A serious bug seems to have crept into amavis somewhere, or maybe
BerkeleyDB - stability has gone to hell. In any case, I'm starting to
think about replacing Amavisd. I can't afford to futz around with my
email server - it needs to work.
Currently I run postfix, amavisd, spamassassin, clam
Well I use exim with exim-acl enabled. SA scans based on an exim
transport and virus scanning is done during SMTP reception using an ACL.
It has been working well for us with about 20K messages per day reaching
SA (doesn't include viruses sent to /dev/null). We also use an exim
system filter to
Michael W Cocke wrote:
A serious bug seems to have crept into amavis somewhere, or maybe
BerkeleyDB - stability has gone to hell. In any case, I'm starting to
think about replacing Amavisd. I can't afford to futz around with my
email server - it needs to work.
Currently I run postfix, amavisd,
On Mon, 31 Jan 2005 00:08:32 +, you wrote:
Michael W Cocke wrote:
A serious bug seems to have crept into amavis somewhere, or maybe
BerkeleyDB - stability has gone to hell. In any case, I'm starting to
think about replacing Amavisd. I can't afford to futz around with my
email server - it
At 06:54 PM 1/30/2005, EB wrote:
We installed Spamassassin 3.0.1 fedora core 3 rpm with sendmail last
week but it never rewrites the subject. We had use the new format
already, but it's still not rewriting. But the X header is marked
correctly though. Any suggestion how to fix that?
On 1/30/2005 7:00 PM, Michael W Cocke wrote:
A serious bug seems to have crept into amavis somewhere, or maybe
BerkeleyDB - stability has gone to hell. In any case, I'm starting to
think about replacing Amavisd. I can't afford to futz around with my
email server - it needs to work.
I use the body command to tests for phrases. This was working great, until a
spammer started to use double spacing in his email, and the phrases were split
up by empty lines. Is there any way around this? I've tried everything,
including using full and rawbody, but I still can't find a way to
It might or might not be impossible.
It *is* impossible on rawbody, since the rules only see one line at a time.
It might be impossible on full, if the message is encoded, since full will
see the encoded text.
It may or may not be impossible on body, depending on the version you are
running and a
A serious bug seems to have crept into amavis somewhere, or maybe
BerkeleyDB - stability has gone to hell. In any case, I'm starting to
think about replacing Amavisd. I can't afford to futz around with my email
server - it needs to work.
Currently I run postfix, amavisd, spamassassin, clam
I've got an odd one that I'm not entirely sure where to start, but here's the
scoop: I'm running SA for both myself and my parents using fetchmail to pull
messages from our respective ISP's, pass them to postfix which uses
essentially the suggestions from the DOC page to process via the
Michael
another vote for MailScanner (www.mailscanner.info).
Subscribe to the user list and/or IRC channel. RTFM etc etc..
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
Michael W Cocke wrote:
A serious bug seems to have crept into amavis somewhere, or maybe
Justin Mason wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Matt Kettler writes:
At 09:23 AM 1/28/2005, Tony Finch wrote:
Hi, it seems that HELO_DYNAMIC_IPADDR fires wrongly on this header:
Received: from bay22-dav1.bay22.hotmail.com[64.4.16.181]:30781 (EHLO
On Mon, 31 Jan 2005, Ole Nomann Thomsen wrote:
So I don't feel able to bugzilla this one - any takers?
It isn't a bug in SpamAssassin.
Tony.
--
f.a.n.finch [EMAIL PROTECTED] http://dotat.at/
FAEROES: NORTHWEST 5 TO 7, OCCASIONALLY VARIABLE 3 OR 4 FOR A TIME. RAIN AT
TIMES. MODERATE OR GOOD.
On Fri, 28 Jan 2005, Matt Kettler wrote:
The order and spacing of the items after the from keyword is wrong. The
specification for Received: lines is in RFC 2821. A correctly formatted
line would be something like
Received: from hotmail.com (bay22-dav1.bay22.hotmail.com
Hi,
I'm a new member of this mailing list, and i'd like to know how to mark
as spam messages containing image-only messages.
Hi,
since lately rulesdujour has stopped updating the rules; instead
it complains that spamassassin --lint fails (which prints a lot
of warnings). I've tried using sa30-check but it doesn't help.
The installation is from rpms:
-
Name: spamassassin
On Fri, 28 Jan 2005, Justin Mason stated:
Rodney Green writes:
I'd like to copy the bayes db to the temporary mail server so it can
continue to be used and continue learning.
Will I need to do some special export/import procedure or will I be
able to just copy the db files into the
Loren Wilton lwilton at earthlink.net writes:
It might be impossible on full, if the message is encoded, since full will
see the encoded text.
It may or may not be impossible on body, depending on the version you are
running and a handful of other things.
Sometimes body gets broken up into
On Sun, 30 Jan 2005 22:57:52 -0500, EB [EMAIL PROTECTED] wrote:
I got
ps aux |grep milter
root 2083 0.0 0.2 65904 984 ?Sl 22:52 0:00 spamass-milter
-p
/var/run/spamass.sock -f -m -r 15
root 2910 0.0 0.1 5408 660 pts/0R+ 22:54 0:00 grep milter
Do you have
Hello,
I use postfix+spamassassin+maildrop and for now I delivery all the email
tagged as spam to junk folder, this is very nice except most of the mail is
actually spam, so far only one false positive, anyway I would like to delete
email marked as spam over a certain score so I ask: Above what
On Monday 31 January 2005 15:27, [EMAIL PROTECTED] might have typed:
Hello,
I use postfix+spamassassin+maildrop and for now I delivery all the email
tagged as spam to junk folder, this is very nice except most of the mail is
actually spam, so far only one false positive, anyway I would like
At 11:05 PM 1/30/2005, Mark London wrote:
I use the body command to tests for phrases. This was working great,
until a
spammer started to use double spacing in his email, and the phrases were split
up by empty lines. Is there any way around this?
The body command works on a copy of the message
At 07:27 AM 1/31/2005, you wrote:
Hello,
I use postfix+spamassassin+maildrop and for now I delivery all the email
tagged as spam to junk folder, this is very nice except most of the mail
is actually spam, so far only one false positive, anyway I would like to
delete email marked as spam over a
On Sunday 30 January 2005 04:00 pm, Michael W Cocke wrote:
A serious bug seems to have crept into amavis somewhere, or maybe
BerkeleyDB - stability has gone to hell. In any case, I'm starting to
think about replacing Amavisd. I can't afford to futz around with my
email server - it needs to
We have a cron job which shuts down spamd and restarts it every hour.
Since we upgraded to the latest version of SA 3 one of our server keeps
giving this error.
Shutting down spamd: [ OK ]
Starting spamd: Could not create INET socket on 127.0.0.1:783: Address
already in use (IO::Socket::INET:
On 2005-01-31 15:41:13 +, Ron McKeating wrote:
Shutting down spamd: [ OK ]
Starting spamd: Could not create INET socket on 127.0.0.1:783: Address
already in use (IO::Socket::INET: Address already in use)
[FAILED]
Any thoughts as to why this shuold happen?
The restart is too soon:
At 07:41 AM 1/31/2005, you wrote:
We have a cron job which shuts down spamd and restarts it every hour.
Since we upgraded to the latest version of SA 3 one of our server keeps
giving this error.
Shutting down spamd: [ OK ]
Starting spamd: Could not create INET socket on 127.0.0.1:783: Address
Loren Wilton wrote:
Try the rule with /s on the end of the re. That will tend to turn newlines
into spaces.
People often seem to be confused by the /s modifier for regexes.
All it does is allow '.' to match any character. Without the
/s, '.' matches any character other than newline. So /s
We are moving from mailscanner to amavisd-new because of lots more
flexibility. Currently we are running sendmail to amavisd-new to sendmail to
dbmail, is working great processing about 120,000 messages a day broke out
over 2 servers and a database server for dbmail. Initially we had some
No such thing as a perfect solution for exveryone...nice to have the
option of both though.
Out of interest though would you mind if I ask what you mean by 'more
flexibilty'? prob best to reply off list to keep the signal to noise
ratio good.
TIA
--
Martin Hepworth
Snr Systems Administrator
Hi
Spamd v3.0 with Exim v4.43 using exiscan patch on SlackWare.
/usr/bin/perl5.8.0 -T -w /usr/bin/spamd -d -s /var/log/spamd.log
I am testing out the above configuration on a stand-alone system. On my live
server (no
spamassassin) I use the rbl option within the mail server (Exim 3.16)
Received: from virtual1.webair.com ([216.130.161.111] verified)
by wcg.org (CommuniGate Pro SMTP 4.2.3)
with ESMTP-TLS id 11284223 for [EMAIL PROTECTED]; Fri, 28 Jan 2005
23:37:37 -0800
Received: from virtual1.webair.com (localhost.webair.com [127.0.0.1])
by virtual1.webair.com
On Mon, 2005-01-31 at 06:36, Matt Kettler wrote:
Perhaps you just need to modify your rule to tolerate more spaces, and
perhaps tabs, between words by using \s{1,10} instead of a space.
Maybe better yet:
(?:\s|\/?(?:P|BR))+
--
John Hardin
Development and Technology group (Seattle)
CRS
I'm running a dozen servers with postfix, amavisd-new, and sa3.0.2. I'm having
no problems whatsoever with any aspect of the system, including BerkeleyDB. I
just want to throw that in to let people know it's quite possible to run a
stable system with amavisd-new.
RO
-Original
At 11:14 PM 1/30/2005, Loren Wilton wrote:
Try the rule with /s on the end of the re. That will tend to turn newlines
into spaces.
Loren, that should be redundant in any body or uri rule. SA already
does that conversion to the whole body to save doing it repeatedly for
every body rule in the
I'm a new member of this mailing list, and i'd like to know
how to mark as spam messages containing image-only messages.
Most image-only spam contains a URL or two in the body of the message. Using
the SURBL network tests is probably your best bet to marking these as spam
while allowing your
Upgraded to 3.0.2 a couple of weeks ago, and just noticed that the root FS
was nearly full. I had seen this problem in the past with bayes files
growing out of control, but have been doing a sa-learn --force-expire
daily which helps keep that under control.
However, now I noticed that two other
[EMAIL PROTECTED] wrote:
Upgraded to 3.0.2 a couple of weeks ago, and just noticed that the root FS
was nearly full. I had seen this problem in the past with bayes files
growing out of control, but have been doing a sa-learn --force-expire
daily which helps keep that under control.
However, now I
Jim Maul wrote:
[EMAIL PROTECTED] wrote:
Upgraded to 3.0.2 a couple of weeks ago, and just noticed that the
root FS
was nearly full. I had seen this problem in the past with bayes files
growing out of control, but have been doing a sa-learn --force-expire
daily which helps keep that under
Jim Maul wrote:
[EMAIL PROTECTED] wrote:
Upgraded to 3.0.2 a couple of weeks ago, and just noticed that the
root FS
was nearly full. I had seen this problem in the past with bayes files
growing out of control, but have been doing a sa-learn --force-expire
daily which helps keep that under
From: John Hardin [EMAIL PROTECTED]
On Mon, 2005-01-31 at 06:36, Matt Kettler wrote:
Perhaps you just need to modify your rule to tolerate more spaces, and
perhaps tabs, between words by using \s{1,10} instead of a space.
Maybe better yet:
(?:\s|\/?(?:P|BR))+
Geshundheidt,
Loren Wilton wrote:
in 70_sare_spoof.cf some scores are set to 104.
What is the reason to set such high scores? (I know how to lower
them)
The spoof rules are to catch forgeries for things like Paypal and
Ebay and various banks. These are things that people might have
whitelisted with a
At 12:17 PM 1.31.2005 -0500, Rick Macdougall wrote:
Jim Maul wrote:
[EMAIL PROTECTED] wrote:
Upgraded to 3.0.2 a couple of weeks ago, and just noticed that the
root FS
was nearly full. I had seen this problem in the past with bayes files
growing out of control, but have been doing a
Rick Macdougall wrote:
Jim Maul wrote:
[EMAIL PROTECTED] wrote:
Upgraded to 3.0.2 a couple of weeks ago, and just noticed that the
root FS
was nearly full. I had seen this problem in the past with bayes files
growing out of control, but have been doing a sa-learn --force-expire
daily which
Rick Macdougall wrote:
Jim Maul wrote:
[EMAIL PROTECTED] wrote:
Upgraded to 3.0.2 a couple of weeks ago, and just noticed that the
root FS
was nearly full. I had seen this problem in the past with bayes files
growing out of control, but have been doing a sa-learn --force-expire
daily which
On Mon, Jan 31, 2005 at 12:11:05PM -0500, Jim Maul wrote:
It doesnt normally fill up /root/ unless you are running spamd as root
which i would REALLY not do. my .razor/ and .spamassassin/ directories
are in /home/spamd/.
Actually, i meant spamc, but i believe its the same for all commands
At 12:26 PM 1/31/2005, jdow wrote:
(?:\s|\/?(?:P|BR))+
Geshundheidt, John.
Er, would you care to translate that sneeze, please.
I think he's trying to catch spaces or HTML line-end type tags.
Two problems
1) it will look for /P and /BR, but BR doesn't have a /BR.
2) body rules
Bill Moseley wrote:
On Mon, Jan 31, 2005 at 12:11:05PM -0500, Jim Maul wrote:
It doesnt normally fill up /root/ unless you are running spamd as root
which i would REALLY not do. my .razor/ and .spamassassin/ directories
are in /home/spamd/.
Actually, i meant spamc, but i believe its the same
On Mon, Jan 31, 2005 at 12:51:54PM -0500, Jim Maul wrote:
Probably, but i do not run spamd as root so i dont know for sure. The
problem isnt really what user SA is running as, but where it wants to
store its files. By default it uses the home directory of the user its
running as.
I'm not
At 01:04 PM 1/31/2005, John Hardin wrote:
That simplifies it greatly:
\s+
Yep, which goes back to being a lot like my earlier suggestion, \s{1,10} ,
it just lacks the upper bound of 10 I was using.
I generally don't like to use + or * unless I really want SA to be able to
bridge a very
Bill Moseley wrote:
On Mon, Jan 31, 2005 at 12:51:54PM -0500, Jim Maul wrote:
Probably, but i do not run spamd as root so i dont know for sure. The
problem isnt really what user SA is running as, but where it wants to
store its files. By default it uses the home directory of the user its
Jim Maul wrote:
Rick Macdougall wrote:
Hi,
Incorrect, or at least incorrect on the Linux and FBSD servers I
maintain. Even running with -u username, spamd will still
occasionally write files in /root/.spamassassin unless you
specifically specify the path in local.cf.
In my case I run spamd
Rick Macdougall wrote:
Jim Maul wrote:
Rick Macdougall wrote:
Hi,
Incorrect, or at least incorrect on the Linux and FBSD servers I
maintain. Even running with -u username, spamd will still
occasionally write files in /root/.spamassassin unless you
specifically specify the path in local.cf.
Just for the record and FYI - I found the cause of at least one major
problem, and possibly more. SuSE 9.1 ships with the BerkeleyDB built
incorrectly!
As shipped, It will only support DB_PRIVATE operations, which causes
problems with amavisd and possibly nmdb and postfix.
You need to
-Original Message-
From: Rainer Sokoll [mailto:[EMAIL PROTECTED]
Sent: Saturday, January 29, 2005 2:49 PM
To: users@spamassassin.apache.org
Subject: Re: SARE scores
On Sat, Jan 29, 2005 at 11:38:50AM -0800, Loren Wilton wrote:
in 70_sare_spoof.cf some scores are set to 104.
What
I just got a call from Jeff. www.surbl.org is under what appears to be a
DDOS attack :)
Wheee!!!
Which means...not much. It has no effect on the SURBL lists. All it does
it slowdown whitelist requests, and make it difficult for people to read
about SURBL :) And Jeff won't be able to
jdow wrote:
From: Kelson Vibber [EMAIL PROTECTED]
On Friday 28 January 2005 6:05 pm, jdow wrote:
I would ask the tweebs who black listed you precisely how they track it
to your address. I'd love to hear their reasoning.
Oh, I did! First they told me they couldn't provide anything more than
the
Hello all,
I am looking for a way to spam-check outgoing mail, so the users
registered with my server cannot send out spam (or viruses).
My server is using squirrelmail for sending e-mail, so the mail is
generated on the server and sent directly using SMTP (in squirrelmail
you may choose between
Kenneth Andresen wrote:
I am looking for a way to spam-check outgoing mail, so the users
registered with my server cannot send out spam (or viruses).
My server is using squirrelmail for sending e-mail, so the mail is
generated on the server and sent directly using SMTP (in squirrelmail
you may
On 2005-01-31 11:50:39 +0100, Martin Schröder wrote:
since lately rulesdujour has stopped updating the rules; instead
it complains that spamassassin --lint fails (which prints a lot
of warnings). I've tried using sa30-check but it doesn't help.
I forgot: The system has only SARE rules plus a
I spotted several instances of this while looking through some mail logs today
and I wondered if anyone had any idea what tool might be responsible for this
and what the reasoning for it might be, because it seems very broken to me.
Amidst all the usual bounces to a domain in the middle of a
Hello Andrezej,
How is it possible to make such a sendmail wrapper script? Any links to
examples?
Best regards,
Kenneth
On Mon, 2005-01-31 at 16:54, Andrzej Adam Filip wrote:
Kenneth Andresen wrote:
I am looking for a way to spam-check outgoing mail, so the users
registered with my
Hi,
* Bill Landry wrote (2005-01-30 22:52):
From: Thorsten Haude [EMAIL PROTECTED]
I just installed Razor and DCC, should I go for Pyzor
too? Or should I use only one?
I use all three, but it's really up to you. You just need to make sure you
monitor your hit counts (for FPs/FNs) when adding
Kenneth Andresen wrote:
How is it possible to make such a sendmail wrapper script? Any links to
examples?
No but you can modify the script below to fit your needs:
#!/bin/sh
# temporary directory
TMPDIR=/tmp
# temporary working file name - unix time and process ID
TMPFILE=`/bin/date +%s`.$$
#
64 matches
Mail list logo