bug.
> If you can capture an "strace" trace of a spamd process starting
Sorry, but I don`t no how. :( Can you give me an hint?
> a pyzor
;
> Since I use SpamAssassin 3.001000, I have sometimes zombies. And
> I`ve found out it. The zombie was pyzor. Before this was not.
> What can I do? Switch off pyzor? Or?
>
> Spamassassin works with amavisd-new 2.3.3pre1 and Postfix 2.3.*
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.
Hallo und Guten Abend spamassassin-users,
Since I use SpamAssassin 3.001000, I have sometimes zombies. And
I`ve found out it. The zombie was pyzor. Before this was not.
What can I do? Switch off pyzor? Or?
Spamassassin works with amavisd-new 2.3.3pre1 and Postfix 2.3.*
--
Viele Grüße, Kind
http://www.securityfocus.com/news/11230?ref=rss
Quick summary: The Federal Trade Commission is launching an educational
campaign to try to convince ISPs to block port 25, rate-limit email
relays, and quarantine infected machines.
It would probably help if I explained that I brought up two
different but related ides in quick succession:
1. Asking for URI domains of messages sent through zombies, open
relays, open proxies, etc. detected by XBL that mentioned SURBL URIs.
2. Asking for URI domains of messages sent through
a `new' exploited
> machine that hasn't made its way onto the lists yet (like IP jumping, being
> a RHS list is an advantage here too).
Exactly. Any site advertised many times through zombie-delivered
spams is likely to belong to spammers and not whitehats.
Whitehats probably
ed in was sent through open relays,
>>> zombies, open proxies, etc. In other words does anyone know
>>> of a list of spamvertised web sites or their domains that's
>>> been cross referenced to exploited hosts?
>
>>> We could use that information as a valua
On Sunday, March 13, 2005, 7:31:01 AM, Raymond Dijkxhoorn wrote:
>> I'm not asking for trap data. I'm asking to look for XBL hits,
>> then take the URIs from messages that hit XBL. In other words
>> I want to get the sites that are being advertised through
>> exploited hosts.
>>
>> Nothing to do
ders then prioritize those say by frequency
>> of appearance, we could create a new SURBL list of spamvertised
>> domains sent through exploited hosts. That would pretty directly
>> address the use of zombies, etc. and put a penalty on using them
>> to advertise sites through
Jeff Chan wrote on Sun, 13 Mar 2005 05:12:30 -0800:
> One fairly easy for anyone running a large SpamAssassin
> installation to help us get this data would be to simply grep
> for "XBL" and "SURBL" rules hitting the same message and report
> out the URI domains from those messages.
>
I have a
On Sunday, March 13, 2005, 5:12:30 AM, Jeff Chan wrote:
> On Friday, March 11, 2005, 11:27:52 PM, Jeff Chan wrote:
>> Does anyone have or know about a list of spam-advertised URIs
>> where the spam they appeared in was sent through open relays,
>> zombies, open proxies, etc.
On Friday, March 11, 2005, 11:27:52 PM, Jeff Chan wrote:
> Does anyone have or know about a list of spam-advertised URIs
> where the spam they appeared in was sent through open relays,
> zombies, open proxies, etc. In other words does anyone know
> of a list of spamvertised web si
Does anyone have or know about a list of spam-advertised URIs
where the spam they appeared in was sent through open relays,
zombies, open proxies, etc. In other words does anyone know
of a list of spamvertised web sites or their domains that's
been cross referenced to exploited hosts?
We
On Tuesday 08 February 2005 2:14 pm, Kenneth Porter wrote:
> --On Tuesday, February 08, 2005 11:14 AM -0700 Brian Godette
>
> <[EMAIL PROTECTED]> wrote:
> > care must be taken to have the expiry times
> > reasonable or the iptables rule lists becomes much too large and
> > eventually chews up all
--On Tuesday, February 08, 2005 1:14 PM -0800 Kenneth Porter
<[EMAIL PROTECTED]> wrote:
Have you seen the "ipset" stuff on the netfilter-devel list? This is a
new set of modules that works with sets of addresses. It should allow you
to have a much larger rejection list.
Just checked, this project
--On Tuesday, February 08, 2005 11:14 AM -0700 Brian Godette
<[EMAIL PROTECTED]> wrote:
care must be taken to have the expiry times
reasonable or the iptables rule lists becomes much too large and
eventually chews up all available CPU.
Have you seen the "ipset" stuff on the netfilter-devel list?
On Thursday 03 February 2005 4:22 pm, Matt Kettler wrote:
> At 06:13 PM 2/3/2005, Brian Godette wrote:
> >Those sorts of mail servers end up in my firewall rules till some point in
> >the
> >future.
>
> I started off using a shun on them as a short-term fix, but then went to a
> 500 error message f
Don't know if it's related, but I'm seeing a SIGNIFICANT increase in
SMTP REJECTs, something to the tune of a 10- to 15-fold increase. I
started seeing it simultaneously on both my primary and secondary boxes,
starting around 7:AM EST yesterday (Thursday). I log RBL rejects as
'spam' so this is som
At 06:13 PM 2/3/2005, Brian Godette wrote:
Those sorts of mail servers end up in my firewall rules till some point in
the
future.
I started off using a shun on them as a short-term fix, but then went to a
500 error message for all mail from the server in /etc/mail/access.
They seem to behave pro
On Thursday 03 February 2005 3:32 pm, Matt Kettler wrote:
> I encountered one ISP who's legitimate mail gateway is freaking out under
> the load of all the proxy spam.
>
> It's now retrying temp-fail messages immediately without any delay... 24+
> times per second.
>
> Since I have Sendmail set up
I encountered one ISP who's legitimate mail gateway is freaking out under
the load of all the proxy spam.
It's now retrying temp-fail messages immediately without any delay... 24+
times per second.
Since I have Sendmail set up to verify sender domains exist, a lot of spam
gets a 451 error.. Un
29 matches
Mail list logo