Ken A wrote:
Don't accept mail for non-existent users. Your MTA should reject it.
Yeah, we should. Not quite there yet.
In spite of that, I thought it may be a good test to do anyway. Even if
the mail is addressed to an existent user, if the MX for the sender
domain is DNSed to the
Guy Waugh schrieb:
The above stuff appears in my logs when, for example, our MX receives
spam for an unknown local user and tries to bounce the mail back to the
sender.
You should not accept mail for unknown local users because bouncing it
to a mostly faked sender means you're sending out
Mark Martinec writes:
Thanks Justin and Daryl.
(a) Is From:addr rather than EnvelopeFrom:addr the right header to
use?
I'd say yes. DK signs the message, not the envelope. I'm pretty sure
the current milters look for a From: header to decide on what
selector/etc to use.
Right,
in other words:
- sender @ yahoo.com sends mail to mailmanlist @ somelist.com;
- mailmanlist @ somelist.com appends the mailman footer to the body
text/plain part;
- recipient gets message, reads From addr, verifies DK sig, which now
fails.
FWIW, I've seen a few mails that
Loren Wilton writes:
in other words:
- sender @ yahoo.com sends mail to mailmanlist @ somelist.com;
- mailmanlist @ somelist.com appends the mailman footer to the body
text/plain part;
- recipient gets message, reads From addr, verifies DK sig, which now
fails.
Den 14.08.2006 kl. 19:48 skrev Sanford Whiteman
[EMAIL PROTECTED]:
Hi, in order to avoid bouncing spam back to the (almost certainly) faked
sender-addresses, I thought I could use SA directly:
What's your MTA and/or SA-invoking app? Surely it is easier to have
that agent parse SA's
Ole Nomann Thomsen wrote:
I run a qmail frontend for a FirstClass system. The qmail accepts mail
for
about 500 domains, hosted on the FirstClass system, and scans them
with SA.
In then injects them into FirstClass. If the domain is known, but the
user is
wrong (as in [EMAIL PROTECTED]) the
On Tuesday 15 August 2006 10:46, Ole Nomann Thomsen wrote:
I run a qmail frontend for a FirstClass system. The qmail accepts mail for
about 500 domains, hosted on the FirstClass system, and scans them with SA.
In then injects them into FirstClass. If the domain is known, but the user
is
Den 15.08.2006 kl. 12:01 skrev Andreas Pettersson [EMAIL PROTECTED]:
While I don't really see why ldap isn't an option, even with an 99%
load, callout might be the solution.
However, I don't run qmail but here's how it works with exim
On Tuesday 15 August 2006 11:28, Ole Nomann Thomsen wrote:
Yeah, that is pretty neat. But the Firstclass system is running at 99%
capacity on the E-mail injection too. I mean, we are really pumping it in,
trying to level the peak-priod and everything.
Performing callouts will probably cause
Ole Nomann Thomsen wrote:
Den 15.08.2006 kl. 12:01 skrev Andreas Pettersson [EMAIL PROTECTED]:
While I don't really see why ldap isn't an option, even with an 99%
load, callout might be the solution.
However, I don't run qmail but here's how it works with exim
Is anyone out there using spampd? I've been trying to setup a
Spamassassin relay mail server and I'm really having performance
issues. Our incoming MTA is averaging about 3 message per second. I
would think that Spamassassin could keep up with that just fine. Is
anyone else having problems
Dennis Teel wrote:
Is anyone out there using spampd? I've been trying to setup a
Spamassassin relay mail server and I'm really having performance issues.
Our incoming MTA is averaging about 3 message per second. I would think
that Spamassassin could keep up with that just fine. Is anyone else
Dennis Teel wrote:
Is anyone out there using spampd? I've been trying to setup a
Spamassassin relay mail server and I'm really having performance
issues. Our incoming MTA is averaging about 3 message per second. I
would think that Spamassassin could keep up with that just fine. Is
anyone else
On Tue, 15 Aug 2006, Guy Waugh wrote:
Aug 15 05:01:35 mailserver sendmail[13287]: k7EJ1YE7013287: SYSERR(root):
localhost.fabulous.com. config error: mail loops back to me (MX problem?)
Do people actively combat this somehow?
Exim has a feature ignore_target_hosts which causes it to strip
Andreas Pettersson wrote:
Ole Nomann Thomsen wrote:
I run a qmail frontend for a FirstClass system. The qmail accepts mail
for
about 500 domains, hosted on the FirstClass system, and scans them
with SA.
In then injects them into FirstClass. If the domain is known, but the
user is
wrong (as
From: Dennis Teel [mailto:[EMAIL PROTECTED]
At 08:05 AM 8/15/2006, you wrote:
Dennis Teel wrote:
Is anyone out there using spampd? I've been trying to setup a
Spamassassin relay mail server and I'm really having performance
issues. Our incoming MTA is averaging about 3 message per
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
(This message is now CC'd to both maia-users and spamassassin mailing lists )
( Continuing the thread in SpamAssassin ML RE: slow sql bayes store)
Alexandre Ghisoli wrote:
DB Server
Actually, we got perfs problem with this one, probably related to
I noticed a number of people have been trying to update the
70_sare_whitelist_spf.cf ruleset. In case any one had missed it
mentioned in this thread, the ruleset is broken upstream (it's missing
some required ifplugin lines) so updating that ruleset/channel will fail
until it is fixed.
Hello
I use spamassassin as test.
My mail server handles mails about 200 K in a day.
What should I set value of the --max-children num in spamd ?
I think the -m value is 5 as default.
When I type perl -MSocket -e'print SOMAXCONN' I see 128 on display.
Thanks
On 8/15/2006 10:01 AM, Halid Faith wrote:
Hello
I use spamassassin as test.
My mail server handles mails about 200 K in a day.
What should I set value of the --max-children num in spamd ?
I think the -m value is 5 as default.
When I type perl -MSocket -e'print SOMAXCONN' I see 128 on
could it be that local_tests_only is *not* set to 1? in other words,
that network results are being used in bayes training? That
slows things down quite a lot.
--j.
David Morton writes:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
(This message is now CC'd to both maia-users and
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Justin Mason wrote:
could it be that local_tests_only is *not* set to 1? in other words,
that network results are being used in bayes training? That
slows things down quite a lot.
As far as I can see, there's no connection... bayes wouldn't have
Dennis Teel wrote:
My server is a brand new P4 with 1 GB of RAM.
I'm using the default options with SA and have added Razor2.
Please keep SA questions on the list. I'm not an expert, just another
user. There are lots of other people who read the list who may have
good advice for you as well.
On 8/14/2006 6:45 PM, Xepher wrote:
I've got a server configured with postfix and spamassassin. The
mailserver is the only one for the domain, and thus receives mail
from
other servers, as well as letting users connect directly (with smtp
auth) to send mail. Everything works fine, EXCEPT when
Ole Nomann Thomsen wrote:
Den 15.08.2006 kl. 12:01 skrev Andreas Pettersson [EMAIL PROTECTED]:
While I don't really see why ldap isn't an option, even with an 99%
load, callout might be the solution.
However, I don't run qmail but here's how it works with exim
Dear List,
I'm running spamassassin with simscan. The problem I got is that the e-mails
that arrive
to my server are scanned and forward to their mailboxes, but it seems that the
server
sending the e-mail doesn't notice that the mail arrived ok, so it sends it over
and over
getting sometimes
I have two types of spam that are slipping through, and I'm wondering if
anyone has rules to help with them.
Thanks to the imageinfo plugin, most of my image spam has disappeared except
for one particular type. I'm still seeing .gif image spams where the
filename for the image does not contain
Mark Martinec writes:
Thanks Justin and Daryl.
(a) Is From:addr rather than EnvelopeFrom:addr the right header to
use?
I'd say yes. DK signs the message, not the envelope. I'm pretty sure
the current milters look for a From: header to decide on what
selector/etc to use.
Right,
hi/etc/rulesdujour/config reads,[EMAIL PROTECTED] RulesDuJour]# more /etc/rulesdujour/config TRUSTED_RULESETS=TRIPWIRE SARE_ADULT SARE_OBFU0 SARE_OBFU1 SARE_URI0 SARE_URI1SA_DIR=/etc/mail/spamassassin
MAIL_ADDRESS=[EMAIL PROTECTED]SA_RESTART=killall -HUP spamdEverytime we execute rules_du_jour cf
Downloaded and installed the latest FuzzyOCR 2.1c
Ran the tests and the jpg and png ones worked fine, but for the gif sample
I received:
spamassassin -t ocr-gif.eml
giftopnm: error reading magic number
(null): EOF / read error reading magic number
Broken pipe
I have all the required files in
On Tuesday August 15 2006 12:41 pm, BG Mahesh wrote:
hi
/etc/rulesdujour/config reads,
[EMAIL PROTECTED] RulesDuJour]# more /etc/rulesdujour/config
TRUSTED_RULESETS=TRIPWIRE SARE_ADULT SARE_OBFU0 SARE_OBFU1
SARE_URI0 SARE_URI1
SA_DIR=/etc/mail/spamassassin
MAIL_ADDRESS=[EMAIL PROTECTED]
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Rob Mangiafico wrote:
Downloaded and installed the latest FuzzyOCR 2.1c
Ran the tests and the jpg and png ones worked fine, but for the gif
sample I received:
spamassassin -t ocr-gif.eml giftopnm: error reading magic number
(null): EOF / read
Hello
I have the problem that now we are receiving spams and all the content was
written in one image attached into the email, in this conditions the rules
to check words, phrases, etc , don't work
Thanks in advance for any answer
Enediel
Linux user 300141
Debian GNU/Linux
On Tue, 15 Aug 2006, decoder wrote:
Rob Mangiafico wrote:
Downloaded and installed the latest FuzzyOCR 2.1c
Ran the tests and the jpg and png ones worked fine, but for the gif
sample I received:
spamassassin -t ocr-gif.eml giftopnm: error reading magic number
(null): EOF / read
BG Mahesh wrote:
hi
/etc/rulesdujour/config reads,
[EMAIL PROTECTED] RulesDuJour]# more /etc/rulesdujour/config
TRUSTED_RULESETS=TRIPWIRE SARE_ADULT SARE_OBFU0 SARE_OBFU1 SARE_URI0
SARE_URI1
There are quite a few good rule sets from SARE. You may want to go to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
enediel gonzalez wrote:
Hello I have the problem that now we are receiving spams and all
the content was written in one image attached into the email, in
this conditions the rules to check words, phrases, etc , don't work
Thanks in advance for
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Rob Mangiafico wrote:
On Tue, 15 Aug 2006, decoder wrote:
Rob Mangiafico wrote:
Downloaded and installed the latest FuzzyOCR 2.1c
Ran the tests and the jpg and png ones worked fine, but for the
gif sample I received:
spamassassin -t
Hi
I use spamassassin3.1.1
How can I give a high score some messages I have
teached to my server with sa-learn --spam /directory ?
Thanks
Thanks to the imageinfo plugin, most of my image spam has disappeared
except
for one particular type. I'm still seeing .gif image spams where the
filename for the image does not contain .gif. Like this:
Are you using the latest version that 'decoder' posted? I'm pretty sure he
added code
Does anyone have an anti word based PM/CF file-set? I don't want to
reinvent the wheel if I don't need to. Thanks.
--Michel Vaillancourt
Wolfstar Systems
On Tue, 15 Aug 2006, Halid Faith wrote:
How can I give a high score some messages I have teached to my
server with sa-learn --spam /directory ?
sa-learn adds the words in those messages to the Bayes database, in
this case as signs of spam. They are not used to directly score
messages, but
Hi Folks,
I installed the ocrtext plugin yesterday, and although running it doesn't
appear to block any of the GIF spams I receive, its analyzing them, just not
coming up with anything.
So I just found the FuzzyOcr plugin, but it doesn't seem to be executed by
spamd.
I added a
pdxbrit wrote:
Hi Folks,
I installed the ocrtext plugin yesterday, and although running it doesn't
appear to block any of the GIF spams I receive, its analyzing them, just not
coming up with anything.
So I just found the FuzzyOcr plugin, but it doesn't seem to be executed by
spamd.
I
Michel Vaillancourt wrote:
Does anyone have an anti word based PM/CF file-set? I don't want to
reinvent the wheel if I don't need to. Thanks.
--Michel Vaillancourt
Wolfstar Systems
I wanted to implement the functions into FuzzyOcr maybe, and rename the
plugin
Hi, I have been doing some testing with SA - Using maildrop to do the spam
scanning.
In my maildrop script I was playing around with calling 'sa-learn --sync spam'
everytime spam was detected and 'sa-learn --sync ham' when messages were
clean. I had this running for a while to see what kind of
Quoting Loren Wilton [EMAIL PROTECTED]:
Thanks to the imageinfo plugin, most of my image spam has disappeared except
for one particular type. I'm still seeing .gif image spams where the
filename for the image does not contain .gif. Like this:
Are you using the latest version that 'decoder'
Bookworm writes:
[EMAIL PROTECTED] wrote:
that analyzes and scores email addresses:
we have big companies that give their employees more or less random
strings as email addresses
(but length will not be extremely long)
Otherwise we have email addresses that somehow are
decoder wrote:
I assume you did restart spamd? If so, set the verbose level in
FuzzyOcr.cf to 2, that enables debug messages and creates debug out
files in the current directory which contain the recognized format and
the recognized text.
Try running then spamassassin -t somesample
On Monday 14 August 2006 11:02, Nigel Frankcom took the opportunity to say:
On Mon, 14 Aug 2006 01:52:33 -0700, jdow [EMAIL PROTECTED] wrote:
(I manually train here. I distrust automatic training.)
{^_^}
I agree with not autotraining, imo it's a damned good way to get your
bayes poisoned.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
pdxbrit wrote:
decoder wrote:
I assume you did restart spamd? If so, set the verbose level in
FuzzyOcr.cf to 2, that enables debug messages and creates debug
out files in the current directory which contain the recognized
format and the
Greetings all,
I have a bit of a mystery. Recently, I installed spamassassin on a new
server. Everything seems to be working fine, except for one little
hitch. It seems that arbitrarily, spamd is unable to drop root
privileges. Here's the relevant log message:
spamd: still running as
On Tue, 15 Aug 2006, Ryan Steele wrote:
spamd: still running as root: user not specified with -u, not found, or
set to root, falling back to nobody at /usr/sbin/spamd line 1150,
GEN1596 line 4.
aolMe, too!/aol
It happens to me pretty regularly. I don't have any per-user configs
set up.
On Tuesday 08 August 2006 21:32, Rob McEwen (PowerView Systems) took the
opportunity to say:
Just thought ya'll would be interested to know that I just spent about 45
minutes trying to convince an I.T. guy at one of the largest regional banks
in my area that a spam filter should ONLY check the
On Tue, Aug 15, 2006 at 05:12:42PM -0400, Ryan Steele wrote:
hitch. It seems that arbitrarily, spamd is unable to drop root
privileges. Here's the relevant log message:
spamd: still running as root: user not specified with -u, not found, or
set to root, falling back to nobody at
decoder wrote:
Hey again,
I have analyzed your image with my gocr, and I get:
samples # gocr -i bell.gif
)
Trading ,4lert for FRID,4Y, ,4UGUST ll!
,4 M,4_oR PR C,4MP,4IGN IS lNDERW,4Y!
Some vey EXPLOSIVE G,4INS are eqe_ed!. i. !.
Chris,
I am in the process of installing and testing FuzzyOcr, but i am
having some issues with netpbm.
I installed netpbm via yum and have version netpbm-10.25-2.EL4.2
installed now. the problem
is that giftopnm, jpegtopnm, and pngtopnm are nowhere to be found on
the system.
any
Ok,
I installed libjpeg-devel, libpng-devel, and libtiff-devel, then I DL
and compiled netpbm-10.34 from source. it all went well, and now I
have all 3 of those convertor executables on my system. i then ran
some tests on your sample mails.
the gif sample works great. - exactly like
From: Halid Faith [EMAIL PROTECTED]
Hello
I use spamassassin as test.
My mail server handles mails about 200 K in a day.
What should I set value of the --max-children num in spamd ?
I think the -m value is 5 as default.
When I type perl -MSocket -e'print SOMAXCONN' I see 128 on
Thank you all for the feedback.
FWIW, I've seen a few mails that had multiple DK signatures, apparently
as the result of going through a DK signed mailing list when the original
message had also been signed.
yeah, I think if the list re-signs the message, that's ok, because it then
Well,
I finally got everything working after realizing that there is a
RHEL4 package called netpbm-progs. So, i deleted everything i
installed from source, and installed all of the rpms instead. No
more errors. oddly enough, I only find 2 spam words in the sample
jpeg mail, as opposed
Now here's an honest phisher:
Subject: =?utf-8?Q?[PHISHING]: Important Information About Your Fifth Third
Bank Account [Tue, 15 Aug 2006 18:25:54 +0180]?=
--
Chris
18:47:44 up 16 days, 16 min, 1 user, load average: 0.23, 0.30, 0.27
On Tue, 15 Aug 2006, decoder wrote:
Rob Mangiafico wrote:
On Tue, 15 Aug 2006, decoder wrote:
Rob Mangiafico wrote:
Downloaded and installed the latest FuzzyOCR 2.1c
Ran the tests and the jpg and png ones worked fine, but for the
gif sample I received:
spamassassin -t ocr-gif.eml
-Original Message-
From: Mark Martinec [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 15, 2006 7:38 PM
To: users@spamassassin.apache.org
Subject: Re: Rule for non-DK-signed mail from yahoo
This is what I have now:
I get this on a lint with SA 3.13:
Does it need escape in front
On Wed, 2006-08-16 at 01:37 +0200, Mark Martinec wrote:
header __L_FROM_YAHOO From:addr =~ /@yahoo\.com$/i
header __L_FROM_GMAIL From:addr =~ /@gmail\.com$/i
You should escape the @ signs in the expression: /[EMAIL PROTECTED]/i
Chris
On Wednesday August 16 2006 01:47, Chris Stone wrote:
On Wed, 2006-08-16 at 01:37 +0200, Mark Martinec wrote:
header __L_FROM_YAHOO From:addr =~ /@yahoo\.com$/i
header __L_FROM_GMAIL From:addr =~ /@gmail\.com$/i
You should escape the @ signs in the expression: /[EMAIL PROTECTED]/i
Yes,
On Tue, 15 Aug 2006, Craig Baird wrote:
[snip..]
The other type of spam I'm seeing are empty messages. They have a single word
for a subject, but nothing in the body. About a year ago, I was getting
flooded with these, and I solved the problem by using the SARE_HTML_NO_BODY
rule from
It looks like ihlas.net.tr is running SPF checks on mail relays within
their local network. This is a bad idea, since this will cause most if
not all SPF checks performed on internal relays to fail, as nobody
else can be assumed to have your maile gateway in their SPF list...
On 15 Aug 2006
Dear list,
I was thinking about switching our SAs from config
files to MySQL. Now I am wondering if there are any advantages in SAs performance
when using MySQL. Does anyone of you have any information on that?
Thank you very much in advance,
Stefan
69 matches
Mail list logo
