RHETT*
For your account ending in *SNIP*
Add [EMAIL PROTECTED] to your address book to ensure delivery.
Dear JO RHETT,
This email confirms the following action(s) completed at Account Online
for your Citi Cards account ending in *SNIP*.
See detail(s) below:
# *Click-to-Pay Payment Confirmation
no idea their sysadmin is
braindead.
That makes sense. And that's why you can modify the scores locally.
The vast majority of spamassassin users feel otherwise, which is why it
is defaulted on.
--
Jo Rhett
Network/Software Engineer
Net Consonance
for working around this? Create a meta rule that negates
SARE_FORGED_CITI.
No, the real fix is for the rule to work. Don't add breakage to breakage.
--
Jo Rhett
Network/Software Engineer
Net Consonance
tempted to report them to SpamCop (who will accept those
complaints, I know, we get them on our colo customers all the time)
--
Jo Rhett
Network/Software Engineer
Net Consonance
Daryl C. W. O'Shea wrote:
Jo Rhett wrote:
Included below is a legitimate e-mail on a legitimate payment that I
did make.
I've looked at the rule, and I can't figure out why it failed.
After unwrapping the mail included in your message body, I can't
reproduce this under SA 3.1.8-r454679
confused you and Ted because you responded.
Apparently these are Ted's rules...
--
Jo Rhett
Network/Software Engineer
Net Consonance
the --lint and then restart
process a big more robust...
--
Jo Rhett
Network/Software Engineer
Net Consonance
with amavis getting upset when SA goes away suddenly, etc.
3.2.0 will include an improved lint process. Pending enough testing
(and me/somebody getting around to writing the code) it might show up
sooner.
I'd rather enable some sort of inline reconfig of the SA rulset...
--
Jo Rhett
Network
to it?
--
Jo Rhett
Network/Software Engineer
Net Consonance
can recreate on the command line by running the stop/start commands
quickly.
--
Jo Rhett
Network/Software Engineer
Net Consonance
Matt Kettler wrote:
Jo Rhett wrote:
The autodetection is totally broken actually, and needs to be fixed.
How do you propose it be fixed?
This has been brought up a few dozen times, and really it boils down to
breaking people with NATed MX servers (as it is now), or breaking people
without
detection enabled that
doesn't have false hits. I was struggling with it until I went to have
a beer with friends and found out that *NOBODY* uses the autodetection
because they've all found it to be broken.
--
Jo Rhett
Network/Software Engineer
Net Consonance
Jo Rhett wrote:
Auto detection is completely and utterly broken.
...
Seriously, show me a single site with auto detection enabled that
I just wanted to apologize for my pissy attitude. It wasn't you guys,
and you didn't deserve these responses.
(the rest of this e-mail is off
Matt Kettler wrote:
Jo Rhett wrote:
You're still babbling about NAT. I could care less about NAT. All
trusted breaks for EVERYONE, and EVERYONE ends up hardcoding
trusted_networks because auto detection is completely and utterly broken.
Fine.. We'll ignore NAT. It's not your problem, I get
Anders Norrbring wrote:
This type of image spam is getting more common, and is not detected.. At
least not here..
score SARE_GIF_STOX 2.5 2.5 2.5 2.5
That's all it took, and we don't see it any more.
--
Jo Rhett
Network/Software Engineer
Net Consonance
38,500 pixels?
--
Jo Rhett
Network/Software Engineer
Net Consonance
today can handle 20mb/sec of e-mail connections. The best I have
personally observed is commercial Sendmail handling 12mb/sec. (of
connections with no data transfer is a LOT of connections)
--
Jo Rhett
Network/Software Engineer
Net Consonance
. That was very modern hardware, and it happened just
a few weeks ago.
Think about it. It doesn't require you to stretch your brain to figure
out the math involved.
--
Jo Rhett
Network/Software Engineer
Net Consonance
not to accept
e-mail from sites which violate those policies.
--
Jo Rhett
Network/Software Engineer
Net Consonance
.
--
Jo Rhett
Network/Software Engineer
Net Consonance
.
This isn't the ARPAnet, and we no longer know the other 52 sites personally.
--
Jo Rhett
Network/Software Engineer
Net Consonance
.
Download any modern spam sending product. Take a look at it. Think
about it.
--
Jo Rhett
Network/Software Engineer
Net Consonance
: Jo Rhett [mailto:[EMAIL PROTECTED]
Sent: Tuesday, October 17, 2006 1:28 PM
To: Kelson
Cc: users@spamassassin.apache.org
Subject: Re: This image is turning frequent..
I think you guys are going down a much harder road. This only makes
sense if and when e-mail with only a GIF
, if you haven't Received: the message yet, how'd it get to SA?
Do your really expect SA to work on a message that doesn't even appear
to have been delivered to your domain yet?
Jo Rhett wrote:
As mentioned in my previous message, I have dozens of messages here
that have as many as 12 received headers
to be more accurate than
getifaddrs() ? Am I supposed to agree that this makes sense? Seriously...
--
Jo Rhett
Network/Software Engineer
Net Consonance
was discard eligible etc etc
You pretty much nailed it. The target is a DSL customer, so sending
100mb/sec is isn't enough to raise the eyebrows of any modern service
provider, but the DSL switch receiving that flood gets fairly unhappy
and the target is completely offline.
--
Jo Rhett
)
Sure. Use the ability to tag to a plussed address, then virtusertable
the plussed address to a local cyrus server with Squirrelmail, and route
the normal mail onward. This should only take about an hour to set up.
--
Jo Rhett
Network/Software Engineer
Net Consonance
, spamassassin *DOES* run.
Always. It's just whether or not it's doing anything useful. When it
can't talk to the sockets, it's dead in the water. This requires an
external test to determine.
--
Jo Rhett
Network/Software Engineer
Net Consonance
PROTECTED]
What? Who is talking about whitelist?
--
Jo Rhett
Network/Software Engineer
Net Consonance
Nice insult. Can we stick to fixing real problems, please?
jdow wrote:
You're the twit who reduced the required score. Fix it.
{^_^}
- Original Message - From: Jo Rhett [EMAIL PROTECTED]
Included below is a legitimate e-mail on a legitimate payment that I
did make.
I've looked
= (\$addr_extension_bad_header);
--
Jo Rhett
Network/Software Engineer
Net Consonance
of system implementations for you.
Without checking the local interface, how do you know what the network
is? Are you assuming that my 64.x address is a class-A network?
Seriously, auto detection can't possibly work if you're not checking the
local interface addresses.
--
Jo Rhett
Network
Jo Rhett wrote:
Oh. I get it. We're trusting headers to be more accurate than
getifaddrs() ? Am I supposed to agree that this makes sense?
Seriously...
Daryl C. W. O'Shea wrote:
Yeah, seriously. Especially when your cluster of 50+ SA machines don't
share the same interface as the other
Chris Santerre wrote:
I'm embarrassed to ask but, what cf file is that from?
[EMAIL PROTECTED] /usr/local/etc]$ find /var/lib/spamassassin -type f
-exec grep -l SARE_GIF_STOX {} \;
/var/lib/spamassassin/3.001004/70_sare_stocks_cf_sare_sa-update_dostech_net/200609222100.cf
--
Jo Rhett
) does it all very cleanly, and is
supported by the team. (sa-update is newer than rdj, so it's not really
rdj's fault)
Frankly, I subscribed to almost every single ruleset on the
rulesemporium page. If I skipped any that weren't do not use then I
don't know what they were.
--
Jo Rhett
running. Low limit is 2, upper limit is 10.
Load average is always 0 across the board. This system is bored.
--
Jo Rhett
Senior Network Engineer
Network Consonance
advantage to
RDJ?
And leading to my next point, given that sa-update is working fine --
isn't rdj going to be slimmed down to just the part that restarts the
process after running sa-update?
Why not?
--
Jo Rhett
Senior Network Engineer
Network Consonance
still does this in a long time.
Usually it's running on the MX hosts.
So given that scenario, what do you perceive as the problem?
--
Jo Rhett
Senior Network Engineer
Network Consonance
daemons, not SpamD daemons. So if
you're not using Amavis (which uses the SA object module) then YMWV
(...will vary...)
--
Jo Rhett
Senior Network Engineer
Network Consonance
something)
ranges from 2-7%. Load never breaks 0.
Amavisd, with amavisd-milter, clamd and all of the sare rulesets.
But Bayes is disabled -- maybe that's the difference?
--
Jo Rhett
Senior Network Engineer
Network Consonance
Jo Rhett wrote:
RIGHT. So why are they Trusted?
On Oct 17, 2006, at 5:59 PM, Matt Kettler wrote:
Because there *HAS* to be a local. If there isn't, then the message
isn't at your server.
This is the whole point. If the message hasn't been Received: by a
local
server, it is by definition
-
From: Daryl C. W. O'Shea [mailto:[EMAIL PROTECTED] Sent:
dinsdag 17 oktober 2006 5:37
To: Matt Kettler
Cc: Jo Rhett; Magnus Holmgren; users@spamassassin.apache.org
Subject: Re: ALL_TRUSTED creating a problem
As discovered today, Jo's milter isn't adding the required
received header for his
for the clueless people using
it out of the box. That's your real target audience.
On Oct 17, 2006, at 10:53 PM, Matt Kettler wrote:
Jo Rhett wrote:
On Oct 17, 2006, at 5:59 PM, Matt Kettler wrote:
Because there *HAS* to be a local. If there isn't, then the message
isn't at your server
for the
latter. The former generally don't read the docs, and I prefer to avoid
the mailing list noise.
--
Jo Rhett
Network/Software Engineer
Net Consonance
Sorry, I should write a rule but no time today or tomorrow. This e-mail
has gotten past SA with no score on 4 different accounts nearly half a
dozen times today. The only change in the e-mail is the name used in
the From address, which is also reflected in the Subject line. It's
always
,
the amount of spam which reached the mailbox DID NOT CHANGE AT ALL.
In short, everything that greylisting stopped was also caught by
spamassassin.
Since the net effect of not using greylisting is 0, and the net effect
of using greylisting is delayed mail ... you do the math.
--
Jo Rhett
Network
On Tuesday 17 October 2006 19:33, Jo Rhett took the opportunity to say:
Send a bunch of spam with a single forged sender address to a lot of
sites that do sender verification. Watch their mail server fall down.
I can assure you that even with modern hardware, no e-mail MTA available
today can
are available.Is
it not correct that the 50 should NOT be tried until the 10 is
unavailable? Or do I have that backwards?
--
Jo Rhett
Network/Software Engineer
Net Consonance
more were caught by network checks.
--
Jo Rhett
Network/Software Engineer
Net Consonance
Hm. I'm surprised on no answers. Can I persist? This topic is of real
interest to me...
Jo Rhett wrote:
Okay, there's no docs on this so I wanted to ask if someone has any
insights different than what I have observed.
SA-Update seems to require less configuration changes. In short, all I
well known
advantages or well known failures, etc.
--
Jo Rhett
Senior Network Engineer
Network Consonance
didn't bother, and used sa-update instead.
I'm wondering if there is anything I'm missing...
Jo Rhett wrote:
Okay, there's no docs on this so I wanted to ask if someone has
any insights different than what I have observed.
SA-Update seems to require less configuration changes. In short,
all I
this on freebsd? Many thanks.
On FreeBSD sa-update will put the files where SA expects them. That's
/var/lib/spamassassin/{version}/...
I think that the previous problem was someone overriding that and trying
to put the updates into his main rules directory.
--
Jo Rhett
Network/Software
.
So with your army of bot-machines and open relays, you start delivering
all over the planet with a single forged envelope sender.
Yes, it isn't a problem today. But if everyone turned on sender
authentication, it would be. Instantly.
--
Jo Rhett
Network/Software Engineer
Net Consonance
John D. Hardin wrote:
On Wed, 18 Oct 2006, Jo Rhett wrote:
In our experience the mail which goes to 50 without trying 10 is
always spam.
Any feel for whether or not you're experiencing the same
Exchange-related brokenness as an earlier poster mentioned?
No. I've seen a lot of Exchange
response. That was *EXACTLY* what
I was looking for. :-)
--
Jo Rhett
Network/Software Engineer
Net Consonance
in some odd config that I'm not imagining here.
I'm sorry, but I still consider the expert here to be the amavis
developer(s). There's only a few of them, and what they need to do is
documented.
Really? I've asked 5 times now, and you divert every time I ask. Where?
--
Jo Rhett
Network
is the only possible right way to run SA.
So why the constant comments as if this is some one-off weird config?
--
Jo Rhett
Network/Software Engineer
Net Consonance
connect, no NAT system. (ie most people)
OK, maybe it doesn't work
in Jo Rhett's system. But defining most people as people who do
things like Jo Rhett is suspect at best.
Actually, I'm using it bone stock from FreeBSD ports, so yeah - in this
case my
that I observed or do you mean I tried testing it from dozens
of systems and dozens of mail pathways and I have confirmed that it
works right?
--
Jo Rhett
Network/Software Engineer
Net Consonance
Matt Kettler wrote:
Jo Rhett wrote:
I'd love to, but the SA project didn't write the milter you're using,
and the problems you're having can't be fixed by having SpamAssassin
detect the problem without doing something even dumber to someone
else.
Sure it can! It's dead simple to determine
John Andersen wrote:
On Thursday 19 October 2006 00:00, Jo Rhett wrote:
This, it seems to me, is exactly what it does.
Show me it working properly on a out-of-the-box rpm/ports config on a
direct connect, no NAT system. (ie most people)
Amavis worked for me that way when I installed Suse
they are
identical in result.
--
Jo Rhett
Network/Software Engineer
Net Consonance
it more seamless.
(and in this case I could avoid bugs with the package I use that calls it)
--
Jo Rhett
Network/Software Engineer
Net Consonance
Nigel Frankcom wrote:
On Thu, 19 Oct 2006 01:18:18 -0700, Jo Rhett
[EMAIL PROTECTED] wrote:
And as I've stated several times before, spamassassin *DOES* run.
Always. It's just whether or not it's doing anything useful. When it
can't talk to the sockets, it's dead in the water.
Frank
that is known to mangle headers.
No, it's not. You're not paying attention. This is unrelated to Amavis
entirely.
--
Jo Rhett
Network/Software Engineer
Net Consonance
Jonas Eckerman wrote:
Jo Rhett wrote:
You can only exclude the mailing list if you're running SA from
procmail or .forward or something like that.
No. You can exclude it in other situations as well.
Usually it's running on the MX hosts.
We're using SA on our MX host, daemonized
to compile without razor support locally.
I think I'll take my own advice and not reply on things that I don't
know the in-depth details of.
--
Jo Rhett
Network/Software Engineer
Net Consonance
. IE, most cable and DSL providers
on the market.
...Don't ask me why we call things which annoy us a Tax in the US.
Probably just still emotionally locked up around that whole Tea Party
thing ;-)
--
Jo Rhett
Network/Software Engineer
Net Consonance
ERROR: SA-update appears to have failed.
fi
fi
--
Jo Rhett
Network/Software Engineer
Net Consonance
is reporting as spam
something they explicitly signed up for. And used for months and then
when they don't want to receive it any more, it is SPAM and IT IS BAD
and our customer is EVIL.
Please raise your consciousness just a bit.
--
Jo Rhett
Network/Software Engineer
Net Consonance
this. amavisd will step on itself and
this won't work if the current daemon is running.
--
Jo Rhett
Network/Software Engineer
Net Consonance
of SA[1] and usage[2]
Heh - from reading your reply it is clear you do pay enough attention,
which is all I was looking for :-)
--
Jo Rhett
Network/Software Engineer
Net Consonance
Jo Rhett wrote:
Just FYI, this score will be a Tax on everyone who has a provider who
won't let them edit the reverse DNS. IE, most cable and DSL providers
on the market.
Richard Frovarp wrote:
Or for any machine that hosts more domains than has IPs. Even being able
to edit the reverse
that one.
I can't comment on that, mostly because I don't understand your story.
It reads like it was tossed in a blender to me :-) (no insult intended,
but it is confusing as stated)
--
Jo Rhett
Network/Software Engineer
Net Consonance
Magnus Holmgren wrote:
On Thursday 19 October 2006 09:55, Jo Rhett took the opportunity to say:
Mark wrote:
We cannot really say SA's autodetection is broken, because SA is designed
to be called post-SMTP. Nor that a milter is broken per se for not adding
a Received: header
Mark wrote:
-Original Message-
From: Jo Rhett [mailto:[EMAIL PROTECTED]
Sent: donderdag 19 oktober 2006 9:56
To: Mark
Cc: users@spamassassin.apache.org
Subject: Re: ALL_TRUSTED creating a problem
Perhaps SA being focused on post-SMTP is the problem here. Why is
this the focus
Jo Rhett wrote:
Autodetection should work out of the box for out of the box
installs. Custom installations, and most especially people creating
appliances out of this, are managed by Experts who have a clue.
Jonas Eckerman wrote:
If you are using a milter that calls SA, you are in effect
earlier was how to you get someone to start sending
spam, the quick answer is unsubscribe.
And as I mentioned before, this whole story is also in the SA
archives...
-Original Message-
From: Jo Rhett [mailto:[EMAIL PROTECTED]
Sent: Thursday, October 19, 2006 11:27 AM
To: Gary W. Smith
Cc
relevant here, because I deal with spam EVERY DAY.
It's my day job too :-)
That said, a friend of mine did sign up for Lending Tree and used their
service, and now gets spam to that address constantly. But when you
send mail to a mailing list of unknown recipients ...
--
Jo Rhett
Network/Software
hardware.
--
Jo Rhett
Network/Software Engineer
Net Consonance
Coffey, Neal wrote:
Jo Rhett wrote:
... it operates, by nature, post DATA phase.
Huh? It operates when I ask it to.
While that's certainly true, if you've configured SA to scan *before*
the DATA phase, I'd be curious to see how well it's working for you.
*giggle* yes :-) Sorry
the message. What
possible detraction can you find?
--
Jo Rhett
Network/Software Engineer
Net Consonance
of trapping
spam.
And yes, I have used all types of phone numbers for these things (as
mentioned off list). I've been around this list for some years now so
this really isn't a noob scenario.
-Original Message-
From: Jo Rhett [mailto:[EMAIL PROTECTED]
Sent: Thursday, October 19
Jo Rhett wrote:
I'm kindof hoping that there will be some way to get SA to re-read the
rules *WITHOUT* restarting the process.
Jonas Eckerman wrote:
Tell the daemon (or whatever) to reload the filter. The daemon creates
one or more new SA object without closing it's listening
socket/port
, especially outside of the US.
And fixed reverse IP information is common for T1 level service too.
You're thinking too small.
--
Jo Rhett
Network/Software Engineer
Net Consonance
than
milters for SA.
Before I respond, let's clarify context. Do you work with a company
that has a large array of mail servers? I do, and I've built more than
a dozen in the last 4 years.
And everything you're saying disagrees with all of my experience.
--
Jo Rhett
Network/Software Engineer
to accept, most servers would attempt a
redeliver, so no harm no foul.
Our 200,000/server is no where near the 500,000 reported on the list
earlier, but it is a respectable number. Oh, and automatic ALL_TRUSTED
works for us.
--
Jo Rhett
Network/Software Engineer
Net Consonance
/machine/day?
1,000,000/machine/day?
Jo Rhett wrote:
Respectable enough, but I'm not sure why you bother having that big of
an array with that small of a mail load. I've got single machines
handling loads several times larger, all doing Clamd, a commercial
scanner, SA and more on milter during
enabled and decide if their policy matches your objectives.
--
Jo Rhett
Senior Network Engineer
Network Consonance
any mistakes I made.
Jo Rhett wrote:
Elizabeth Schwartz wrote:
IMHO if a rule is getting legit email tagged as SPAM it should be toned
down. Obeying the RFC's is a good thing, but I am trying to tune our spam
filter to filter spam, not to be a netcop.
Then you should disable these BLs in your
I have no official position with spamassassin, but I am requesting that
you please take this thread to another mailing list. It isn't relevant
to spamassassin and we don't need to read this.
--
Jo Rhett
Senior Network Engineer
Network Consonance
than you do.
--
Jo Rhett
Network/Software Engineer
Net Consonance
in that hierarchy.
No. A CNAME can point to anything, but nothing can refer to a CNAME.
--
Jo Rhett
Network/Software Engineer
Net Consonance
Documentation :-)
--
Jo Rhett
Network/Software Engineer
Net Consonance
that we persistently get more spam from their
netblocks, because they are actively avoiding dealing with it.
--
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.
Jo Rhett wrote:
Right. Which proves that you weren't reading. I was replying to
the comment that someone made that any host with more than one
address would have more than one HELO. This isn't true.
Now a host with more than one interface might have more than one
helo name. But that's
that I put up there :-)
--
Jo Rhett
Network/Software Engineer
Net Consonance
, and the systems sending bounces
aren't the ones that are being kept up-to-date enough to check SPF
either.
Umm... not in my experience. Every time we turn on SPF for a domain,
the amount of backscatter goes to about a third of the previous
amount. Every time I've been involved anyway.
--
Jo Rhett
from
authenticated clients, without turning off all the other checks (as, for
example, would happen if mail was submitted via port 587)?
--
Jo Rhett
Network/Software Engineer
Net Consonance
101 - 200 of 277 matches
Mail list logo
