spam from venamail
is anyone else getting spam from venamail.com servers ? they usually come from a something.co.uk type email addy usually letting spam and now starting to adver other junk we see a coupla few a week slip through. how are you dealing with it in terms of spamassassin rules or otherwise? - rh
solicitations via netsuite.com
greetings how are you folks on this list dealing with unwanted solicitations from companies that spam via netsuite.com ? -rh
RE: A SpamAssassin Crash Course for Admins
It's not always just branding. It's also, giving proper attribution. Organisations and people should be credited appropriately for their contributions. It's the respectful thing to do. GNU/Linux is the best example of this IMO. At least you said free software arena and not open source world ;) mike, please change your email to apachespamassassin@blahblahetc... ;- - rh
RE: new paradigm
Christian, when you reply to people, dont put their email address in the post. please stop that. again, if you would read the posts slowly and correctly, i was not attacking you or your ideas. see the word not there... this is a discussion list, not a discrediting list. in terms of negation, i was thinking one should ponder something more along the lines of NOT truth but what do i know ;- - rh
RE: new paradigm
pardon me for my ignorance, yet if you think about it, the OP's idea is why some royalty had food and drink tester / tasters centuries ago assume all food and drink is poisoned problem is, if the poison wasnt fast acting, the royalty would ingest it and die anyways. eh? not or negating theory in math and other methodologies is really only there to come up with alternative reasoning for solutions realistically it is not the big picture solution... correct? :-) so, to clarify, does spamassassin theory essentially say neutral until proven otherwise? or? - rh
RE: new paradigm
christian i wasnt picking on you or your ideas locks are not a good anology unless you unplug or close port 25 those were mentioned on the list you are possibly on to some things, yet part of what you are on to is already late to the table i think you are realistically confused about truly negating something english is not your native language is it? - rh
older FVGT rulesets
apologies in advance for asking i know part of the answer can be found in the wiki, yet it isnt 100% definative. have these older FVGT rulesets been incorporated into the current SA versions? i.e. 00_FVGT_File001.cf and 88_FVGT_headers.cf and 99_FVGT_Tripwire.cf we shouldnt be using these rules with the current SA version right ??? -rh
RE: myfanbox.com
On Sun, 6 Nov 2011, darxus I'd like to get this added to the default rule set, any objections? header FROM_MYFANBOX From:addr =~ /\@myfanbox\.com$/i score FROM_MYFANBOX 5 Not at that score. I'll add it to my sandbox right now so we can see what happens. -- John Hardin KA7OHZ why not just save processor cycles make it easier... reject the below at smtp time sms.ac fanbox.com fanboxnotes.com myfanbox.com you can verify MX records and such with dig dig fanbox.com MX etc etc - rh
old old rdns localhost issue...
some of you, like we did, probably noticed long ago that some ip addys rdns to localhost example 113.166.175.153 dig -x 113.166.175.153 ;; QUESTION SECTION: ;153.175.166.113.in-addr.arpa. IN PTR ;; ANSWER SECTION: 153.175.166.113.in-addr.arpa. 86353 IN PTR localhost. ;; AUTHORITY SECTION: 166.113.in-addr.arpa. 86353 IN NS vdc-hn01.vnn.vn. 166.113.in-addr.arpa. 86353 IN NS hcm-server1.vnn.vn. ;; ADDITIONAL SECTION: vdc-hn01.vnn.vn.2019IN A 203.162.0.11 hcm-server1.vnn.vn. 2019IN A 203.162.4.1 for those of you who are not rejecting, or can not reject them at smtp time like we are, is there a rule for this ??? - rh
real world spamassassin experiences re: processing on servers emailing from .info domains
greetings SA users there sure seems to be a lot of from .info server spamming wierd temp registered .info domains spamming eh? for those of you with volume, large or small, care to share an SA tips on how you deal with .info domains? i would imagine there is a very small percentage of valid emails coming from .info domains should we just pull the plug and reject all .info from touching the smtp server or carefully craft SA rules? real close to doing so and just reject them all, unless there is a list of valids out there somewhere thank you in advance - rh
RE: proper rule writing for N
And using ALL means that you would match your own thread: Subject: all spam emails from mailengine1.com servers I'd suggest you use the X-Spam-Relays-Untrusted pseudo header as previously mentioned. thank you are you suggesting that a person look at http://wiki.apache.org/spamassassin/TrustedRelays among other sources and come up with rules to deal with specific domains or all domains generically? any other specific sources of info to learn about this toolset? i am not super confused, yet i am new to this specific X-Spam-Relays-Untrusted pseudo header software toolset implementation/application note: thanks to all that have helped including Chip's post after this one. We cant tell if a real and true trickle or not yet, hence the ALL looks like spam. ;-) this whole mailengineX.com and streamsend.com problem wouldnt be an issue if they had just responded to an abuse email. the other proper email marketing companies generally do. it is always so obvious when they allow email from webpage harvesters or companies that buy lists to spam through them. wish we could believe their almost hidden antispam and isp relations page link - rh
proper rule writing for N
as you know, some emailing companies have multiple domains for mail serving mailengine1.com mailengine2.com mailengine3.com . . . mailengineN.com among other domains... what is the proper way to write a single rule to deal with N series combinations? header __LOCAL_MAILENGINE1 ALL =~ /mailengine1\.com/i header __LOCAL_MAILENGINE2 ALL =~ /mailengine2\.com/i . . . header __LOCAL_MAILENGINE1 ALL =~ /mailengineN\.com/i to handle all cases in one? ...not an expert rule writer here so we dont know if the basic one is escaped right either. Karsten seemed to indiacate it was not perfected in a recent post. i checked various rule writing areas on the web and i dont want to do it this way... meta LOCAL_MULTIPLE_MAILENGINEBLAH (( __LOCAL_MAILENGINE1 + __LOCAL_MAILENGINE2 + __LOCAL_MAILENGINE3) 1) thank you in advance... - rh
RE: proper rule writing for N
There are a couple of ways to do it. If you know that the numbers are 1-9, you could do this: header __LOCAL_MAILENGINE ALL =~ /mailengine[1-9]\.com/i (this is matching a single character. You could NOT do [1-12]) If you just want to allow for a number, you could do this: header __LOCAL_MAILENGINE ALL =~ /mailengine\d+\.com/i This one matches a number of any length. For more information, do a search for Perl regular expressions. -- Bowie Bowie, thank you what about the case of non numeric WHATEVERLEGALCHARS, ie any legal character in a domain name replacing the number series? i.e. header __LOCAL_MAILENGINE ALL =~ /mailengineWHATEVERLEGALCHARS\.com/i i do understand that it would be similar to a catchall, yet still interested in knowing in cases of funkiness ;-) - rh
all spam emails from mailengine1.com servers
does anyone get legit emails that come from the mailengine1.com email marketing servers? aka streamsend aka ezpublishing ??? it appears to be all spammy to us also, has anyone written any rules they care to share in regards to this organization? - rh
RE: spamassassin 3.3.2 rpms for el4 / centos4 etc ???
warren thanks for the info where is the .spec posted ? any tips on the .spec and modifying the tree to get 3.3.2 working with EL4 until such time as EL6 server can be installed and tested please? EL6 isnt that old (comparitively) and lab testing will start on it soon - rh
spamassassin 3.3.2 rpms for el4 / centos4 etc ???
apologies we missed the memo(s) evidentally doing an rpmbuild -tb after downloading the 3.3.2 tarball doesnt work for rhel4 / centos4 et al? wow... always seemed like a 3 minute process to me anyways, i think ive about exhausted a week of google foo. rpms or tips anyone? -rh
RE: spamassassin 3.3.2 rpms for el4 / centos4 etc ???
It's removal was based at least in part on a belief that it was not actually usable for anybody. You could take it up with the dev list, particularly if you're up for maintaining it in a way that's useful for the major rpm platforms. Either way you probably want to talk to Warren Togami, the resident RedHat guy. I'd like to see it included, but nobody was willing to maintain it. You should be able to easily copy the relevant files from the 3.3.1 tarball, if they worked for you. Darxus, thanks for the info. i checked the bug link you gave, and frankly, pulling the .spec file because of https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6314 doesnt make any sense to me, yet what do i know... ;-) anyways, if i knew what the relevant files were between the two, id take a shot at it looks like it might be time to find a different solution bums us out cause we have actually been supportive (in small personal way) of the SA people / project. - rh
RE: Need Volunteers for Ham Trap
This is a misunderstanding. I am largely against whitelisting or negative score rules. I merely intend to increase the variety of legitimate mail in the nightly ham corpus so our spam-hostile rules can be better tested for safety. This will be interesting especially with non-English ham. Warren Warren, so, are you going to keep two or more corpus datasets? one as it is, and one with the new for comparison? initially this came across as a really suspect idea... i.e., one man's junk is another man's treasure for a moment, it appeared we were gonna need to review the good and the bad of spam-l to avoid serious SA list issues. statistically speaking, this shouldnt sway the scoring substantially anyways would it? what should be known so that bad data is not allowed into the HAM corpus ? - rh
RE: enabling SpamHaus DBL
this is not urls, but ip blacklisted dns ip url is another test -- xpoint benny, it appears you might have it backwards... http://www.spamhaus.org/dbl/ http://www.spamhaus.org/faq/answers.lasso?section=Spamhaus%20DBL#287 - rh
RE: enabling SpamHaus DBL
benny i meant your description of DBL i went to their website and everything they said was opposite of what you said - rh
RE: How the hell barracuda behaves?
Agreed. Seems to me that any discussion related to blocking spam is relevant. no Perkel, everthing posted is not necessarily acceptable, helpful and/or relevant. especially when spamming the list for your tarbaby stuff, free or not. it appears to me that you used to be a lot more involved with brainstorming, and other ideas, programming, and asking for help programming your ideas. many ideas are/were excellent and some have born fruit. some have not. if you would invest even more of your monies time and persue some of what has been suggested on and by the knowledgeable list participants, you will eventually bring forth a lot more fruit. - rh
RE: protocol is caSE sensitive, but should not be
Yes, it is a known issue. Fixed in SVN already, and will be shipped with the next release 3.3.2. when will 3.3.2 be pushed out? - rh
RE: Scanning Outbound emails
In particular, I find these two paragraphs from Mail::SpamAssassin::Conf to be contradictory: Trusted relays that accept mail directly from dial-up connections (i.e. are also performing a role of mail submission agents - MSA) should not be listed in internal_networks. List them only in trusted_networks. If trusted_networks is set and internal_networks is not, the value of trusted_networks will be used for this parameter. So my mail server handles ALL mail, incoming and outgoing. According to the first paragraph, I should not list my mail server under 'internal_networks' because it is an MSA. Because I have no other MTA to list as 'internal' I have NO setting for 'internal_networks'. But according to the second paragraph, this makes my MSA 'default' to being an internal_network because its value is lifted from 'trusted_networks'? I don't think our dialup IP's are triggering the direct-to-mx rules, but that may only be because our dynamic IP's are not listed on the appropriate RBL's. So is the second paragraph *wrong* about the default usage? Or am I lucky? should I specify a 'not' rule for internal networks, just to preserve the trusted-only status of my dialups? - Charles charles, i seem to recall that every time i go a check about msa_networks it that it says all connections to an MSA box must be authenticated. the language tells me all connections to an MSA must be authenticated... therefore, an MSA box cannot be a generic inbound smtp 25 generic no_auth MX right? NOTES: here is the language from the www... http://spamassassin.apache.org/full/3.3.x/doc/Mail_SpamAssassin_Conf.html msa_networks ip.add.re.ss[/mask] ... (default: none) The networks or hosts which are acting as MSAs in your setup (but not also as MX relays). MSA means that the relay hosts on these networks accept mail from your own users and authenticates them appropriately. These relays will never accept mail from hosts that aren't authenticated in some way. Examples of authentication include, IP lists, SMTP AUTH, POP-before-SMTP, etc. All relays found in the message headers after the MSA relay will take on the same trusted and internal classifications as the MSA relay itself, as defined by your trusted_networks and internal_networks configuration. For example, if the MSA relay is trusted and internal so will all of the relays that precede it. When using msa_networks to identify an MSA it is recommended that you treat that MSA as both trusted and internal. When an MSA is not included in msa_networks you should treat the MSA as trusted but not internal, however if the MSA is also acting as an MX or intermediate relay you must always treat it as both trusted and internal and ensure that the MSA includes visible auth tokens in its Received header to identify submission clients. Warning: Never include an MSA that also acts as an MX (or is also an intermediate relay for an MX) or otherwise accepts mail from non-authenticated users in msa_networks. Doing so will result in unknown external relays being trusted. - rh
RE: SORBS
Having full rDNS isn't the issue. What probably happened was something like this: 1) your ISP reported their dynamic addresses to SORBS, or SORBS inferred them via various means. 2) SORBS listed those addresses in DUL 3) Your ISP ran low on static addresses, and allocated to you one of the addresses that was formerly a dynamic address. 4) Your ISP did NOT inform SORBS of the change, or SORBS mechanisms for inferrence didn't pick up the change (or they don't bother to try to detect such changes) 5) You're in the DUL even though you think you shouldn't be, because you're on a static IP. What you need to do is force #4 to get fixed. rDNS is a helpful part of the bigger picture, but has nothing to do with the above 5 steps/events. John, good info thing is, let the isp deal with it all, it isnt nigels problem, he isnt the isp. Nigel, switch to different clean ip space with your isp and be done with it in 5 minutes you are the client, get your fix and move on - rh
RE: rsys4.com and Paypal?
At 10:18 20-04-10, LuKreme wrote: I got a mail from Paypal, but it is not FROM paypal, but it appears to have passed DKIM If it passed DKIM and it is signed by info.paypal.com, it's from Paypal. Regards, -sm the biggest problem i ever saw was when paypal email was coming from InfoUSA ip space. that is something we consider a no no not that the current place where it was coming from is any better... so much advertising junk from some of these places some known legit, some just crazy out there UBE - rh
RE: FREEMAIL_ENVFROM_END_DIGIT 2.2 anti-Gmail
add to that rule else score gmail is both spf and dkim meta this for this score in a else, where one score is real users that use gmail properly, and one that dont :=) so here the rule will give 2 scores when it mathes depending on dkim/spf pass benny, what do you mean else score i am asking for list archive reasons because you do not make it 100% clear to those that dont havea clue - rh
flat file bayes locking issue and difference errors depending on file locking method
greetings :-) config is centos4 SA 3.3.1 upgraded from SA 3.2.5 having spent the better part of a two days searching as well as trying different configs and SA restarts no good results we do not have a hardware horsepower resource starvation issue this machine does *not* use SQL for Spamassassin at this time i have tried many different possible SPAMDOPTIONS for SA startup for regular and round-robin and thrown tons of hardware and software resources at the issue in the /home/spamd/.spamassassin directory we have bayes_journal bayes_mutex bayes_seen bayes_toks in reference to the error spamd[30339]: bayes: cannot open bayes databases /home/spamd/.spamassassin/bayes_* R/W: lock failed: Interrupted system call what is bayes_mutex ? is bayes_seen necessary ? (i seem to recall it is not and can be deleted) if bayes_seen is large, isnt that the file we can delete and it will not make a difference? i did back up the database using sa-learn before the upgrade... should i stop spamd, restore bayes info and then restart spamd ? other options to preserve bayes? ...or should i stop SA, whack the files, and restart and retrain? tia - rh notes: when using flock as the file locking in /etc/mail/spamassassin/local.cf we get spamd[2489]: bayes: cannot open bayes databases /home/spamd/.spamassassin/bayes_* R/W: lock failed: Interrupted system call spamd[2489]: bayes: cannot open bayes databases /home/spamd/.spamassassin/bayes_* R/W: lock failed: Interrupted system call when using default SA locking method we get this error spamd[19334]: bayes: cannot open bayes databases /home/spamd/.spamassassin/bayes_* R/W: lock failed: File exists spamd[19337]: bayes: cannot open bayes databases /home/spamd/.spamassassin/bayes_* R/W: lock failed: File exists
RE: flat file bayes locking issue and difference errors depending on file locking method
notes: when using flock as the file locking in /etc/mail/spamassassin/local.cf we get spamd[2489]: bayes: cannot open bayes databases /home/spamd/.spamassassin/bayes_* R/W: lock failed: Interrupted system call spamd[2489]: bayes: cannot open bayes databases /home/spamd/.spamassassin/bayes_* R/W: lock failed: Interrupted system call when using default SA locking method we get this error spamd[19334]: bayes: cannot open bayes databases /home/spamd/.spamassassin/bayes_* R/W: lock failed: File exists spamd[19337]: bayes: cannot open bayes databases /home/spamd/.spamassassin/bayes_* R/W: lock failed: File exists :-) apologies for replying to my own post... things i forgot to mention and that we are still investigating... the errors appear to be happening when SA is scanning longer than normal... ie, a normal scan used to only take a few seconds... these file locking errors *appear* to be happening when a scan takes 5 to 20 times or more times longer again, still investigating... before we upgraded this machine from 3.2.5 to 3.3.1 scan times averaged 2 to 4 seconds per email now, the average scan time is more like 8 to 12 seconds. any pointers to newer default knobs and handles and buttons will be appreciated... - rh
RE: flat file bayes locking issue and difference errors depending on file locking method
I'd guess that you have a bayes expire running that is either taking too long or not finishing and leaving lock files around. Turn off bayes_auto_expire and use bayes_learn_to_journal. Add a cron job to periodically sa-learn --sync (say hourly) and another cron job to do sa-learn --force-expire (daily/weekly) -jeff thank you for the info and your time... :-) we do have the bayes_auto_expire turned off and the forced expire is done at off peak hours once a day - rh
RE: flat file bayes locking issue and difference errors depending on file locking method
That was going to be my guess, too. You're not swapping, or having some other i/o issue are you? /Jason no sir i shutdown spamassassin backed it all up dusted bayes started spamassassin retrained 200 plus of each seems ok so far... 3.2.5 was working awesome overall yet wanted to be able to move forward with the current stable dev (so to speak) not happy about losing bayes yet maybe it is time to migrate to SQL im guessing that SA SQL setup is easy ??? anyone care to chime in? - rh
file locking errors and general fyi
greetings, :-) coupla days ago upgraded from 3.2.5 to 3.3.1 on a production centos4 machine all 3.2.5 old files and dirs and all conflicting/duplicate rules removed from machine. it appears that overall things went quite well 2 days later doing some normal log parsing i noticed this spamd[2489]: bayes: cannot open bayes databases /home/spamd/.spamassassin/bayes_* R/W: lock failed: Interrupted system call spamd[2489]: bayes: cannot open bayes databases /home/spamd/.spamassassin/bayes_* R/W: lock failed: Interrupted system call changed from flock to default in /etc/mail/spamassassin/local.cf then this error ;-) spamd[19334]: bayes: cannot open bayes databases /home/spamd/.spamassassin/bayes_* R/W: lock failed: File exists spamd[19337]: bayes: cannot open bayes databases /home/spamd/.spamassassin/bayes_* R/W: lock failed: File exists hmm so i did some chmod'ing and changed back to flock we currently do a force expire every 2 days off peak then, started to do some research... the only thing that jumped out at me was the default tokens of 15 in bayes is that for any bayes db type or SQL related only? - rh
RE: [sa] Re: SMTP REJECT after DATA (was: SpamAssassin Milter Plugin...)
Now THAT is off-topic. We are discussing the use of SA at SMTP time. Please stay on-topic for this group, and for this thread. If you actually care to continue, I expect a reasonable response to my arguments about rejection being better than bouncing or silent diversion. Geez, you didn't even try to advocate a system of notices to the user to overcome the 'silent' portion of that argument. Do I have to argue both sides for you? :) - C Charles, with all due respect and in right spirit you know way too much for anyone to have an argument with you... if you cannot implement all processing and reject in DATA phase, then well... there it is... work on it... your next post says you sometimes have to reject after... and i quote you --- Charles Gregory Quote:Re: [sa] Re: SMTP REJECT after DATA The only efficiency to be gained is to reject as much as possible after the RCPT_TO, before accepting DATA. But for systems like mine, with lousy user cooperation, rejecting some of the mail after DATA is still the best option. --- i would say you are arguing both sides and that it might be the issue. i would tend to believe that most have made the choice not to straddle the fence are you blaming the users for your administration? ;-) - rh
RE: spamassassin-3.3.0 for Fedora/RHEL
Just try it out. You will find that the detection rate without SARE is excellent and there's likely no benefit from SARE. Most SARE are well outdated. This applies to 3.2.5 as well. Kai Kai i appreciate your input, yet i really wanted Warren to answer for his blog post on it in specific terms related to SA i can handle absolutes pretty easy... if we shouldnt use SARE with 3.3.x, no prob. yet if ambiguous, then it needs to get more granular in the text that help and direct people in regards to 3.2.5, it makes a difference there too... since SARE isnt really supported anymore, realistically it should be pulled and only used as a reference archive, or have HEAVY recommendations not to use it and appropriate warnings. tia - rh
RE: blog article on 3.3.0
http://www.returnpath.net/blog/2010/01/spamassasin-rarely-misses.php Yeah, it's partly self-serving, but that's what corporate blogs are for. The people who read this blog are mostly marketers with very little exposure to the open source community, so this should help them understand a bit more of how the real email ecosystem operates. -- J.D. Falk JD, thank you for this info i saw your later post and here is one thanking you with a positive response... :-) actually, it isnt as self serving as you might think... ...thing is, people need to know about those rules to make decisions re: their internal mail policies thanks again - rh
RE: spamassassin-3.3.0 for Fedora/RHEL
-Original Message- From: Spamassassin List [mailto:spamassassinl...@gmail.com] Sent: Thursday, January 28, 2010 12:24 AM To: 'Warren Togami'; 'SpamAssassin Dev'; 'SpamAssassin Users List' Subject: RE: spamassassin-3.3.0 for Fedora/RHEL http://wtogami.livejournal.com/33674.html If you use spamassassin on Fedora or RHEL5, please see my blog post for RPM packages and distro-specific notes. quote * STOP USING SARE or OpenProtect. They died a long time ago. Some of their rules are dangerous or redundant. Many of the better rules were integrated into spamassassin upstream. So how do I stop using sare or openprotect? Warren and Others... just for clarification... by this website are you saying that we should only stop using SARE and OpenProtect on 3.3.0 and later... or are you saying that some of the SARE rules were put into 3.2.5 ??? tia - rh
jhardin test rules
in regards to http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/jhardin/ Q1) what does this annotation mean? * Do not publish the ADVANCE_FEE re-evolve test rules! * we frequently check for updates and it appears that we shouldnt at this time until ??? Q2) when? :-) tia - rh
RE: Should I block Experian/Free Credit Report
Per, Must be why Marc asked the list too :-) so, that is why you responded? are you the uninformed, or the unqualified? or both? ;- But seriously, in a case like this, who better to ask than the people you are serving? but seriously, *all* necessary things considered to make a determination, do the people that one is serving have *all* that it takes to make that determination... if they dont, then forget them, do you? :-) and do you have a comprehensive solution ready to go that doesnt block potentially good emails from the credit blessing organization bottom feeders, who will buy and sell pert. info from virutally anyone - rh
RE: Should I block Experian/Free Credit Report
The spam/ham decision is always in the eye of the beholder. One persons spam is another ones ham. /Per Jessen, Zürich Per, you are right! i am seeing you filling out those free credit report URL's frequently... :-) yet... the thing really is, i havent figured how to block from them other than Bayes, or IP and the IP thing is in full... no recourse... so, then i would have to determine is the ip blocks had any legit traffic... since this is getting marginally OT, what i think we might consider focusing on is this and it is realistically for Spam-L if a company advertises on the edge of being scammers publically, should we trust those same types of emails... i think not... so then the On Topic thing is, how do we best deal with them in Spamassassin... JDow hit is on the head with Bayes and other SA rules / tools... - rh
RE: [SA] Should I block Experian/Free Credit Report
From: Adam Katz I can definitely relate. My $10 Titan Peeler is less effective than a rusty old pocketknife, and it somehow cost me $43 (had to buy two, shipping was about 2x the cost). Not only that, but I never saw the total price until the order had finished, and I couldn't cancel the order (even over the phone because it had already shipped despite that I called within a business hour of the order and despite that my your order has been shipped email was sent two days after that. Lesson: do not order through a website or phone number listed on TV. For anything. A quick web search for the product by name will easily find a reputable reseller (never mind those claims of exclusivity) that will give you a similar price on the same product. The search will likely also give you myriads of reasons to not buy the product/service (even from a reseller) and/or to go with a competitor. That said... I would not block these companies' email unless they fail to follow the rules of opt-out and the like. It may be seedy and even a scam, but if they're following the rules of responsible email, it's not spam in my book. Which is to say: keep a close eye on them and nail them hard when they fail to play by those rules, which I figure is quite likely. Adam, i am confused... you just said you were scammed by an organization then you say dont block scammers phishing emails if they are good email/spam netizens ??? wow. you do not have to allow yourself (or others) to be scammed you know and you could have called the credit card company and filed a complaint and got your money back. never use your debit card for risky transactions no matter what anyone says about being covered with them too. yes, Perkel, block the scammers !!! it is the fine line of the law phishing. - rh
RE: Should I block Experian/Free Credit Report
Ask your customers - block the ads for a while and see if anyone complains. /Per Jessen, Zürich that's right, experts should always ask the uninformed or unqualified. ;-) - rh
RE: Should I block Experian/Free Credit Report
I have them blocked here because they have sent me two totally unsolicited emails that got through hostkarma whitelist. They were on my dubious list because of stories I've heard about them. This places them on my specific blacklist. This is a particularly large problem given their large position in the credit reporting industry. I rate than as Foxes running the hen house. {^_^} Good Gurl! you may have a cookie! :-) - rh
RE: Should I block Experian/Free Credit Report
This is a tricky decision. What they Free Credit Report / Experian is doing is fraudulent. Although they aren't stealing they way phishers are, just because they aren't just as bad. In fact I suspect they rip off far more people than phishers do. I'm thinking about black listing them but if I do it will block them on everyone who uses the hostkarma blacklist. It's a decision like the Google in China decision. These people are really evil. But they are entrenched in government protection. Marc, block the fraud pukes they send the same emails over and over and over to clients. train them as spam in bayes too. - rh
RE: administra...@willspc.net bounces
Yes, complaining instead of notifying the right people. Way to go! karsten, woooh! you are welcome! :-) since i dont know who it is, what do you expect? this isnt the first post to the list about it... there was another thread or two about it in the recent past... i.e. 1 to 3 weeks or so ;- - rh
RE: newbie: configure SA to reject spam
From: tonjg [mailto:t...@freeuk.com] On 01/13/2010 07:22 PM, tonjg wrote: thanks for your response Ned. your last line describes exactly what I want to do - reject mail, do it at the smtp stage in sendmail - but I don't know how to achieve this. -- TonJ, http://lmgtfy.com/?q=sendmail+reject+spam+smtp - rh
RE: [SPAM:9.6] Re: [SPAM:9.6] Re: semi-legit senders in DNSWL and habeas - a hard problem
From: Christian Brel Sensible folk know people like Return Path will never grow the balls to stand up to eBay, they will just take the money and smile. Christian Brel, are you suggesting that orgs like Return Path buy some body part growth pharma ? ;- - rh
RE: [sa] Re: FH_DATE_PAST_20XX
/20[1-9][0-9]/ -- /20[2-9][0-9]/ RW, thank you... exactly what we thought. exactly what others said/thought. we changed it to this before the update and still had the issue. so we changed back to the older version and then zero'd the score. waitied for the update after the update, changed the score to a small positive value to re-enable yet the rule is still *hitting* for some reason... since it is a header rule, what should i start looking at to see where the issue is coming from? somewhere in SA? should i enable special logging? or, should i check the MTA and it's assigns that deal with the header? - rh
RE: [sa] Re: FH_DATE_PAST_20XX
The rule is probably also defined in some other file. Are you using 00_FVGT_File001.cf? If so check there. 00_FVGT_File001.cf is updated on the rulesemporium site also where its based so you could fetch a new copy there also if needed. http://rulesemporium.com/rules/00_FVGT_File001.cf Bye, Raymond. good catch Jeff Raymond... thanks - rh
RE: [sa] Re: FH_DATE_PAST_20XX
Cc: Spamassassin users list Subject: Re: [sa] Re: FH_DATE_PAST_20XX Damn -- mea culpa. When we fixed the bug in SVN trunk in bug 5852, I should have immediately backported it to the 3.2.x sa-update channel when I commited that patch, but I didn't. It's now fixed in updates, but that won't help the admins who've been paged to deal with high FP rates on a holiday. :( Sorry folks... --j. what should the new rule look like? i mean, i get it, and i think i know, and i even tested it and it was still failing even after a restarts... s... seriously, i disabled the rule early AM yet when the update came through 4 or so hours later, i believe it looks exactly the same as when i first viewed it early on... - rh
RE: [sa] Re: FH_DATE_PAST_20XX
The easiest way to see what is being changed since your last sa-update is to first sa-update /tmp and diff. The change is trivial but significant... snip -jeff thanks Jeff, umm what we saw was that the first FH_DATE_PAST_20XX update rule push wasnt actually corrected... the second push appears to have fixed that... maybe we are in twilight zone? - rh
RE: oh where oh where...
Nope. It works. I'm looking at 3.3 carefully but nothing stands out. -- Jo Rhett Jo, do you have changes / hopes / ideas / suggestions for SA to make it better or more better or whatever? - rh
RE: Dear Santa
Hopefully you didn't buy him that brewing book, or we'll NEVER get any more rules out of him! :^) snip Is there anything that would help out the cause, hardware-wise? I think I remember Justin saying that privacy concerns about the email corpus made sharing the load impossible -- might it be possible to share the code so that some of us could auto-generate rules based on our own ham/spam mailstreams, and then share those rules with you for possible SOUGHT inclusion? -- Dave Pooser there were interesting choices... some seemed like for family time and stuff too. i would encourage other SA team members to have a wish list and publish. we are sincerely sad apologize that we are not able to buy Christmas presents for everyone on the SA team for all the stuff you deal with, you deserve many blessings! ummm i am confused though... there are projects out there like CentOS that are dealing with things and cannot accept donations right now that would go towards the project or team salaries... since SA is part of Apache Foundation, do you get paid or can you get paid or how does this all work? as awesome as SA is, i often wonder why the SA team isnt salaried or something to that effect. do i need to read the apache foundation docs somewhere? - rh
RE: Dear Santa
It would be nice to be able to throw some cycles at this problem, but it might take more more to figure out how to do that safely than it's worth? Anyway, if something gets figured out count me in on contributing space CPU time. couldnt the data be encoded and then unencoded during processing? ...or is it to easy to extract the key from the binary processing program made for private server processing? - rh
RE: Dear Santa
do i need to read the apache foundation docs somewhere? You're of course more than welcome to. Perhaps the best place to start is here [4] and here [5]. [1] http://spamassassin.apache.org/ [2] http://svn.apache.org/repos/asf/spamassassin/trunk/CREDITS [3] http://www.apache.org/foundation/sponsorship.html [4] http://www.apache.org/foundation/ [5] http://www.apache.org/foundation/how-it-works.html Regards, Daryl thanks for the info and urls and more Daryl :-) - rh
rule test repo updates?
is this older link still working and keeping realtime track of updates? http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/ specifically this link http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/jhardin/ since i have been watching these devels thanks - rh
RE: habeas - tainted white list
or create a bug to have dnswl use trusted_networks from local.cf in spamassassin Benny can you help me / us better understand what you are getting at here and why? something you already do or implement? i wish i knew a better way to ask the question(s) so that you could better help us understand your thinking tia - rh
RE: habeas - tainted white list
In the absence of evidence to the contrary, yes. If it's that big a problem for you in real life, then you should be able to provide FNs to the masscheck corpora that will _prove_ these scores are too generous. We understand your philosophical objection. Providing hard evidence of FNs will go much further towards making your point than name calling will. -- John Hardin John, great!!! here is a chance for possible help in more areas than just this specific ruleset issue... i asked Rob some time ago if he could write a script that would check logs and report if a certain rule was effective or not by itself vrs if other rules hit with it and maybe that rule was not needed or could be lowered etc etc and if other rules hit with it, then we would see how effective that rule was and why and when etc etc i am guessing that you folks already have these tools or similar tools or help? although i could probably come up with general logic flow and an algo for this, i would not be able to hard codify and implement at this time... yeah yeah, i know and im still working with PERL for dummies and will get past the intro some time soon - rh
RE: Dear Santa
Justin, We were able to knock off 4 items in the Amazon USA list with expedited shipping 8 to 16 days from USA. hopefully it will take them off your wish list... Yes, we would love to see your ummm Sought rules back online if they are not already are they? if you need us to put an industrial rackmount HP box with SMP ILO server online for it, maybe we can work something out... Merry Christmas and God Bless! - rh hey, if you all insist ;) http://www.amazon.com/registry/wishlist/1M0UDEXT6A3I7 https://www.amazon.co.uk/registry/wishlist/1G7S5QV025EOX thanks! it might help persuade my wife that I need to get that server reinstalled ;) -- --j.
RE: [sa] Re: habeas - tainted white list
I believe on the whole Warren Togami's posting about a whitelist performance on a masscheck settles the affair. White lists are very reliable. They are also very unnecessary within SpamAssassin. So perhaps the whole topic can die. I also note that the people complaining about the white lists seem to leave out solid data. Were the spams really confirmed spams or were they merely scored as spams? What scores hit that made them score as spams? What kind of installation do you have? How many emails a day are processed? It's little details like that which prompt other people to look at assertions somewhat askance or ignore them outright. With my three personal accounts I have yet to see an email off this list containing HABEAS, spam or ham, since this discussion began. I guess I don't do business with HABEAS customers and no spammers have pushed through anything from a HABEAS site. The mail volume is fairly high (LKML and a couple other Linux lists). And the spam seems to be suddenly up from 60-80 a day to the 90s/day. For those spammers who are listening, I REALLY do not need Via-thingie-alis whether or not it is from he Pf people. If I REALLY need to get it up I do a sexy striptease or something like that. (The V thingie seems to be a new feature of my spam bucket - 10 or more of them a day.) {^_-} JDow et al, why do you say on the whole ? what is holding you back in your thinking there? ...based upon Togami's data processing, the biggest thing that comes to mind is this... *IF* these or similar rulesets are not truly not making a difference one way or the other, then why are they there? why do we really need them or the other similar rulesets? ...and why should any rules such as these have a default SA installation value other than zero and then educate admins in the documentation what to do in regards to enabling and suggested scoring? - rh
RE: OT Re: Museum piece...
as far as museum pieces go, i submit that my first was an Apple 2E if i remember correctly.. BRUN BEERRUN was an interesting game, or something to that effect... ;-) ...and (snore) i also programmed a helicopter to fly across the top and drop a bomb on a space invader and go boom... wow huh? anyways, my FAVORITE was always the VAX !!! DEC VAX 11/785 to be more concise... although 11/780's and 11/750's and microVAXes were fun to play, errr work with too... set proc /priv=ALL eh? - rh
RE: OT Re: Museum piece...
The absolute, without a doubt, biggest POS I ever had to live with was an 11/23 that had more hdwe bugs than all issues of windows combined since DOS5.0. Dec field engineers changed every piece in that thing except the frame rail with the serial number and all they managed to do was convert a daily crash into an every 10 minute crash. snip -- Cheers, Gene wow, Gene, that is a bummer, sincerely sorry to hear about that episode... i was just a wee tiny lad when you (cough) more experienced folks were using tin cans string... ;- did 11/23 meant it was 23 months off the engineering board? i dont recall ever having an issue with DEC stuff yet maybe that was because they had pocket burns up to the elbow on their arms ? - rh
RE: [sa] RE: emailreg.org - tainted white list
Still doesn't answer my question. Perhaps I'm dense. But to spell out my question more explicitly: what do you mean by personal response spam? Is that just Richard's on-list responses we've all seen? Or something else? (did I miss that part of the conversation?). And what do you mean by to this account? To this list? To your own inbox? Are you referring to messages that are obviously from Richard (including alter-ego ones)? Or some kind of UBE campaign that you think he is behind? (if so, please describe) Still confused. -- Rob McEwen Rob, dont be confused, she missed a comma in that line was all... btw, we are still waiting on the hearsay secret squirrel info... - rh
RE: Spam from compromised web mails
When running site wide, how do you get ham to train bayes? I can manage spam by spam reporting and such, but getting ham without breaching the privacy of our users is my problem. raj Raj, one potential option is to setup bayes autolearn thresholds with proper scores for your specific installs/setups. perldoc Mail::SpamAssassin::Conf http://wiki.apache.org/spamassassin/BasicConfiguration - rh
RE: Dear Santa
Axb PS: If JM posts a link to his Amazon wishlist, maybe we can all help him decorate the new place :-) +1 - rh
RE: Cooperative data gathering project.
marc, what if there is no RDNS ? ;-) - rh
RE: emailreg.org - tainted white list
I'm the only one? Really? That doesn't jibe with my memory, but I'm not scanning the entire list to prove you wrong. Really? Yeah, sorry, not buying it. LuKreme et al, you were not the only one much goes under or over the radar on the list... re those rules, we see 2 to 4 percent spam appears to be on the rise... and 4 to 8 percent ham... - rh
RE: emailreg.org - pretty good white list
snip But, as I said, I highly trust my well-placed contact who vouches for emailreg.org, so I'm satisfied. snip -- Rob McEwen Rob, :-) um you did say it a coupla times. once was enough though right? :-) we know who *you* are, yet if you are going to reference this trusted well placed contact in public some more, the can we please remove the secret squirrel factor? probably should ask that person to chime in or do whatever to handle it right. -rh
RE: Suggestion for use by ANY whitelist service....
Nonsense. I had to score this list -2000 just to keep it from scoring so darn high that it was hitting the 'automatic' rejection at the SMTP gate before any of my whitelists could function. Sometimes legit mail scores high. A 'truly clean company' should be permitted to enjoy a 'whitelist' bonus just in case its material *looks* like spam. But of course, the whole issue is defining 'truly clean', especially when even the cleanest company and get hacked - C Charles, you would be better off properly whitelisting the SA mailing list... depending on your situation, possibly to and from... also possibly telling bayes to ignore those emails to and from as well... - rh
RE: ANNOUNCE: Apache SpamAssassin 3.3.0-beta1 available
in the post there was mention of - added or updated many rules; incomplete list in no particular order: vbounce, lotsa_money, muchmoney, image spam, fill_this_form, FreeMail...snipped Q1)is there a location that shows the complete list at this time? if not, Q2) will there be a complete list once it goes off beta to mainstream distro? tia - rh
RE: Language detection in TextCat
This should be fairly easy to do: configure SA with the language(s) you will accept and the ratio of misspellings to total words that you'll accept as meaning 'unwanted language' after numbers and HTML tags have been excluded from the check. Apply the test to the whole body of a non-MIME message or to all MIME parts with type=text/*. Martin The theory is sound in general... yet the real world practice would be just another small score to add towards the spamminess right? there is just to much bad languange in text communications out there... (pun intended) ;-) - rh
RE: freemail vs dkim / spf
perkel wrote: I have yet to find ANY use for SPF. And SPF causes nothing but problems. Marc, why nothing but problems? is a lot of your system mail forward orientated? care to elaborate w/o going into the same old SPF diatribe? maybe there is something useful you havent had the aha factor on... - rh
RE: ANNOUNCE: Apache SpamAssassin 3.3.0-beta1 available
i spose we are concerned about renames of rules although there are pry not many of those... the main concern would be duplicate rule(s) functionality based upon the long lifespan of 3.2.5 and ummm sharing on the list and otherwise... could be same function with different name etc all will come out over time based upon reports and such - rh
RE: Suggestion for use by ANY whitelist service....
I'm sure we would all live with the occasional true 'opt-in' request, if we knew that the end result would be that it would stifle spam by giving the legitimate mailers, the ones whose mail we *want* anyway, a better chance to reach us. - Charles Charles, Nyet, nyet, nyet... we would *not* all live with the occassional opt-in request from Return Path. frankly, nothing against them, yet if an organization really needs Return Path to get their email through to mailboxes without rejection, then doesn't the originator of the email have problems? ...your usage of the true qualifier was interesting though... ;-) - rh
RE: HABEAS_ACCREDITED WHY BY DEFAULT?
After all this debate about a negatively scored rule I'd disable it anyway, because the spammers on the list will target it specifically now, knowing it works well for them. Stucki Stucki, it seems to me that you, of all people, would want a small negative or positive score on that rule (or any rule) for statistical purposes... being in the math department and all :-) logically, why would you just zero it then? - rh
RE: [sa] Re: Suggestion for use by ANY whitelist service....
forgive me for asking this in the middle of this thread yet in all seriousness... Q) what is the inverse of Spamassassin ? i am quite certain that those in the know have spent a lot of time thinking about HAM signatures. maybe that isnt quite the right way to say the question... so, what do you call it? Ham Catcher? Ham Identifier? Pork Platter? Pork Roaster? Mail Helper? it certainly isnt a whitelist thing correct?? - rh
RE: J.D. Falk spineless insults (Re: HABEAS_ACCREDITED SPAMMER)
From: LuKreme Look, get a room. Or at least take this twisted courtship dance offlist and spare us, please. LuKreme, certainly we understand your point here, yet what about accountability for Return Path Inc (and other RPI companies) related rules in the default Spamassassin configs? we all know we can change them, yet why are they even there as a default? how did they get in there in the first place? i do not know and/or forgot specifically where to check... last but not least, has any of that been changed in the upcoming future version(s) of Spamassassin? tia - rh
RE: FP on blacklist hostkarma
if it was just for me you would post it on maillists ? :) thanks for clearify it, atleast for me Benny, sure we would! as ummm ...well, you know, you are just so lovable... :-) seriously, and the reason you are so lovable is that even if i read some (not all) of your posts over and over, i cant figure out what you are saying... something lost in the translation maybe??? ;-) - rh
RE: HABEAS_ACCREDITED SPAMMER
If you disagree with a particular entry on either the (formerly Habeas) Safe list or the Certified list, we've made it extremely easy for you to tell the people who operate those lists. Hint: insulting me on this mailing list has no effect. -- J.D. Falk jdf...@returnpath.net Return Path Inc JD i asked for some clarification from Neal on the spam-l list in this last week and havent seen it yet... if he has been tied up, is understandablew.. yet if he is ignoring, would be nice to know so that appropriate actions can be taken thanks... - rh
RE: HABEAS_ACCREDITED SPAMMER
From: Hajdú Zoltán wrote Then whos job? :) Habeas doesnt monitor Your Inbox. If You have the time to write here just for 'flaming' against a ~good concept... ...Maybe it would be a better idea to spend that time on supporting them with Your feedback. Cheers, Hajdu, we took a worldwide SA list mental telepathy vote and guess what ?!?!?!? you are the lucky person to be the NEW worldwide HABEAS unpaid pay spam police advocate... we see your zeal, pleasd do a good job... :-) as a side note, in this somewhat rough economic environment, at least you are more employed... this time of year, arent you glad you arent a turkey in the USA though? happy thanks gobble giving... - rh
well, isnt that special...
just got spammed via constant contact via Aloha Communications Group on our email lists email address from afrit...@aloha-com.ccsend.com obviously trolling for email addresses would the Constant Contact employee(s) and advocate on this list please kick some hiney after you are done rolling around in the money pile? on a much more important note, can those on the list that have a good handle on better filtering spam and/or UCE from Constant please share your SA info on that please? - rh
RE: well, isnt that special...
thanks Tara, not the hugest biggie... yet since we are only on a few select lists and use this email address, i figured several others on this list were getting it too i did forward both to abuse at your site with headers happy gobble gobble everyone! - rh I've got Compliance on it already thanks. And if I find the money pile I'll let ya know. ;) I'll report back to you what they find.
RE: well, isnt that special...
uri LOCAL_URI_C_CONTACT m{constantcontact\.com\b} score LOCAL_URI_C_CONTACT 12 describe LOCAL_URI_C_CONTACT contains link to constant contact [dot] com thanks Ned, i do have a coupla companies that use CC for email so i wont totally whack. they are getting a bit to generous on those marking emails to me though. umm side note, i spose to Tara... is Constant Contact like the default email marketing system (or one of them) for salesforce.com or whatever other large online customer management software??? or do you own them or they own you or what is the scoop? - rh
RE: UCEPROTECT questions
I'm interested in people's opinion of UCEPROTECT. I'm aware of how it works, but even UCEPROTECT1 seems to catch an awful lot of ham, and I wondered if I was doing something wrong. I've set the score to 0.01 for now, while I watch and see how it works here. What's a more reasonable score? I don't think I would ever use UCEPROTECT2 or UCEPROTECT3, as we have a lot of verizon/comcast users where the whole block or ASN could be blacklisted. Can you give me some history of this blocklist? Thanks, Alex Alex, we use all 3 and adjust score accordingly... have had good general results since we started using them... we are not or have not been doing anything scientific with that info, so it is just another potential spammy sign... - rh
emailBL devel ?
didnt anyone think that the emailBL project was good enough in adding an extra factor of protection to continue development? - rh
expire - theory and practical
looking for theoretical and practical insight on general multi domain email hosting type servers... Q1) on high volume email servers, is it wise to expire more than once a day, or is once a day the right amount so that once is not always in some form of expiring ??? the setup questions is so that we can get to what i am really driving at Q2) on a low, or much lower volume volume email server, is it best to expire once a day or should it be done less frequently so that there is a better set of data for bayes? one one server, we have been doing it once a day, yet i am wondering if we should do it only once or twice a week to have better info in the bayes data set. thanks in advance - rh
RE: Regex Question
some centos people are having a pub party and the kings and queens in london it might be over already based upon time difference from usa maybe all of you could go there and drink beer and duke it out or something constructive ;- - rh
RE: Email / Inbox Speed Problems
It's amazing to me you have ANY Mac users as customers. Tell you what, the guys down the hall from me run a Mac-oriented hosting service, MacHighway.com. Refer your Mac users there. They will not be treated as if they are 'dumb as a stamp'. LuKreme!!! please fly my family over to France to meet you and some good meals soon! i see you made a typo yet, stamp, stump... same difference... and what about this God forbid you are a Republican Mac customer that knows thier family roots back to the Ice Age ! ;-) eh? - rh
RE: Constant Contact
I wouldn't say they are perfect but they try to be. It's close enough for my white list. They shut down abusers and the opt out works. marc, we shouldnt have to opt out... -rh
RE: Constant Contact
marc, yes, yes it does make it spam if i have no idea who they are or why they are emailing me and/or my clients. it sure as all get out makes it spam. marc, are you boozing or just tired? - rh Perhaps, but it doesn't make it spam.
svn rules and viewvc
i used to be able to use wget to easily download rules from jhardin and other sandboxes now with this new viewvc, it is a total pain in the backside to do anything. how do we make it so it is easy to get the sandbox rules again? - rh
RE: exclude domain from server-wide
I am running a qmail + simscan + spamassassin + clamav on a centos 5.3. Regards s..a..l...@gmail, there are many ways to do it... you could try @example.com in your /var/qmail/control/badmailfrom might work... depending on some factors... you could smtp reject above a certain score and do a blacklist in your SA configs and reject it that way... lots of ways... be creative... - rh
RE: Other DNSBL's
Any other DNSBL's out there that you folks use that are worth comparing? Warren Togami wtog...@redhat.com Warren, ask michael scheidell... he has a list for you that is 100% effective... :-) - rh
RE: Constant Contact
Complaints liks this keep coming up for various whitelists. The usage alternative I just suggested may solve this problem for many people. -- Rob McEwen Mc, what usage alternative? - rh
RE: Constant Contact
here is a fine chance for everyone to vote on some new rule names... ill seed it... CONSTANT_PITA_BULK1 let's be creative now, it's Friday! well, it is always Friday, but you get the point... - rh
RE: Constant Contact
So, even though I cringe when I hear a name like Constant Contact, it does serve a legitimate business need. snip Chris Hoogendyk Chris, -1 no disrespect to you intended, yet says who? our general experience with Constant Contact is negative. - rh
RE: Constant Contact
That domain name should earn an email that came through their servers an additional 2.5 points IMO. It has been a thorn in my side since 3, maybe 4 years now. snip -- Cheers, Gene Gene, and anyone else that cares to share please... what are you using for your various rules to up the score on Constant Contact emails so that nothing slips by??? if semi proprietary you cannot share on list, please ping me off... - rh
RE: Hostkarma whitelist needs something..
Funny, after the discussions yesterday, I did the same thing only to wake up this morning with a mess of mis-marked messages due to hits on hostkarma. Until I can do further analysis, I've dropped RCVD_IN_HOSTKARMA_BL and RCVD_IN_HOSTKARMA_WL to .001 and -.001 respectively. jason maybe some of you folks do not have your SA systems trained properly... out of a recent stats run of 12999 total emails TOP SPAM RULES FIRED -- RANKRULE NAME COUNT %OFMAIL %OFSPAM %OFHAM -- 4 RCVD_IN_JMF_BL 399331.03 54.800.70 and TOP HAM RULES FIRED -- RANKRULE NAME COUNT %OFMAIL %OFSPAM %OFHAM -- 4RCVD_IN_JMF_W276322.672.53 48.36 we do not use high scores yet we do score accordingly... - rh
RE: Hostkarma whitelist needs something..
All I can say is that if these numbers were real or typical I would be out of business. perkel, i might be wrong, yet it doesnt appear to me that Jari have enough mail volume to have a reasonable statistical base... - rh
RE: Incresing numbers of DCC_CHECK in ham
Probably because you are not short-circuiting on the whitelist. ;) Any whitelist rule is just that -- a plain, ordinary rule. With a score. There is no magic, and other matching rules always can overrule any other fraction of the equation. If you *know* a given message is not spam, you can just as well spare the cycles calling SA on it -- and have your glue avoid SA for those. Karsten, is it in the SA docs where to specifically put ALL (or most) whitelist rules and how to specifically shortcircuit them correctly?? is it done with priority? or should be local.cf and blah? ...or some other way to be first in the rule chain etc? or a specifcally labeled rulename.cf and blah? :-) - rh
RE: OT bad news
I have no explanation, Their supposed complaint is, they don't know *nix. But my coworker and I manage those boxes, so even if one of us left, there would be at least one person to run those boxes. SA/ClamAV has been working great. Our BSD box sits in front of the Exchange, hands off clean mail, what more could you ask for. We have two boxes, in case we need to take one down for an upgrade. I will pull out our BSD box, and I will let them connect the Exchange box straight to the Net. Shane Shane, you have probably already thought of and done this yet just in case... document the entire history of these boxes and save the configs of course... plus compile as much the functional statistics as you can over the life (logs) of those servers re: how much total email and how much malware and ham and spam and rejected and delivered email qty etc etc... that way, when the doodie hits the fan and end users are screaming over the huge increase in spam, you have hard stats that tell the real story and write the one page paper about it... whether now, or later, possibly consider distributing it to people that seriously need to know. - rh
RE: Uppercase E-mail in Latin America
I grew up in Guadalajara and still have friends there, and in 'el De Effe' as well as scattered around a few other places in Mexico and I can confirm this is simply not true. No one uses all caps as a sign of respect. I can't speak to other Latin American countries. Perhaps this is true in Guatemala, or Nicaragua? I doubt it though. hm doesnt it appear to everyone else that this has the (slim to none) makings of a new urban legend? i mean, if all caps was a sign of respect on that continent, then wouldnt all of the advertising be in all caps out of respect a few days ago when this was posted it was almost believable, for like 3 seconds of pondering. - rh