Thanks. That does help understand what is going on. This might be a
good writeup for the wiki.
{^_^}
- Original Message -
From: Justin Mason [EMAIL PROTECTED]
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
jdow writes:
From: [EMAIL PROTECTED]
BTDT, bought the T-shirt. Adding
How does one delete the bayes database?
Peace...
Tom
On Wed, May 4, 2005 3:02 pm, Ryan Castellucci said:
Looks like bayes is dropping the score. Did you manualy train your
bayes database, or use autolearning?
You may need to delete your bayes database and start over.
On 5/4/05, BAKONYI
Sa-learn --clear
May be recommended to run a sa-learn --backup first incase you want to restore
it.
Cheers,
Michael
-Original Message-
From: Tom Q. Citizen [mailto:[EMAIL PROTECTED]
Sent: Thursday, 5 May 2005 9:51 AM
To: users@spamassassin.apache.org
Subject: Re: Spam messages got
I don't fully understand how SURBL works and all the details, I have been on
this list for a few weeks getting ready to get SA installed and working,
trying to learn.
I just posted to mysql mail list and got this back:
The following message could not be delivered to mysql@lists.mysql.com at
host
on 5/4/05 7:14 PM, Scott Haneda at [EMAIL PROTECTED] wrote:
So this seems in error, which is not a huge deal, I just turn my sig off for
now :-) But do I fall out of surbl autmatically? And how do I find out why
this happened and prevent it?
I just also got this back from mysql lists:
on 5/4/05 7:14 PM, Scott Haneda at [EMAIL PROTECTED] wrote:
I just posted to mysql mail list and got this back:
The following message could not be delivered to mysql@lists.mysql.com at
host
lists.mysql.com (213.136.52.31) because the message content was rejected.
552 newgeo.com in
On 5/4/05, Matt Kettler [EMAIL PROTECTED] wrote:
That's great.. I was trying to think up a good scenario for that
acronym, but couldn't.
Obviously it's the
Automated Spam Sorting Average Scoring System Involving Ninjas
Today, I've received a number of spams containing a domain that is listed on
almost all the SURBL lists. I've recieved around 10 of these today, and none
of them have hit on any of the SURBLs despite the domain being listed. Here
is the message:
--- Begin Spam ---
Return-Path: [EMAIL
From [EMAIL PROTECTED] Wed May 4 21:21:27 2005
...
Date: Wed, 4 May 2005 22:21:11 -0600
From: Craig Baird [EMAIL PROTECTED]
To: users@spamassassin.apache.org
Subject: Content type allowing spammers to evade URIBL
...
Today, I've received a number of spams containing a domain that is listed on
On Thursday 05 May 2005 04:38, Justin Mason wrote:
jdow writes:
From: [EMAIL PROTECTED]
BTDT, bought the T-shirt. Adding memory will help. Short term solution
can be adding swap space. Another option can be running SA remotely
on another machine (users run spamc -d sa.machine.com)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Bikrant Neupane writes:
from maillog
Deep recursion on subroutine Mail::SpamAssassin::Message::Node::finish
at /usr/local/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Message/Node.pm
line 659
could you try this patch? if it doesn't work, I
On Thursday 05 May 2005 11:52, Justin Mason wrote:
Bikrant Neupane writes:
from maillog
Deep recursion on subroutine Mail::SpamAssassin::Message::Node::finish
at /usr/local/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Message/Node.pm
line 659
could you try this patch? if it doesn't
On Wednesday, May 4, 2005, 8:37:45 AM, martin smith wrote:
MFrom: Jeff Chan [mailto:[EMAIL PROTECTED]
MA good way to report spams is to use SpamCop. The SpamCop
Mspamvertised site data goes into sc.surbl.org:
M
M http://www.surbl.org/lists.html#sc
M
Jeff, does this include the links that
On Wednesday, May 4, 2005, 9:21:11 PM, Craig Baird wrote:
Today, I've received a number of spams containing a domain that is listed on
almost all the SURBL lists. I've recieved around 10 of these today, and none
of them have hit on any of the SURBLs despite the domain being listed. Here
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
yes, I think this definitely should be on the bugzilla ;)
- --j.
Bikrant Neupane writes:
On Thursday 05 May 2005 11:52, Justin Mason wrote:
Bikrant Neupane writes:
from maillog
Deep recursion on subroutine
On Thursday, May 5, 2005, 12:10:32 AM, Jeff Chan wrote:
On Wednesday, May 4, 2005, 9:21:11 PM, Craig Baird wrote:
Today, I've received a number of spams containing a domain that is listed on
almost all the SURBL lists. I've recieved around 10 of these today, and
none
of them have hit on
On Wed, May 04, 2005 at 07:05:17PM +0200, Patrick von der Hagen wrote:
Hi all,
I've been using SpamAssassin 3.0.2 for quite some time (about three
month) on my mailservers and so far I didn't notice any problems. Load
and message-throughput have been quite constant.
However, yesterday one
On Wed, 4 May 2005, Justin Mason wrote:
From: Justin Mason [EMAIL PROTECTED]
To: jdow [EMAIL PROTECTED]
Cc: users@spamassassin.apache.org
Date: Wed, 04 May 2005 15:53:13 -0700
Subject: Re: memory-usage going BOOM
jdow writes:
From: [EMAIL PROTECTED]
BTDT, bought the T-shirt.
Dennis Davis wrote:
[...]
Some on this list recommended reducing --max-conn-per-child from the
default of 200 to reduce possible memory leakage in earlier versions
of SpamAssassin. I doubt that this is a problem now, but it might
be worth trying as a precautionary measure.
I am absulotely CERTAIN
I just upgraded my spamassassin from v3.0.1 to v3.0.3 and know my
user_prefs don't appear to
being read. I have a couple of test rules I use to verify if the local.cf
or user_prefs are be
read and local.cf works but user_prefs don't.
After checking any upgrade info to make sure you haven't
tests=BAYES_00,DATE_IN_FUTURE_96_XX,
Bayes says it is absolutely dead sure ham, not spam.
Broken bayes database, it sounds like.
Loren
I believe someone noticed this yesterday and submitted a bug against it.
That still leaves the problem of existing systems that are open to this
attack. Probably a quick rule to check for that header and add 10 points or
so would be a good idea.
Loren
- Original Message -
from maillog
Deep recursion on subroutine Mail::SpamAssassin::Message::Node::finish
at /usr/local/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Message/Node.pm
line 659
As far as I know (which may be wrong) the deep recursion thing isn't related
to either bayes or awl expiry. I seem to recall
Hello All,
Justin: SpamAssassin 3.1.0 is a lot better at effective RAM usage than 3.0.0
... This is because it (a) runs with a
smaller number of active children ... keeps one or two servers very busy, using the
others for overflow
We process 60K messages a day and use most of our 10 spamd
At 05:00 PM 5/4/2005, jdow wrote:
Accurate or not AWBL for Automatic White/Black List might be obscure
enough to inspire a minimal level of reading.
Along those lines, we could name it RTFM :)
At 05:41 PM 5/4/2005, Randy Gibson wrote:
I just upgraded my spamassassin from v3.0.1 to v3.0.3 and know my
user_prefs don't appear to
being read. I have a couple of test rules I use to verify if the local.cf
or user_prefs are be
read and local.cf works but user_prefs don't.
I'm using
I can't find any doc on PTR rules. Specifically, I'd like to make my
SpamAssassin 3.0.1 score if there is no PTR record for the first foreign
IP in the Received by chain.
This can't be difficult, but I've scanned the doc to the best of my ability
(my best may not be particularly goodg) and come
Anyone seeing problems with SURBL "AB"? This morning I have had more false
positives then I have ever seen. Some examples cox-internet, peoplepc, expedia
and my new headache my own domain.
Is the problem with peoplereportingsober virus
emailsasspam?If this is the "top 400" spammer list it
yes - should be fixed as while ago, just needing the DNS change to
propogate. Someone added .com to the list!
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
Bryan Haase wrote:
Anyone seeing problems with SURBL AB? This morning I have had more
false
From: Jeff Chan
To: SURBL Discus
Date: Thursday, May 5, 2005, 12:39:58 AM
Subject: [SURBL-Discuss] Brief problem with ab.surbl.org
FWIW there was a brief error where .com got into ab.surbl.org and
that caused it to hit all .com domains. This problem lasted an
hour or two today and happened
Dan Barker wrote:
I can't find any doc on PTR rules. Specifically, I'd like to make my
SpamAssassin 3.0.1 score if there is no PTR record for the first foreign
IP in the Received by chain.
This can't be difficult, but I've scanned the doc to the best of my ability
(my best may not be
Carlo Wood wrote:
On Wed, May 04, 2005 at 01:03:18PM -0400, Matt Kettler wrote:
In -well- every mail. That is not too weird, since
this is my domain! Why does rate 'alinoe.com' and 'com'
and 'carlo' as spammy tokens? Is that normal?
No, it's not normal.
Have you been training
It looks to me like your rule says if it's got a ([ip address, it's got
no PTR and if it's got a {something[ip address it has one. That could
be useful, except my mailer doesn't do such things.
Bad Header:
Received: from rnaiewno.com [66.0.118.65] by visioncomm.net
(SMTPD32-8.15) id
On Thu, May 05, 2005 at 12:10:32AM -0700, Jeff Chan wrote:
If you'll notice, the content type is shown as ;text/plain;. It seems
that
the semicolons are causing Spamassassin not to parse the mail properly. If
I
[...]
SA devs, should this get a bugzilla?
Already do:
Ugh. I'm getting stuff from these jerks slipping through left right..
anyone else seeing this stuff? :|
It's hitting the sbl rules, but still only scoring 4.152..
From: ChristianMortgageUSA.com [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Let our experts help you save on your home
Date:
Jonathan
the ALL_TRUSTED rule is misfiring. Read the documentation on setting
ythe trusted_networks etc and configure this for you setup and that will
help the problem
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
Jonathan Nichols wrote:
Ugh. I'm getting
Dan Barker wrote:
I guess rnaiewno.com is the HELO or some such, because it sure isn't a name
from 66.0! I guess I'm just screwed. We went from 2k emails a day (1900
spam) to 4K with the latest worm, and SA doesn't appear to be able to help
at all. Sigh.
Dan
Dan, I have to agree with Matt
We went from 2k emails a day (1900
spam) to 4K with the latest worm, and SA doesn't appear to be able to help
at all. Sigh.
Dan
Hi, get a few birds in the garden to take care of the rainworms :)
Probably my setup is unusual, but SA would not even see infected mail, because
the
virus
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[EMAIL PROTECTED] writes:
I know from watching that 3.1 might be a ways off, and am wondering if
based on anyone's experience whether running an interim build is a good
idea or not? I understand the risks of doing this in general, just
On Thu, May 05, 2005 at 05:20:53PM +0100, Martin Hepworth wrote:
the ALL_TRUSTED rule is misfiring. Read the documentation on setting
ythe trusted_networks etc and configure this for you setup and that will
help the problem
It's not really misfiring here. In the sample message, there are no
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Patrick von der Hagen writes:
Dennis Davis wrote:
[...]
Some on this list recommended reducing --max-conn-per-child from the
default of 200 to reduce possible memory leakage in earlier versions
of SpamAssassin. I doubt that this is a problem
...
Date: Thu, 05 May 2005 09:14:28 -0700
From: Jonathan Nichols [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Organization: pbp.net
User-Agent: Mozilla Thunderbird 1.0.2 (Macintosh/20050317)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: users@spamassassin.apache.org
Subject: hillsdale media
Couldn't we just write a rule that adds points when it see's the unknown
in the MX, I also use postfix, so postfix specific..
Received: from predialnet.com.br (unknown
[200.218.176.14])
Robert
Peace he would say instead of goodbyepeace my brother.
Justin Mason wrote:
[...]
on 3.1.0 or 3.0.2?
3.0.2
[...]
Are you limiting the size of messages being passed to spamd? Scanning
The limit is 200k.
as far as I know, there is not a remotely-exploitable bug here. Obviously
these would be more serious and we encourage those to be reported on the
Theo Van Dinter wrote:
It's not really misfiring here. In the sample message, there are no Received
headers, so the message looks as if it was sent from local to the machine.
He may not have posted the received headers for some ineffable
reason.Plus, if the actual email did not originally
Ive created a public folder on exchange for the
purpose of putting in spam that SA missed. Im attempting to use
fetchmail to grab the messages.
Has anyone else done this before? I found a few posts on
the internet but nothing too descript.
Do I need to dump these messages into a
Johnson, S wrote:
Ive created a public folder on exchange for the purpose of putting in
spam that SA missed. Im attempting to use fetchmail to grab the
messages.
Has anyone else done this before? I found a few posts on the internet
but nothing too descript.
Did you try the wiki?
I do this on our servers here, I use
fetchmail with IMAP. I have setup the public folder for everyone to dump into
but then have to pull the SPAM into a local folder in my inbox to feed it to
fetchmail, because IMAP does not support the public folders only mailbox
folders. I setup a folder
[EMAIL PROTECTED] wrote:
We went from 2k emails a day (1900
spam) to 4K with the latest worm, and SA doesn't appear to be able to help
at all. Sigh.
Dan
Hi, get a few birds in the garden to take care of the rainworms :)
Probably my setup is unusual, but SA would not even see infected
Greetings SA admins,
I'm planning to deploy SA in a couple of weeks, I've been testing SA
3.02 (Debian distro) during the last weeks and it works very well but
I'm a bit concerned about the the memory leaks reported here.
My question is, should I wait till SA 3.1 is released or just install
If you don't plan on using AWL, you shouldn't have any difficulty with the
debian 3.0.2 package.
The only memory problems I experienced with SA, Amavis, and Postfix were
related to large AWL files.
Because I use AWL (or ASS as the case may be), I've updated my servers to
3.0.3.
RO
-
He may not have posted the received headers for some ineffable
reason.Plus, if the actual email did not originally hit ALL_TRUSTED,
then the original score would have been 4.152 + 2.4 (ALL_TRUSTED score)
= 6.552 which should have stopped the email unless his kill level is set
higher than
I've been running SA on Debian stable for a few years now without any
real issues, upgrading SA and related items as needed from time to time
origionally through debian, later from source, and last night (in a vain
attempt to fix the problem I'm about to describe) through backports.org.
A few
Robert Swan said:
I do this on our servers here, I use fetchmail with IMAP. I have setup
the public folder for everyone to dump into but then have to pull the
SPAM into a local folder in my inbox to feed it to fetchmail, because
IMAP does not support the public folders only mailbox folders.
Matt Yackley wrote:
Robert Swan said:
IMAP does not support the public folders only
mailbox folders. snip
I've been pulling messages out of Exchange public folders via IMAP
for awhile now. I've done it with Exchange 5.5, 2K and 2K3, sometimes
the path can give you headaches, but it should
We run a descent sized datacenter. The problem I have is that someone sent
out a spam with our abuse email address as the reply to.
I have added an spf record to the dns now to try and reduce the forged
headers problem. Any other suggestions would be helpful.
Thanks in advance.
Ronnie Tartar wrote:
We run a descent sized datacenter. The problem I have is that someone
sent out a spam with our abuse email address as the reply to.
I have added an spf record to the dns now to try and reduce the forged
headers problem. Any other suggestions would be helpful.
Thanks
57 matches
Mail list logo