On 16. feb. 2015 16.02.26 rsmits-l rsmit...@tudelft.nl wrote:
A late reply, but this week I started investigating why this happens. I
have edited a sample. If someone can take a look why the PBL is firing
here is would be great.
http://pastebin.com/xxFAPTay
10 RCVD_IN_PBLRBL:
On 2/16/2015 12:03 PM, Benny Pedersen wrote:
Our amavisd config reads :
@mynetworks = qw ( 127.0.0.0/8 !130.161.6.14/32 130.161.0.0/16
131.180.0.0/16 192.87.166.0/24 10.200.12.0/24 10.200.20.0/24 );
same ips added to spamassassin ?
Good question as I have no real-world experience with
On Mon, 16 Feb 2015 16:40:53 +0100
rsmits-l wrote:
On 02/16/2015 04:17 PM, Reindl Harald wrote:
Am 16.02.2015 um 16:09 schrieb rsmits-l:
Also some information. We use an ipv6 -- ipv4 converter.
(ipv6-mx.tudelft.nl [130.161.6.14]
This is not part of our trusted network because we do
On 02/16/2015 04:46 PM, Reindl Harald wrote:
Am 16.02.2015 um 16:40 schrieb rsmits-l:
On 02/16/2015 04:17 PM, Reindl Harald wrote:
Am 16.02.2015 um 16:09 schrieb rsmits-l:
Also some information. We use an ipv6 -- ipv4 converter.
(ipv6-mx.tudelft.nl [130.161.6.14]
This is not part of our
Am 16.02.2015 um 18:03 schrieb Benny Pedersen:
On 16. feb. 2015 16.11.14 rsmits-l rsmit...@tudelft.nl wrote:
Also some information. We use an ipv6 -- ipv4 converter.
(ipv6-mx.tudelft.nl [130.161.6.14]
put this ip in trusted_networks in sa, if it forwards mails to amavisd
This is not part
On 16. feb. 2015 16.42.57 Kevin A. McGrail kmcgr...@pccc.com wrote:
Received: from eraora (151.66.59.47) by
AMSPR06MB248.eurprd06.prod.outlook.com
(10.242.95.24) with Microsoft SMTP Server (TLS) id 15.1.87.18; Fri, 13 Feb
2015 11:18:42 +
missing in msa_networks ?
Am 16.02.2015 um 16:40 schrieb rsmits-l:
On 02/16/2015 04:17 PM, Reindl Harald wrote:
Am 16.02.2015 um 16:09 schrieb rsmits-l:
Also some information. We use an ipv6 -- ipv4 converter.
(ipv6-mx.tudelft.nl [130.161.6.14]
This is not part of our trusted network because we do not have an ipv6
try remove mail-spf, and install mail-spf-query, report the above
upstream in fedora if it happend with spamassassin with rpm install
I don't think he should install mail-spf-query. This looks like a bug in
Mail::SPF, obsolete version or multiple versions installed.
I would prefer fixing that
We get 'waves' of spam which are addressed to both long-time employees
(usually executives) as well as long-gone employees. It's safe to say that
ANYTHING sent to those ex-employees is spam but how do I use those messages
as an instant filter for the valid addressees?
I assume I need to learn
On 16. feb. 2015 16.11.14 rsmits-l rsmit...@tudelft.nl wrote:
Also some information. We use an ipv6 -- ipv4 converter.
(ipv6-mx.tudelft.nl [130.161.6.14]
put this ip in trusted_networks in sa, if it forwards mails to amavisd
This is not part of our trusted network because we do not have an
On Monday 16 Feb 2015 at 20:16, ttgh wrote:
i saw last week a mail to our previous front-office which left
the company in 2007 and i know the sender in person - it was not spam,
he just replied to a years old message for whatever reason
Thank you, that's an excellent point. In your
Am 16.02.2015 um 21:16 schrieb ttgh:
i saw last week a mail to our previous front-office which left
the company in 2007 and i know the sender in person - it was not spam,
he just replied to a years old message for whatever reason
Thank you, that's an excellent point. In your example,
On Mon, 16 Feb 2015, ttgh wrote:
Reindl, thank you for the reply but in our situation we have 100% confidence
that these old addressees are spam. In any case, that's our risk to bear.
Can you offer any suggestions on how to use these old addressees as a
'honeypot' or even an outright ban list?
John, by 'spam corpus' are you referring to the 'spam' side of the Bayesian
filter? If we manually delay/review these known-bad accounts are we
creating a window of opportunity for those same messages to pass through to
current users?
I've been assuming we would need to create an intentional
Am 16.02.2015 um 20:53 schrieb ttgh:
Also I still don't understand why everyone is so reticent to immediately
black-list messages based on these 100% known-bad addressess. For instance,
is it possible for a bulk spam message to trigger false positives?
because we all may have long years
On 2/16/2015 1:33 PM, Amir Caspi wrote:
Over the last week I've seen a significant uptick in FN spam to my users. We're getting
tens of FNs per day per user, whereas a few weeks ago it was just a few FNs per day per
user. We're getting BAYES_99/999 on many of these, but no other major
On Mon, 16 Feb 2015 12:47:03 -0700
Amir Caspi wrote:
Otherwise, I don't really know... it's clearly not a Bayes issue
since it's hitting Bayes 99/999, it's just that there aren't enough
other rules being hit to go over the 5.0 threshold.
IIWY I'd look into rescoring the BAYES_* rules.
On Feb 16, 2015, at 1:01 PM, RW rwmailli...@googlemail.com wrote:
IIWY I'd look into rescoring the BAYES_* rules.
I was already rescoring them as BAYES_99 = 4.0, BAYES_999 = 0.5 ... so a total
score of 4.5 if both rules hit. These FNs typically get scores of 4.6, so the
other rules are
Am 16.02.2015 um 21:10 schrieb Amir Caspi:
On Feb 16, 2015, at 1:01 PM, RW rwmailli...@googlemail.com wrote:
IIWY I'd look into rescoring the BAYES_* rules.
I was already rescoring them as BAYES_99 = 4.0, BAYES_999 = 0.5 ... so a total
score of 4.5 if both rules hit. These FNs typically
From: ttgh tony.to...@goldenhour.com
Sent: Monday, February 16, 2015 11:44 AM
To: users@spamassassin.apache.org
Subject: train filter based on spam to ex-employees?
We get 'waves' of spam which are addressed to both long-time employees
(usually executives) as well as long-gone employees. It's
On Mon, 16 Feb 2015, Amir Caspi wrote:
(BTW, I am happy to contribute my spam corpus of well over 7000
messages... right now I can't dedicate CPU time to running masscheck,
but I can contribute the messages.)
It's possible to upload your corpora and have the central system check it.
See the
Am 16.02.2015 um 18:44 schrieb ttgh:
We get 'waves' of spam which are addressed to both long-time employees
(usually executives) as well as long-gone employees. It's safe to say that
ANYTHING sent to those ex-employees is spam but how do I use those messages
as an instant filter for the valid
Reindl, thank you for the reply but in our situation we have 100% confidence
that these old addressees are spam. In any case, that's our risk to bear.
Can you offer any suggestions on how to use these old addressees as a
'honeypot' or even an outright ban list? (I'm not sure what the technical
Hi all,
Over the last week I've seen a significant uptick in FN spam to my users.
We're getting tens of FNs per day per user, whereas a few weeks ago it was just
a few FNs per day per user. We're getting BAYES_99/999 on many of these, but
no other major markers are hitting (razor, pyzor,
On Feb 16, 2015, at 11:47 AM, Kevin A. McGrail kmcgr...@pccc.com wrote:
I'm happy to look at a recent sample and throw it through my system to see
what it hits but overall, I've been seeing the exact opposite.
Hmmm. Well, like I said, maybe we're just first on the list and are getting
all
Am 16.02.2015 um 19:33 schrieb Amir Caspi:
Over the last week I've seen a significant uptick in FN spam to my users. We're getting
tens of FNs per day per user, whereas a few weeks ago it was just a few FNs per day per
user. We're getting BAYES_99/999 on many of these, but no other major
i saw last week a mail to our previous front-office which left
the company in 2007 and i know the sender in person - it was not spam,
he just replied to a years old message for whatever reason
Thank you, that's an excellent point. In your example, however, I would
point-out that your
Am 16.02.2015 um 19:10 schrieb ttgh:
Reindl, thank you for the reply but in our situation we have 100% confidence
that these old addressees are spam. In any case, that's our risk to bear.
Can you offer any suggestions on how to use these old addressees as a
'honeypot' or even an outright ban
On Mon, 16 Feb 2015, ttgh wrote:
John, by 'spam corpus' are you referring to the 'spam' side of the Bayesian
filter?
Correct.
If we manually delay/review these known-bad accounts are we creating a
window of opportunity for those same messages to pass through to current
users?
To a
On Mon, 16 Feb 2015, ttgh wrote:
i saw last week a mail to our previous front-office which left
the company in 2007 and i know the sender in person - it was not spam,
he just replied to a years old message for whatever reason
Thank you, that's an excellent point. In your example, however, I
On Fri, 2015-02-13 at 20:51 -0500, David Mehler wrote:
Hello,
I've got an email setup which includes Postfix as MTA, Amavisd-new as
content filter, Spamassassin for antispam work, Dovecot for Imap
services, all of which with the exception of Amavisd use a Mysql
database. Mail delivery,
On 02/16/2015 06:21 PM, RW wrote:
On Mon, 16 Feb 2015 16:40:53 +0100
rsmits-l wrote:
On 02/16/2015 04:17 PM, Reindl Harald wrote:
Am 16.02.2015 um 16:09 schrieb rsmits-l:
Also some information. We use an ipv6 -- ipv4 converter.
(ipv6-mx.tudelft.nl [130.161.6.14]
This is not part of our
Thank you, all, those are excellent examples.
@Antony, I particularly appreciated your response (and the spelling of your
name). To clarify: I am not saying that all messages to ALL ex-staff are
spam, only the messages to specific ex-staff. Also, this email server is
acting as relay/filter for
Hi,
...
Feb 15 18:44:41.383 [16434] dbg: spf: [...] Compilation failed in
require at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/SPF.pm
line 500.
Looks to me like the same issue (but a different symptom) as reported
my mls mid January 2015 on the SA users mailing list:
Alex Regan wrote:
Feb 15 18:44:41.383 [16434] dbg: spf: [...] Compilation failed in
require at
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/SPF.pm
line 500.
Looks to me like the same issue (but a different symptom) as reported
my mls mid January 2015 on the SA users mailing list:
On 16.02.15 10:44, ttgh wrote:
We get 'waves' of spam which are addressed to both long-time employees
(usually executives) as well as long-gone employees. It's safe to say that
ANYTHING sent to those ex-employees is spam but how do I use those messages
as an instant filter for the valid
On 02/09/2015 01:53 PM, Kevin A. McGrail wrote:
On 2/9/2015 7:43 AM, rsmits-l wrote:
I have been reading some threads on the Internet about problems with
the field X-Originating-IP and the Spamhaus PBL list. We are also
having this problem. I have installed a workaround for this but is not
On 02/16/2015 04:01 PM, rsmits-l wrote:
On 02/09/2015 01:53 PM, Kevin A. McGrail wrote:
On 2/9/2015 7:43 AM, rsmits-l wrote:
I have been reading some threads on the Internet about problems with
the field X-Originating-IP and the Spamhaus PBL list. We are also
having this problem. I have
On 16. feb. 2015 00.59.42 Alex Regan mysqlstud...@gmail.com wrote:
# spamassassin -t --mbox -D mymbox 21 | less
Feb 15 18:44:41.340 [16434] dbg: spf: checking to see if the message has
a Received-SPF header that we can use
Feb 15 18:44:41.383 [16434] dbg: spf: cannot load Mail::SPF module or
On 2/16/2015 10:01 AM, rsmits-l wrote:
On 02/09/2015 01:53 PM, Kevin A. McGrail wrote:
On 2/9/2015 7:43 AM, rsmits-l wrote:
I have been reading some threads on the Internet about problems with
the field X-Originating-IP and the Spamhaus PBL list. We are also
having this problem. I have
Am 16.02.2015 um 16:09 schrieb rsmits-l:
Also some information. We use an ipv6 -- ipv4 converter.
(ipv6-mx.tudelft.nl [130.161.6.14]
This is not part of our trusted network because we do not have an ipv6
spamchecker in place
than you likely know the reason
SpamAssassin needs to know what
On 02/16/2015 04:17 PM, Reindl Harald wrote:
Am 16.02.2015 um 16:09 schrieb rsmits-l:
Also some information. We use an ipv6 -- ipv4 converter.
(ipv6-mx.tudelft.nl [130.161.6.14]
This is not part of our trusted network because we do not have an ipv6
spamchecker in place
than you likely know
On 02/16/2015 04:15 PM, Kevin A. McGrail wrote:
On 2/16/2015 10:01 AM, rsmits-l wrote:
On 02/09/2015 01:53 PM, Kevin A. McGrail wrote:
On 2/9/2015 7:43 AM, rsmits-l wrote:
I have been reading some threads on the Internet about problems with
the field X-Originating-IP and the Spamhaus PBL
On 2/16/2015 10:09 AM, rsmits-l wrote:
Also some information. We use an ipv6 -- ipv4 converter.
(ipv6-mx.tudelft.nl [130.161.6.14]
This is not part of our trusted network because we do not have an ipv6
spamchecker in place. Our amavisd config reads :
@mynetworks = qw ( 127.0.0.0/8
On 16 Feb 2015, at 02:38 , Reindl Harald h.rei...@thelounge.net wrote:
Am 16.02.2015 um 10:32 schrieb LuKreme:
I have several local domains that resolve (via virtual) to local users in
addition to virtual domains that resolve to sql users.
with spamass-milter, these secondary local domains
I have several local domains that resolve (via virtual) to local users in
addition to virtual domains that resolve to sql users.
with spamass-milter, these secondary local domains (like kreme.com) fail to
find the user:
spamd: handle_user (userdir) unable to find user: 'krem...@kreme.com’
Am 16.02.2015 um 10:32 schrieb LuKreme:
I have several local domains that resolve (via virtual) to local users in
addition to virtual domains that resolve to sql users.
with spamass-milter, these secondary local domains (like kreme.com) fail to
find the user:
spamd: handle_user (userdir)
On 02/16/2015 10:32 AM, LuKreme wrote:
I have several local domains that resolve (via virtual) to local
users in addition to virtual domains that resolve to sql users.
with spamass-milter, these secondary local domains (like kreme.com)
fail to find the user:
spamd: handle_user (userdir) unable
On 16. feb. 2015 00.59.42 Alex Regan mysqlstud...@gmail.com wrote:
I've done a little more testing, and it certainly sounds like a local
configuration issue, but it only happens on mbox files. The ones I've
tested have only one message.
[...]
Tests on a few other mbox messages have produced
49 matches
Mail list logo