Re: DNS Tests not always getting done

[Kai Schaetzl]

Skip wrote on Thu, 17 Jul 2008 16:19:07 -0400:

 As for too many connection per day, my domain certainly does not 
 generate anywhere near the 100,000 connections spamhaus considers as the 
 cutoff, but I'll be my host (bluehost) does.  If all they check is 
 originating IP address, then I'm sure I'll fall in that category.

Yeah, you actually query the resolver at your hosting provider. As do 
others of his customers. That combined connection pool may well exceed the 
limits. In that case you could set up a local caching nameserver and no 
forwarders. However, this would also impact your other dns queries. It 
might actually be a good idea if SA developers allowed to use a different 
resolver for SA than the system resolver.

 
 As for the timeouts, I won't have access to that, since I am on a shared 
 hosting system, but are you sure that those errors are what's being 
 reported by the local nameserver?  I am surprised that every test would 
 fail (that is, not complete) in one case, and then in the next case all 
 but the spamhaus test would complete.

Intermittant problems mean that a DNS is overloaded. Could be the typical 
sign of spamassassinating an RBL. I'm not surprised that many of your 
open-whois.org lookups fail. It wouldn't be the first RBL that falls apart 
after it got promoted to default use in SA.

It's also possible that your forwarder DNS is sometimes overloaded. If you 
get timeouts on five RBLs and next second all of them are well and then 
again on a bunch of them I'd say that the bottleneck could actually be the 
forwarder.

Also, several of these RBL checks do not add any extra value in my eyes. 
For instance habeas and bondedsender. I would get rid at least of these. I 
have been switching off SA RBL checks on all my systems almost right after 
I started using it years ago and still do so. I also don't use any of the 
distributed fingerprint systems. I use three RBLs I trust on MTA level for 
rejection. That's *much* more efficient. In SA I use only the other network 
checks for SURBL etc. as these *are* effective. (Although looking at the 
hit count all but one have declined in accurateness from last year.)

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com

What's wrong with this regex?

[Per Jessen]

body PND_STOCK_PAYI /[^a-z](P[^a-z]{0,4}A[^a-z]{0,4}Y[^a-z]{0,4}I[^a-z]
Pay88)/i

(all on one line of course).

In SA3.2.5, I get the following message:

[5183] info: config: invalid regexp for rule PND_STOCK_PAYI: /[^a-z
(P[^a-z]{0,2}A[^a-z]{0,2}Y[^a-z]{0: missing or invalid delimiters

With SA3.1.7, there's no problem. 


/Per Jessen, Zürich

Re: DNS Tests not always getting done

[Sahil Tandon]

On Jul 18, 2008, at 6:31, Kai Schaetzl [EMAIL PROTECTED] wrote:


Skip wrote on Thu, 17 Jul 2008 16:19:07 -0400:


As for too many connection per day, my domain certainly does not
generate anywhere near the 100,000 connections spamhaus considers  
as the

cutoff, but I'll be my host (bluehost) does.  If all they check is
originating IP address, then I'm sure I'll fall in that category.


Yeah, you actually query the resolver at your hosting provider. As do
others of his customers. That combined connection pool may well  
exceed the
limits. In that case you could set up a local caching nameserver and  
no

forwarders. However, this would also impact your other dns queries. It
might actually be a good idea if SA developers allowed to use a  
different

resolver for SA than the system resolver.



As for the timeouts, I won't have access to that, since I am on a  
shared

hosting system, but are you sure that those errors are what's being
reported by the local nameserver?  I am surprised that every test  
would
fail (that is, not complete) in one case, and then in the next case  
all

but the spamhaus test would complete.


Intermittant problems mean that a DNS is overloaded. Could be the  
typical
sign of spamassassinating an RBL. I'm not surprised that many of  
your
open-whois.org lookups fail. It wouldn't be the first RBL that falls  
apart

after it got promoted to default use in SA.

It's also possible that your forwarder DNS is sometimes overloaded.  
If you
get timeouts on five RBLs and next second all of them are well and  
then
again on a bunch of them I'd say that the bottleneck could actually  
be the

forwarder.

Also, several of these RBL checks do not add any extra value in my  
eyes.
For instance habeas and bondedsender. I would get rid at least of  
these. I
have been switching off SA RBL checks on all my systems almost right  
after
I started using it years ago and still do so. I also don't use any  
of the
distributed fingerprint systems. I use three RBLs I trust on MTA  
level for

rejection. That's *much* more efficient.


Zen should be one of them. Which Other two RBLs do you trust?

[...]

--
Sahil Tandon

Re: What's wrong with this regex?

[Jari Fredriksson]

 body PND_STOCK_PAYI
 /[^a-z](P[^a-z]{0,4}A[^a-z]{0,4}Y[^a-z]{0,4}I[^a-z]
 Pay88)/i 
 
 (all on one line of course).
 
 In SA3.2.5, I get the following message:
 
 [5183] info: config: invalid regexp for rule
 PND_STOCK_PAYI: /[^a-z
 (P[^a-z]{0,2}A[^a-z]{0,2}Y[^a-z]{0: missing or invalid
 delimiters  
 
 With SA3.1.7, there's no problem.
 
 
 /Per Jessen, Zürich

The regexp as shown is not the same as in the error message.

The code shows items like {0,4} while in the error message they are  {0,2}
The code the last characters of the rule are Pay88)/i, while in the regexp in 
error message has last characters as [^a-z]{0.

The error is not from the regexp you think it is.

Re: What's wrong with this regex?

[mouss]

Per Jessen wrote:

body PND_STOCK_PAYI /[^a-z](P[^a-z]{0,4}A[^a-z]{0,4}Y[^a-z]{0,4}I[^a-z]
Pay88)/i

(all on one line of course).

In SA3.2.5, I get the following message:

[5183] info: config: invalid regexp for rule PND_STOCK_PAYI: /[^a-z
(P[^a-z]{0,2}A[^a-z]{0,2}Y[^a-z]{0: missing or invalid delimiters



This is the not the same regex ({0,2} vs {0,4}). you should copy-paste 
the re and post it, as there are more eyes to spot a typo...


With SA3.1.7, there's no problem. 



/Per Jessen, Zürich

Re: What's wrong with this regex?

[Per Jessen]

Jari Fredriksson wrote:

 body PND_STOCK_PAYI
 /[^a-z](P[^a-z]{0,4}A[^a-z]{0,4}Y[^a-z]{0,4}I[^a-z]
 Pay88)/i
 
 (all on one line of course).
 
 In SA3.2.5, I get the following message:
 
 [5183] info: config: invalid regexp for rule
 PND_STOCK_PAYI: /[^a-z
 (P[^a-z]{0,2}A[^a-z]{0,2}Y[^a-z]{0: missing or invalid
 delimiters
 
 With SA3.1.7, there's no problem.
 
 
 /Per Jessen, Zürich
 
 The regexp as shown is not the same as in the error message.

I assumed that was because the error-message cuts it short, but you're
absolutely right, I had another unfinished rule with the same name. 
Thanks for making me look again.


/Per Jessen, Zürich

Re: What's wrong with this regex?

[Richard Frovarp]

Per Jessen wrote:

body PND_STOCK_PAYI /[^a-z](P[^a-z]{0,4}A[^a-z]{0,4}Y[^a-z]{0,4}I[^a-z]
Pay88)/i

(all on one line of course).

In SA3.2.5, I get the following message:

[5183] info: config: invalid regexp for rule PND_STOCK_PAYI: /[^a-z
(P[^a-z]{0,2}A[^a-z]{0,2}Y[^a-z]{0: missing or invalid delimiters

With SA3.1.7, there's no problem. 



/Per Jessen, Zürich


  
As the others have said, it's not the same regex. The one that isn't 
working is missing a ']' after /[^a-z.

Charles Mount/GIS/CSC is out of the office.

[Charles Mount]

I will be out of the office starting  07/17/2008 and will not return until
07/21/2008.

I will be out of the office until Jan 30rd.  I will respond to your message
when I return.

Re: DNS Tests not always getting done

[Skip]

Kai Schaetzl wrote:

Skip wrote on Thu, 17 Jul 2008 16:19:07 -0400:

  
As for too many connection per day, my domain certainly does not 
generate anywhere near the 100,000 connections spamhaus considers as the 
cutoff, but I'll be my host (bluehost) does.  If all they check is 
originating IP address, then I'm sure I'll fall in that category.



Yeah, you actually query the resolver at your hosting provider. As do 
others of his customers. That combined connection pool may well exceed the 
limits. In that case you could set up a local caching nameserver and no 
forwarders. However, this would also impact your other dns queries. It 
might actually be a good idea if SA developers allowed to use a different 
resolver for SA than the system resolver.


  
As for the timeouts, I won't have access to that, since I am on a shared 
hosting system, but are you sure that those errors are what's being 
reported by the local nameserver?  I am surprised that every test would 
fail (that is, not complete) in one case, and then in the next case all 
but the spamhaus test would complete.



Intermittant problems mean that a DNS is overloaded. Could be the typical 
sign of spamassassinating an RBL. I'm not surprised that many of your 
open-whois.org lookups fail. It wouldn't be the first RBL that falls apart 
after it got promoted to default use in SA.


It's also possible that your forwarder DNS is sometimes overloaded. If you 
get timeouts on five RBLs and next second all of them are well and then 
again on a bunch of them I'd say that the bottleneck could actually be the 
forwarder.


Also, several of these RBL checks do not add any extra value in my eyes. 
For instance habeas and bondedsender. I would get rid at least of these. I 
have been switching off SA RBL checks on all my systems almost right after 
I started using it years ago and still do so. I also don't use any of the 
distributed fingerprint systems. I use three RBLs I trust on MTA level for 
rejection. That's *much* more efficient. In SA I use only the other network 
checks for SURBL etc. as these *are* effective. (Although looking at the 
hit count all but one have declined in accurateness from last year.)


Kai

  
Wow, I wonder how I am going to convince Bluehost that they are having 
issues.


What's the best way to disable individual RBL checks?  I'm also curious 
which tests you consider to be most effective on your system.


I was actually thinking the same thing about configuring SA to use a 
different resolver, but could not find such a configuration option.


Skip

--
Get my PGP Public key here:
http://pelorus.org/[EMAIL PROTECTED]

Re: What's wrong with this regex?

[Kai Schaetzl]

Per Jessen wrote on  Fri, 18 Jul 2008 12:40:27 +0200:

 [^a-z](P[^a-z]{0,4}A[^a-z]{0,4}Y[^a-z]{0,4}I[^a-z]
 Pay88)

Regex Coach doesn't complain about it, but don't you need a quantifier 
after the first [^a-z] range?

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com

Sendmail Question [OT]

[Marc Perkel]

Just a quick sendmail question I'm asking for a friend. If they want to 
make sendmail listen on port 2525 instead of 25 - what do they meed to 
change? Email me privately off list.


Thanks in advance

Re: What's wrong with this regex?

[mouss]

Kai Schaetzl wrote:

Per Jessen wrote on  Fri, 18 Jul 2008 12:40:27 +0200:


[^a-z](P[^a-z]{0,4}A[^a-z]{0,4}Y[^a-z]{0,4}I[^a-z]
Pay88)


Regex Coach doesn't complain about it, but don't you need a quantifier 
after the first [^a-z] range?


no, the default quantifier is {1,1}.

as said earlier, this RE is correct. the error is in another one.

Re: Sendmail Question [OT]

[Duane Hill]

On Fri, 18 Jul 2008, Marc Perkel wrote:

Just a quick sendmail question I'm asking for a friend. If they want to make 
sendmail listen on port 2525 instead of 25 - what do they meed to change? 
Email me privately off list.


Thanks in advance


Google for:

  sendmail +alternate port

Very first link that came up.

-d

Re: Sendmail Question [OT]

[Andrzej Adam Filip]

Marc Perkel [EMAIL PROTECTED] wrote:

 Just a quick sendmail question I'm asking for a friend. If they want
 to make sendmail listen on port 2525 instead of 25 - what do they meed
 to change? Email me privately off list.

 Thanks in advance

By default sendmail accepts SMTP connections also on port 587.

Port 587 is intended for MUA-MTA communication unlike port 25 intended
for MTA-MTA communication.

-- 
[plen: Andrew] Andrzej Adam Filip : [EMAIL PROTECTED] : [EMAIL PROTECTED]
It is a wise father that knows his own child.
  -- William Shakespeare, The Merchant of Venice

Re: spam learning

[Sahil Tandon]

David Ronis [EMAIL PROTECTED] wrote:

 I use evolution as my mail client.  Evolution supports spamassassin and
 in the past I let evolution use spamassassin to filter incoming mail.
 Recently, I switched to spam filtering using procmail.

[...]
  
 Here's my question.  I tell spamassassin to (re)learn the spam tagged
 messages using evolution.  However, the format of the messages now has
 the spamc report with the offending message as an attachment.  Is
 spamassassin smart enough to recognize the differnece between the two
 parts of the message?

http://wiki.apache.org/spamassassin/BayesInSpamAssassin:

It's OK to feed emails with Spamassassin markup into the sa-learn command -- 
sa-learn will ignore any standard Spamassassin headers, and if the original 
email has been encapsulated into an attachment it will decapsulate the email. 
In other words sa-learn will undo any changes which Spamassassin has done 
before learning the spam/ham character of the email.

-- 
Sahil Tandon [EMAIL PROTECTED]

RE: Sendmail Question [OT]

[Anthony Kamau]

 -Original Message-
 From: Marc Perkel [mailto:[EMAIL PROTECTED]
 Sent: Saturday, 19 July 2008 5:14 AM
 To: Spamass
 Subject: Sendmail Question [OT]
 
 Just a quick sendmail question I'm asking for a friend. If they want to
 make sendmail listen on port 2525 instead of 25 - what do they meed to
 change? Email me privately off list.
 
 Thanks in advance

You can also leave sendmail as it is and on the firewall, drop packets going
to port 25 and redirect traffic on port 2525 to port 25 on the machine
running sendmail:

iptables -A FORWARD -p tcp --dport smtp -j DROP
iptables -t nat -A PREROUTING -p tcp --dport 2525 -j DNAT --to-destination
server:25