Re: DNS Tests not always getting done
Skip wrote on Thu, 17 Jul 2008 16:19:07 -0400: As for too many connection per day, my domain certainly does not generate anywhere near the 100,000 connections spamhaus considers as the cutoff, but I'll be my host (bluehost) does. If all they check is originating IP address, then I'm sure I'll fall in that category. Yeah, you actually query the resolver at your hosting provider. As do others of his customers. That combined connection pool may well exceed the limits. In that case you could set up a local caching nameserver and no forwarders. However, this would also impact your other dns queries. It might actually be a good idea if SA developers allowed to use a different resolver for SA than the system resolver. As for the timeouts, I won't have access to that, since I am on a shared hosting system, but are you sure that those errors are what's being reported by the local nameserver? I am surprised that every test would fail (that is, not complete) in one case, and then in the next case all but the spamhaus test would complete. Intermittant problems mean that a DNS is overloaded. Could be the typical sign of spamassassinating an RBL. I'm not surprised that many of your open-whois.org lookups fail. It wouldn't be the first RBL that falls apart after it got promoted to default use in SA. It's also possible that your forwarder DNS is sometimes overloaded. If you get timeouts on five RBLs and next second all of them are well and then again on a bunch of them I'd say that the bottleneck could actually be the forwarder. Also, several of these RBL checks do not add any extra value in my eyes. For instance habeas and bondedsender. I would get rid at least of these. I have been switching off SA RBL checks on all my systems almost right after I started using it years ago and still do so. I also don't use any of the distributed fingerprint systems. I use three RBLs I trust on MTA level for rejection. That's *much* more efficient. In SA I use only the other network checks for SURBL etc. as these *are* effective. (Although looking at the hit count all but one have declined in accurateness from last year.) Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com
What's wrong with this regex?
body PND_STOCK_PAYI /[^a-z](P[^a-z]{0,4}A[^a-z]{0,4}Y[^a-z]{0,4}I[^a-z] Pay88)/i (all on one line of course). In SA3.2.5, I get the following message: [5183] info: config: invalid regexp for rule PND_STOCK_PAYI: /[^a-z (P[^a-z]{0,2}A[^a-z]{0,2}Y[^a-z]{0: missing or invalid delimiters With SA3.1.7, there's no problem. /Per Jessen, Zürich
Re: DNS Tests not always getting done
On Jul 18, 2008, at 6:31, Kai Schaetzl [EMAIL PROTECTED] wrote: Skip wrote on Thu, 17 Jul 2008 16:19:07 -0400: As for too many connection per day, my domain certainly does not generate anywhere near the 100,000 connections spamhaus considers as the cutoff, but I'll be my host (bluehost) does. If all they check is originating IP address, then I'm sure I'll fall in that category. Yeah, you actually query the resolver at your hosting provider. As do others of his customers. That combined connection pool may well exceed the limits. In that case you could set up a local caching nameserver and no forwarders. However, this would also impact your other dns queries. It might actually be a good idea if SA developers allowed to use a different resolver for SA than the system resolver. As for the timeouts, I won't have access to that, since I am on a shared hosting system, but are you sure that those errors are what's being reported by the local nameserver? I am surprised that every test would fail (that is, not complete) in one case, and then in the next case all but the spamhaus test would complete. Intermittant problems mean that a DNS is overloaded. Could be the typical sign of spamassassinating an RBL. I'm not surprised that many of your open-whois.org lookups fail. It wouldn't be the first RBL that falls apart after it got promoted to default use in SA. It's also possible that your forwarder DNS is sometimes overloaded. If you get timeouts on five RBLs and next second all of them are well and then again on a bunch of them I'd say that the bottleneck could actually be the forwarder. Also, several of these RBL checks do not add any extra value in my eyes. For instance habeas and bondedsender. I would get rid at least of these. I have been switching off SA RBL checks on all my systems almost right after I started using it years ago and still do so. I also don't use any of the distributed fingerprint systems. I use three RBLs I trust on MTA level for rejection. That's *much* more efficient. Zen should be one of them. Which Other two RBLs do you trust? [...] -- Sahil Tandon
Re: What's wrong with this regex?
body PND_STOCK_PAYI /[^a-z](P[^a-z]{0,4}A[^a-z]{0,4}Y[^a-z]{0,4}I[^a-z] Pay88)/i (all on one line of course). In SA3.2.5, I get the following message: [5183] info: config: invalid regexp for rule PND_STOCK_PAYI: /[^a-z (P[^a-z]{0,2}A[^a-z]{0,2}Y[^a-z]{0: missing or invalid delimiters With SA3.1.7, there's no problem. /Per Jessen, Zürich The regexp as shown is not the same as in the error message. The code shows items like {0,4} while in the error message they are {0,2} The code the last characters of the rule are Pay88)/i, while in the regexp in error message has last characters as [^a-z]{0. The error is not from the regexp you think it is.
Re: What's wrong with this regex?
Per Jessen wrote: body PND_STOCK_PAYI /[^a-z](P[^a-z]{0,4}A[^a-z]{0,4}Y[^a-z]{0,4}I[^a-z] Pay88)/i (all on one line of course). In SA3.2.5, I get the following message: [5183] info: config: invalid regexp for rule PND_STOCK_PAYI: /[^a-z (P[^a-z]{0,2}A[^a-z]{0,2}Y[^a-z]{0: missing or invalid delimiters This is the not the same regex ({0,2} vs {0,4}). you should copy-paste the re and post it, as there are more eyes to spot a typo... With SA3.1.7, there's no problem. /Per Jessen, Zürich
Re: What's wrong with this regex?
Jari Fredriksson wrote: body PND_STOCK_PAYI /[^a-z](P[^a-z]{0,4}A[^a-z]{0,4}Y[^a-z]{0,4}I[^a-z] Pay88)/i (all on one line of course). In SA3.2.5, I get the following message: [5183] info: config: invalid regexp for rule PND_STOCK_PAYI: /[^a-z (P[^a-z]{0,2}A[^a-z]{0,2}Y[^a-z]{0: missing or invalid delimiters With SA3.1.7, there's no problem. /Per Jessen, Zürich The regexp as shown is not the same as in the error message. I assumed that was because the error-message cuts it short, but you're absolutely right, I had another unfinished rule with the same name. Thanks for making me look again. /Per Jessen, Zürich
Re: What's wrong with this regex?
Per Jessen wrote: body PND_STOCK_PAYI /[^a-z](P[^a-z]{0,4}A[^a-z]{0,4}Y[^a-z]{0,4}I[^a-z] Pay88)/i (all on one line of course). In SA3.2.5, I get the following message: [5183] info: config: invalid regexp for rule PND_STOCK_PAYI: /[^a-z (P[^a-z]{0,2}A[^a-z]{0,2}Y[^a-z]{0: missing or invalid delimiters With SA3.1.7, there's no problem. /Per Jessen, Zürich As the others have said, it's not the same regex. The one that isn't working is missing a ']' after /[^a-z.
Charles Mount/GIS/CSC is out of the office.
I will be out of the office starting 07/17/2008 and will not return until 07/21/2008. I will be out of the office until Jan 30rd. I will respond to your message when I return.
Re: DNS Tests not always getting done
Kai Schaetzl wrote: Skip wrote on Thu, 17 Jul 2008 16:19:07 -0400: As for too many connection per day, my domain certainly does not generate anywhere near the 100,000 connections spamhaus considers as the cutoff, but I'll be my host (bluehost) does. If all they check is originating IP address, then I'm sure I'll fall in that category. Yeah, you actually query the resolver at your hosting provider. As do others of his customers. That combined connection pool may well exceed the limits. In that case you could set up a local caching nameserver and no forwarders. However, this would also impact your other dns queries. It might actually be a good idea if SA developers allowed to use a different resolver for SA than the system resolver. As for the timeouts, I won't have access to that, since I am on a shared hosting system, but are you sure that those errors are what's being reported by the local nameserver? I am surprised that every test would fail (that is, not complete) in one case, and then in the next case all but the spamhaus test would complete. Intermittant problems mean that a DNS is overloaded. Could be the typical sign of spamassassinating an RBL. I'm not surprised that many of your open-whois.org lookups fail. It wouldn't be the first RBL that falls apart after it got promoted to default use in SA. It's also possible that your forwarder DNS is sometimes overloaded. If you get timeouts on five RBLs and next second all of them are well and then again on a bunch of them I'd say that the bottleneck could actually be the forwarder. Also, several of these RBL checks do not add any extra value in my eyes. For instance habeas and bondedsender. I would get rid at least of these. I have been switching off SA RBL checks on all my systems almost right after I started using it years ago and still do so. I also don't use any of the distributed fingerprint systems. I use three RBLs I trust on MTA level for rejection. That's *much* more efficient. In SA I use only the other network checks for SURBL etc. as these *are* effective. (Although looking at the hit count all but one have declined in accurateness from last year.) Kai Wow, I wonder how I am going to convince Bluehost that they are having issues. What's the best way to disable individual RBL checks? I'm also curious which tests you consider to be most effective on your system. I was actually thinking the same thing about configuring SA to use a different resolver, but could not find such a configuration option. Skip -- Get my PGP Public key here: http://pelorus.org/[EMAIL PROTECTED]
Re: What's wrong with this regex?
Per Jessen wrote on Fri, 18 Jul 2008 12:40:27 +0200: [^a-z](P[^a-z]{0,4}A[^a-z]{0,4}Y[^a-z]{0,4}I[^a-z] Pay88) Regex Coach doesn't complain about it, but don't you need a quantifier after the first [^a-z] range? Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com
Sendmail Question [OT]
Just a quick sendmail question I'm asking for a friend. If they want to make sendmail listen on port 2525 instead of 25 - what do they meed to change? Email me privately off list. Thanks in advance
Re: What's wrong with this regex?
Kai Schaetzl wrote: Per Jessen wrote on Fri, 18 Jul 2008 12:40:27 +0200: [^a-z](P[^a-z]{0,4}A[^a-z]{0,4}Y[^a-z]{0,4}I[^a-z] Pay88) Regex Coach doesn't complain about it, but don't you need a quantifier after the first [^a-z] range? no, the default quantifier is {1,1}. as said earlier, this RE is correct. the error is in another one.
Re: Sendmail Question [OT]
On Fri, 18 Jul 2008, Marc Perkel wrote: Just a quick sendmail question I'm asking for a friend. If they want to make sendmail listen on port 2525 instead of 25 - what do they meed to change? Email me privately off list. Thanks in advance Google for: sendmail +alternate port Very first link that came up. -d
Re: Sendmail Question [OT]
Marc Perkel [EMAIL PROTECTED] wrote: Just a quick sendmail question I'm asking for a friend. If they want to make sendmail listen on port 2525 instead of 25 - what do they meed to change? Email me privately off list. Thanks in advance By default sendmail accepts SMTP connections also on port 587. Port 587 is intended for MUA-MTA communication unlike port 25 intended for MTA-MTA communication. -- [plen: Andrew] Andrzej Adam Filip : [EMAIL PROTECTED] : [EMAIL PROTECTED] It is a wise father that knows his own child. -- William Shakespeare, The Merchant of Venice
Re: spam learning
David Ronis [EMAIL PROTECTED] wrote: I use evolution as my mail client. Evolution supports spamassassin and in the past I let evolution use spamassassin to filter incoming mail. Recently, I switched to spam filtering using procmail. [...] Here's my question. I tell spamassassin to (re)learn the spam tagged messages using evolution. However, the format of the messages now has the spamc report with the offending message as an attachment. Is spamassassin smart enough to recognize the differnece between the two parts of the message? http://wiki.apache.org/spamassassin/BayesInSpamAssassin: It's OK to feed emails with Spamassassin markup into the sa-learn command -- sa-learn will ignore any standard Spamassassin headers, and if the original email has been encapsulated into an attachment it will decapsulate the email. In other words sa-learn will undo any changes which Spamassassin has done before learning the spam/ham character of the email. -- Sahil Tandon [EMAIL PROTECTED]
RE: Sendmail Question [OT]
-Original Message- From: Marc Perkel [mailto:[EMAIL PROTECTED] Sent: Saturday, 19 July 2008 5:14 AM To: Spamass Subject: Sendmail Question [OT] Just a quick sendmail question I'm asking for a friend. If they want to make sendmail listen on port 2525 instead of 25 - what do they meed to change? Email me privately off list. Thanks in advance You can also leave sendmail as it is and on the firewall, drop packets going to port 25 and redirect traffic on port 2525 to port 25 on the machine running sendmail: iptables -A FORWARD -p tcp --dport smtp -j DROP iptables -t nat -A PREROUTING -p tcp --dport 2525 -j DNAT --to-destination server:25