How to deal with these spams?
Hello,lists, Some spammers use SMTP bounce to send lots of spams to our systems.For example,they send spams to some mail servers which are lost for antispam mechanism (They may send to the uncorrect users on those mail servers).Surely,these spams are faked with header,whose return-path are facked as our system's real user accounts.Then,those mail servers bounce the spams to our users' mailboxes.While we can't reject those mail servers,although they are abused by spammers really. How can I deal with these spams?Thanks. Jeff _ Call Anyone, Anytime, Anywhere in the World - FREE! Free Internet calling from NetZero Voice Visit http://www.netzerovoice.com today!
Re: SpamAssassin large-scale users willing to comment?
Hi,Jdow, I think you have misunderstood me.I'm not working for Netzero.In fact,our mail systems' end-users numbers are more than a hundred million far away.We use SA as part of our antispam mechanism. Certainly,it's not the original one written with Perl.We disable the Bayes currently,and only use rules for filters.While,we'll continuely to develop to support Bayes and more others featers of SA. We use network test too,so we should reject most of the spams in front of SA. btw: When I say,we have more than 30 MTAs,it don't really mean we ONLY have that numbers.Some datas including users numbers and messages per day,are a little sensitivity to the commercial company,I hope you understand me,thanks. Jeff _ Call Anyone, Anytime, Anywhere in the World - FREE! Free Internet calling from NetZero Voice Visit http://www.netzerovoice.com today!
Re: SpamAssassin large-scale users willing to comment?
Hi,jdow, I think you have misunderstood me.I'm not working for Netzero.In fact,our mail systems' end-users numbers are more than a hundred million far away.We use SA as part of our antispam mechanism.Certainly,it's not the original one written with Perl.We disable the Bayes currently,and only use rules for filters.While,we'll continuely to develop to support Bayes and more others featers of SA. We use network test too,so could reject most of the spams in front of SA. -- jdow [EMAIL PROTECTED] wrote: After I replied offline I did some looking around Er, I just looked up on a size ranking from November 20th last year. NetZero was set at 8,600,000 members. AOL is only 22,200,000 members. Do you mean 100,000,000 EMAILS PER DAY or something? That makes more sense and is maybe somewhat low. 860 members * 1000 emails per member/day / 86400 seconds/day gives 10,000 emails a second. That's still a whomping load for only 30 MTAs, 300 or so emails a second when I get about 3 seconds per email throughput at my low non-overlapping volume. Of course you probably greylist first. And with a network average of 80% spam that puts you down into the 60 emails a second range. It's still an amazing push. Is your version of SA still in perl or is it in machine language? I also presume you optimized it for your needs. Does it still do Bayes and rules or only one of them? {^_^} mumble The whole US internet seems to come out around 100,000,000 at the time of that survey. Of course, Hotmail is listed at 140,000 members. But there are some accounts that receive no mail so that cuts them way down from what an ISP might run. (I have one I abandoned as useless to me. When accounts cost money they get used more.) {^_-} - Original Message - From: Jeff Peng [EMAIL PROTECTED] Yes,we have more than 30 MTAs running the SA.While it's not the original SA,it has been improved by us for more better performance. -- jdow [EMAIL PROTECTED] wrote: From: Jeff Peng [EMAIL PROTECTED] I really mean a hundred million. Jeff, if you are ever permitted to and are moved to describe that installation sometime I'd be an avid reader. You must have an amazing array of equipment involved in the filtering and email handling. {^_^} _ Call Anyone, Anytime, Anywhere in the World - FREE! Free Internet calling from NetZero Voice Visit http://www.netzerovoice.com today! _ Call Anyone, Anytime, Anywhere in the World - FREE! Free Internet calling from NetZero Voice Visit http://www.netzerovoice.com today!
Re: unable to connect to database: DBI module not available
Hi, That seems your Perl installation lack the DBI module,which is needed for accessing mysql in Perl.You should install the DBI and DBD::Mysql modules by hand.Certainly,you could go to http://search.cpan.org and get them. HTH -- Joshua Tinnin [EMAIL PROTECTED] wrote: Using FreeBSD 6.0-RELEASE-p4, mysql 4.1.18, p5-Mail-SpamAssassin-3.1.0_6 Using the debug flag, I get: [25618] dbg: bayes: unable to connect to database: DBI module not available: No such file or directory [25618] dbg: bayes: using username: krinklyfig Now, I don't know why it would be using that username, as I specifically entered in to /usr/local/etc/mail/spamassassin/local.cf (sa_user* is just the generic example): clear_report_template report_safe 0 lock_method flock dns_available yes bayes_store_module Mail::SpamAssassin::BayesStore::MySQL bayes_sql_dsn DBI:mysql:sa_bayes:localhost bayes_sql_username sa_user bayes_sql_password sa_user_password auto_whitelist_factory Mail::SpamAssassin::SQLBasedAddrList user_awl_dsnDBI:mysql:sa_bayes:localhost user_awl_sql_username sa_user user_awl_sql_password sa_user_password Mysql is running, and the error log doesn't show any errors. I can log into mysql just fine manually with the username and password I assigned. This worked up until very recently. What could be causing this problem? - jt _ Call Anyone, Anytime, Anywhere in the World - FREE! Free Internet calling from NetZero Voice Visit http://www.netzerovoice.com today!
Re: SpamAssassin large-scale users willing to comment?
I'm interested in this reporter.We use spamassassin's partial features,it's original now,while we should improve it.Thre are more than a hundred million users are protected under SA here. -- [EMAIL PROTECTED] (Justin Mason) wrote: Hey all -- Apache SpamAssassin has won DataMation Product of the Year in the anti-spam category *again* this year -- for the second year running! (yay!) One thing that would be really cool would be some comments from our customers, for the press surrounding this. If you, or someone you know, would be willing to talk to a reporter about how SpamAssassin has helped eliminate spam in your organization, that'd be great. (A non-technical organisation would be even better btw.) Anyone interested? Please reply here, or if you'd prefer to follow up confidentially for whatever reason, to [EMAIL PROTECTED]. --j. _ Call Anyone, Anytime, Anywhere in the World - FREE! Free Internet calling from NetZero Voice Visit http://www.netzerovoice.com today!
Re: SpamAssassin large-scale users willing to comment?
A hundred million or a hundred thousand? I really mean a hundred million. _ Call Anyone, Anytime, Anywhere in the World - FREE! Free Internet calling from NetZero Voice Visit http://www.netzerovoice.com today!
Re: Re: 3.1 seems worse than 2.64?
Are there any optimizing options for SA (I mean the performance)? if we want to run SA on our antispam system. There are more than ten millions of messages coming into our system everyday. On Monday, January 23, 2006, 8:13:26 AM, Dan Bongert wrote: I recently did an email server change/upgrade from Sendmail on FreeBSD (w/ Spamassassin 2.6.4) to Postfix on RHEL 3 (w/Spamassassin 3.1). On both systems, Spamassassin is called from user's .procmailrc files--not every user wants to be running SA (I'm not quite sure why). I wasn't able to convert people's Bayes databases from one system to the other--the Linux system didn't recognize them at all as valid DB files, so everyone had to start Bayes over from scratch. Here's my problem: the new SA doesn't work nearly as well as the old one. Some of my users are reporting 50% false negatives in their inbox in the morning, even after their Bayes autolearning has kicked in. We run a nightly learning script for them, and have been telling everyone to put any and all false negatives in the appropriate mailbox so that sa-learn can snag them. For my own experiences, I'm seeing a lot more spam that's being autolearned as ham--scores of 0.0 and even negative ones for things that to my eyes are very obviously spam. It's a pretty vanilla set up so far--are there any recommended optional rules sets or tweaks I haven't discovered for 3.1 yet? Unfortunately, I don't have any hard numbers comparing the set ups, just lots of complaints that the new version isn't as good. You may want to check for a broken trust path. (See wiki.) Also be sure to enable network tests and apply for rsync access for RBL and SURBL zone files if you handle a lot of messages (100k messages/day). Cheers, Jeff C. -- Jeff Chan mailto:[EMAIL PROTECTED] http://www.surbl.org/ .
Re: RE: rbldnsd on FreeBSD
when you run ./rbldnsd -h you should see: -b address[/port] - bind to (listen on) this address (required) So you can bind the rbldnsd to another alias IP address,diff from the IP that your BIND server is listening to. I think there is no conflict between the rbldnsd and the BIND. Jeff Peng wrote: hi,Irina, rbldnsd is really a simple dns server.you can use it directly,no any need to bind.and,you can use rsync to download the rbl files. I have both rbldnsd and bind running on my 2 nameservers. I had to bind(pardon the pun) rbldnsd To a separate alias IP, as I couldn't seem to make bind9 do the forward correctly. Rbldnsd is in FreeBSD ports (although it seems to be a release or 2 down, I'll probably submit An update soon). LER -- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 512-248-2683 E-Mail: ler@lerctr.org US Mail: 430 Valona Loop, Round Rock, TX 78681-3683 US .
Re: rbldnsd on FreeBSD
hi,Irina, rbldnsd is really a simple dns server.you can use it directly,no any need to bind.and,you can use rsync to download the rbl files. --- Ursprüngliche Nachricht --- Von: Irina [EMAIL PROTECTED] An: users@spamassassin.apache.org Betreff: rbldnsd on FreeBSD Datum: Sat, 21 Jan 2006 14:57:02 -0500 Hello all, Thank you for your answers on SURBL (few days back). I decided to install rbldnsd with rsync and have few things to ask. It will run on FreeBSD 5.4 with no named running. Server uses resolve.conf with 2 our DNS servers. Do I need to use BIND with rbldnsd and rsync? Or only rbldnsd and rsync? If I don't really need it with BIND, but would it be beneficial? Thank you, Irina -- DSL-Aktion wegen großer Nachfrage bis 28.2.2006 verlängert: GMX DSL-Flatrate 1 Jahr kostenlos* http://www.gmx.net/de/go/dsl
Re: How SpamAssassin recognize chinese character?
If you are using the perl of 5.8.0 or higher,it process the unicode characters well.So you should not worry about that Perl how to interpret the Chinese character.Just use the rules as normally as english language. From: Vincent Li [EMAIL PROTECTED] To: users@spamassassin.apache.org Subject: Re: How SpamAssassin recognize chinese character? Date: Mon, 9 Jan 2006 14:26:09 -0800 On 9 Jan 2006, at 10:08 PM, Jon Armitage wrote: Vincent Li wrote: I have been using SpamAssassin for quite a while, and used SARE rules and other custom rules. I am interested in writing my own chinese spam rules to block chinese spam email. I cheat and use an Exim acl statement to reject messages composed in unwanted character sets. However, I don't know which other MTAs would be able to do this, or even if this blanket approach would suit you. Jon Hi Joh: I am in academic enviroment, we do receive some legitemate chinese email and the chinese rules I downloaded works well. I am just curious how SpamAssassin or Perl interpret the rules written in Chinese? Vincent _ 与世界各地的朋友进行交流,免费下载 MSN Messenger: http://messenger.msn.com/cn
RE: URIBLFP? [Was: SA or Commercial AntiSpam products]
I agree with Track.In fact all popular email service providers including hotmail,yahoo or our 163.com and 126.com in China,are heavily abused by spammers.So we'll try our best and spend much time and money to get rid of spams.And,because of some numbers of spams,someone think that Netease's IP and domain should be listed into black lists,it's really unfair! -- Jeff Peng[EMAIL PROTECTED] http://mail.163.com http://mail.126.com http://wazzy.nease.net values of β will give rise to dom! From: List Mail User [EMAIL PROTECTED] To: [EMAIL PROTECTED], [EMAIL PROTECTED], users@spamassassin.apache.org CC: [EMAIL PROTECTED] Subject: RE: URIBLFP? [Was: SA or Commercial AntiSpam products] Date: Sat, 7 Jan 2006 00:29:38 -0800 (PST) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Friday, January 06, 2006 1:31 PM To: mouss Cc: Jeff Peng; users@spamassassin.apache.org Subject: Re: URIBLFP? [Was: SA or Commercial AntiSpam products] mouss wrote: (top posting because not a reply:) this message triggers: URIBL_BLACK (nease DOT net. found in the message footer) MIME_CHARSET_FARAWAY RCVD_IN_NJABL_PROXY (because of X-Originating-IP: [218.19.159.186]) and also DNS_FROM_RFC_ABUSE DNS_FROM_RFC_POST MSGID_FROM_MTA_HEADER is the uribl listing justified or is it too aggressive? Is the listing justified? Hrmm.. An SA Dev (which will remain nameless) requested this listing at 2005-07-19 21:10:16. It was accepted at 2005-07-20 01:03:49.Its been listed since then... No requests for change or delist. We'll be happy to move it to grey if need be... But nobody has spoke up since its listing. Thanks, Dallas I'm sure the original listing was requested in good faith. And many of the Netease domains are seriously abused (mostly by Americans). In particular 163.com-M and 126.com-M are often favorites for spam domains' contacts' email accounts and for drop-boxes. But in general listing any Netease domain is like listing HotPop domains or even (stretching a bit here) mail.com domains. They are so very large, and have millions of non-spamming customers and on just that basis should not be in black. Whether or not nease.net-M should be grey is an open issue, but I can easily see how the extreme abuse would make 126.com-M and 163.com-M have grey listings, but neither of those domains are listed, so likely all of the Netease domains should have the same status. I'm not even sure if normal users can get accounts at nease.net-M; It is used for name service and email contacts for other Netease domains (e.g. lookup Whois records and DNS for 126.com-M and 163.com-M). Just my opinion, but at worse I think any Netease domain should only be grey, and not a black listing; Just like mail.com or HotPop, they have a share of abusers, but it isn't large compared to their size (though they are almost as bad as yahoo.com-M or hotmail.com-M for spam domains' contacts' email accounts frequency; Before switching to using Hotmail, 163.com-M seemed to have been Ralsky's favorite). Paul Shupak [EMAIL PROTECTED] _ 与联机的朋友进行交流,请使用 MSN Messenger: http://messenger.msn.com/cn
Re: URIBLFP? [Was: SA or Commercial AntiSpam products]
I believe it is good practice to periodically lookup one's IPs and domains in dnsbl/rhsbl/uribl/surbl/... This will help reporting false positives, and may also help detecting real problems (you could get infos on who is abusing your system/network/site for instance). Yes,in fact we continue to keep touch with some RBL organizations to prevent the situation of our domains or IPs listed into their blacklists.And,we also keep contact with the primary email service providers such as yahoo,gmail to stop the tragedy of joining each other's IP into blacklists. From: mouss [EMAIL PROTECTED] To: Jeff Peng [EMAIL PROTECTED] CC: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], users@spamassassin.apache.org Subject: Re: URIBLFP? [Was: SA or Commercial AntiSpam products] Date: Sat, 07 Jan 2006 16:24:58 +0100 Jeff Peng a écrit : I agree with Track. you mean Paul:) In fact all popular email service providers including hotmail,yahoo or our 163.com and 126.com in China,are heavily abused by spammers.So we'll try our best and spend much time and money to get rid of spams.And,because of some numbers of spams,someone think that Netease's IP and domain should be listed into black lists,it's really unfair! I don't think anyone wanted to be unfair. Since the site is in asian lang, it's hard to guess whether it is spammy or not and the reporter didn't check what type of network is netease. Such things do happen, and will certainly happen again. And this is why I asked (note that it was just out of luck that I've seen this: I was playing with Matt and Paul whitelisting suggestions, and I got them wrong, so your message got to the Junk folder). I believe it is good practice to periodically lookup one's IPs and domains in dnsbl/rhsbl/uribl/surbl/... This will help reporting false positives, and may also help detecting real problems (you could get infos on who is abusing your system/network/site for instance). Note that netease is no more listed on uribl. _ 享用世界上最大的电子邮件系统― MSN Hotmail。 http://www.hotmail.com
SA or Commercial AntiSpam products
Hi,Lists, I'm new to SpamAssassin.How about SA's TOP capability on antispam? Can I use it instead of some commercian antispam products?Thanks. -- Jeff Peng[EMAIL PROTECTED] http://mail.163.com http://mail.126.com http://wazzy.nease.net values of β will give rise to dom! _ 与联机的朋友进行交流,请使用 MSN Messenger: http://messenger.msn.com/cn