Hi,
I would like your opinion if our mailrelay is properly tuned:
I have a mailrelay (sendmail / mimedefang / spamassassin with fuzzyocr,
razor and dcc) running on a Sun V20Z with 6 GB Ram and 2 AMD 1.8Ghz cpu's
on Solaris 10.
it currently handles 95000 mails per day (most of it spam
[EMAIL PROTECTED] wrote:
Hi,
I would like your opinion if our mailrelay is properly tuned:
I have a mailrelay (sendmail / mimedefang / spamassassin with fuzzyocr,
razor and dcc) running on a Sun V20Z with 6 GB Ram and 2 AMD 1.8Ghz cpu's
on Solaris 10.
it currently handles 95000 mails per
* [EMAIL PROTECTED] [EMAIL PROTECTED]:
Hi,
I would like your opinion if our mailrelay is properly tuned:
I have a mailrelay (sendmail / mimedefang / spamassassin with fuzzyocr,
razor and dcc) running on a Sun V20Z with 6 GB Ram and 2 AMD 1.8Ghz cpu's
on Solaris 10.
it currently
-Original Message-
From: Peter Smith [mailto:[EMAIL PROTECTED]
Sent: Tuesday, September 26, 2006 8:08 PM
To: users@spamassassin.apache.org
Subject:
Hi,
Over the last week, my machine (Fedora, SA 3.1.3, qmail,
qmail-scanner-queue.pl) has been recieving a fair amount of
* [EMAIL PROTECTED] [EMAIL PROTECTED]:
Hi,
As we have seen the amount of incoming mail increase by 25% in the last
few months, our customer is willing to invest in an extra mail relay.
I was thinking about a system with Sun's T1 chipset, (like the sunfire
T1000), I'm thinking the threaded
Mike Woods schrieb:
Hi guys, bit of a query regarding sa-learn and messages that have
already been tagged as spam.
We have spamassassin scanning mail via amavisd and sending any caught
spams to a spam folder in the users accounts (using plus addressing),
we've also been getting users to drop
Title: Message
Hi,
I want Migrate from
SpamAssasin 2.63 to 3.15.1 on my MailServer on Redhat9
1 i use perl
5.8.0
2 i have stoped
spamd
3 run "sa-relearn
--rebuild"
4 rpm -Uvh
spamassassin-3.1.5-1.rh9.rf.i386.rpm
warning: spamassassin-3.1.5-1.rh9.rf.i386.rpm: V3 DSA signature:
sa-blacklist.cf
sa-blacklist.current.uri.cf
Get rid of these! They are evil and probably the root of your problem!
(They are also long depreciated and very out of date, so wouldn't be doing
much even if they didn't kill your system.)
occa_phishing.cf
occa_replica.cf
I have no
Title: Message
It's best to use cpan for this. It's very easy to use and will automagically resolve any dependencies.
Other way is find the modules on http://rpmfind.net/
Specify your search as perl-net-dns etc.
-Sietse
From: Philippe CouasSent: Wed 27-Sep-06 16:15To:
On Wed, 27 Sep 2006, Peter Smith wrote:
The messages are simply a random stream of words, with punctuation
scattered in them. No HTML, no URLs being advertised, no excessive
capitalisation, just meaningless text.
Technically, then, it's not spam. Spam requires a commercial message
of some
Mike Woods wrote:
Hi guys, bit of a query regarding sa-learn and messages that have
already been tagged as spam.
We have spamassassin scanning mail via amavisd and sending any caught
spams to a spam folder in the users accounts (using plus addressing),
we've also been getting users to drop
The messages are simply a random stream of words, with punctuation
scattered in them. No HTML, no URLs being advertised, no excessive
capitalisation, just meaningless text.
Technically, then, it's not spam. Spam requires a commercial message
of some sort. :)
Yeah, I think I said 'junk'
Daniel T. Staal wrote:
On Wed, September 27, 2006 10:43 am, Matt Kettler said:
Mike Woods wrote:
Hi guys, bit of a query regarding sa-learn and messages that have
already been tagged as spam.
We have spamassassin scanning mail via amavisd and sending any caught
spams to a spam folder in the
In a desperate newbie attempt to fix this problem myself, I added the
following lines to Received.pm at line 895:
# Received: from ([10.0.0.6]) by myfirewalll; Thu,
# 13 Mar 2003 06:26:21 -0500 (EST)
if (/^from \(\[(${IP_ADDRESS})\]\) by myfirewall/) {
$ip = $1; $by =
Daniel T. Staal wrote:
On Wed, September 27, 2006 11:10 am, Jim Maul said:
I believe that SA will not learn a message it has seen before so
multiple sa-learn's will not have any affect.
Actually, that was my impression too.
Which means, for the orginal question, that re-learning the
Title: Message
Hi,
I have migrate from
Spamassassin 2.63 to 3.15.1, that' seems running, somes mail are flaged and rpm
-a seee new version.
But previously rules
and local.cf was in /etc/mail/spamassasin, and theses files are not modified by
my rpm -Uvh.
I want know if
config files are
The internet is a great place for raising more questions than it answers :D
Given all the opinions I think I will move the caught spam's into the
learning cycle however i'm also going to make sure that each spam is
only ever fed through the system once, this wont be a problem since I
already
On Wed, September 27, 2006 16:26, Sietse van Zanen wrote:
It's best to use cpan for this. It's very easy to use and will automagically
resolve any
dependencies.
just one problem with cpan is it will not solve rpm depndice
Other way is find the modules on http://rpmfind.net/
Specify your
This autoresponse from Yahoo abuse crept over the spam line, mostly
because of a hit on FORGED_YAHOO_RCVD... but it's not clear from the
headers why that would be. This is a from a Fedora Core 5 system running
SpamAssassin 3.1.3 under amavisd-new 2.4.2:
Return-Path: [EMAIL PROTECTED]
Benny Pedersen wrote:
On Wed, September 27, 2006 16:26, Sietse van Zanen wrote:
It's best to use cpan for this. It's very easy to use and will
automagically resolve any dependencies.
just one problem with cpan is it will not solve rpm depndice
Other way is find the modules on
Peter Smith wrote:
The messages are simply a random stream of words, with punctuation
scattered in them. No HTML, no URLs being advertised, no excessive
capitalisation, just meaningless text.
I'm cautious about feeding these messages to sa-learn as spam, in
case it has a negative
From: Mike Woods [mailto:[EMAIL PROTECTED]
The internet is a great place for raising more questions than it
answers
:D
Given all the opinions I think I will move the caught spam's into the
learning cycle however i'm also going to make sure that each spam is
only ever fed through the
Mike Woods wrote:
The internet is a great place for raising more questions than it
answers :D
Given all the opinions I think I will move the caught spam's into the
learning cycle however i'm also going to make sure that each spam is
only ever fed through the system once, this wont be a
occa_phishing.cf
occa_replica.cf
I have no knowledge of these.
From the rules you show these aren't particularly worthwhile (nor all that
well written rules). There are a number of SARE rules that cover this area
much more thoroughly, and I believe these days even a number of
Which means, for the orginal question, that re-learning the already caught
spams will have very little effect other than wasting some processor
cycles. Doing what he is doing right now is probably best.
This is assuming that they were auto-learned. Not all system are configured
for
Hi,
have a look at rulesemporium.com
There are descriptions of the rules, and definitely you should use only
one out pof each set
of similar named ones
Wolfgang Hamann
Be careful there. It depends on what you mean by similarly named.
It is perfectly valid to have
70_sare_html0.cf
(CCing Marc Perkel because I seem to recall him knowing about this)
Not that I'd ever outright block based on this one factor alone, but...
Does anyone have any stats about what percentage of spam is directed towards
the highest MX Record? (that is, where there is more than one MX record?)
I need to check, Date: Wed, 27 Sep 2006 14:17:17 -0400 and I've looked
Quite ignoring the arguments people will make against this (including me)
you could do something like the following. Of course remember the date
header is when the mail was made in whatever timezone it was made, not in
Rob McEwen wrote:
(CCing Marc Perkel because I seem to recall him knowing about this)
Not that I'd ever outright block based on this one factor alone, but...
Does anyone have any stats about what percentage of spam is directed towards
the highest MX Record? (that is, where there is more than
installed this today, removed bogofilter...
also installed spamc, notice one of the suggested installs
was libnet-ident-perl, is anyone using this, with spamassassin ?
or is this a sparate module by itself.
Regards -
Richard
Nice, I like that! Most of our spam also comes in during the wee hours of
the morning.. I think adding a half point or even a point would help even
more. Though, I have trained and continue to train both of my servers and
they are pretty effective.
We get 3500 mails a day of which 70% are
Ok guys, I figured it out... w/ Loren's help of course! :) Here's what I
came up with:
# Catch anything from 8:00 PM to 6:00 AM and score it
header RCVD_AT_NIGHT Date =~ /..., .. ... [0,2][0-5]:..:..*/
score RCVD_AT_NIGHT 0.001
describeRCVD_AT_NIGHT Email was received
Chris wrote:
On Tuesday 26 September 2006 2:50 pm, Bowie Bailey wrote:
Noc Phibee wrote:
Hi
on my spamassassin server, i use a lot of rules ..
personnal and downloaded.
Anyone know if they have a tools for know in 24h or 48h
if a rules are used or not ?
If you just
On Wed, 27 Sep 2006, Shue, Daniel G. wrote:
# Catch anything from 8:00 PM to 6:00 AM and score it
header RCVD_AT_NIGHT Date =~ /..., .. ... [0,2][0-5]:..:..*/
score RCVD_AT_NIGHT 0.001
describeRCVD_AT_NIGHT Email was received between 8:00PM and
6:00AM
If you want to
On Wed, 2006-09-27 at 06:37 +, Mike Woods wrote:
Hi guys, bit of a query regarding sa-learn and messages that have
already been tagged as spam.
We have spamassassin scanning mail via amavisd and sending any caught
spams to a spam folder in the users accounts (using plus addressing),
Loren Wilton wrote:
occa_phishing.cf
occa_replica.cf
I have no knowledge of these.
From the rules you show these aren't particularly worthwhile (nor all
that
well written rules). There are a number of SARE rules that cover this
area
much more thoroughly, and I believe these days even
I'm getting matches whenever I have an embedded URL
on URIBL_AB_SURBL and URIBL_PH_SURBL -
unless the URL is actually in URIBL_SBL, in which case the
logic for all the flavors of URIBL_XX_SURBL seems
to work correctly. I have verified the
absence of the incorrectly matching URLs from SURBL
with
Bill Horne wrote:
I have a follow on question, so I'll add it to this thread:
Assuming that it's a good idea to feed Caught spams through sa-learn
in order to reinforce the tokens that might not have been autolearned,
how do I tell SA to ignore the SPAM notice in the subject? I
Philippe Couas wrote:
Hi,
I have migrate from Spamassassin 2.63 to 3.15.1, that' seems running,
somes mail are flaged and rpm -a seee new version.
But previously rules and local.cf was in /etc/mail/spamassasin, and
theses files are not modified by my rpm -Uvh.
The Stock rules should not
--As of September 27, 2006 5:43:28 PM -0700, Kelson is alleged to have said:
Daniel T. Staal wrote:
True. So... Optimal is obviously to train, once and correctly, on all
messages. Sending a message through that has been trained will consume
*some* resources, but less then one that still
A second attempt tests much better. Added at line 747:
# Received: from ([10.0.0.6]) by myfirewalll; Thu,
# 13 Mar 2003 06:26:21 -0500 (EST)
if (/^from \(\[(${IP_ADDRESS})\]\) by myfirewall/) {
$mta_looked_up_dns = 1;
$helo = $1; $ip = $1; $by = 'myfirewall'; goto enough;
What's your trusted_networks look like? Based on the headers below
you'll need to set it manually.
By default SA assumes that all the private range hosts are part of
your network, and the first non-private. However, in this case, the
first non-private is yahoo's server. That's bad.
Jim Davis
Greetings all,
I am quite new to SA (a week of SA life), and the SA is working, the
thing is, SA is incredibly slow on my server (2.8GHZ CPU + 2GB Memory
+ Qmail + Qmail-scanner). Here's a typical scan log:
result: . 0 - SPF_PASS scantime=14.7,size=1689 ...
.
And I have checked the
Also, has anyone ever seen ANY legit mail go to the highest MX record when
no mail server failure occurred?
I've seen a tiny amount-- little enough that I earlier set my primary to
dump any messages received from my tertiary MX into a quarantine folder for
my review, but since I got
On 9/28/06, Olivier Nicole [EMAIL PROTECTED] wrote:
I am quite new to SA (a week of SA life), and the SA is working, the
thing is, SA is incredibly slow on my server (2.8GHZ CPU + 2GB Memory
+ Qmail + Qmail-scanner). Here's a typical scan log:
result: . 0 - SPF_PASS scantime=14.7,size=1689
For instance, given the explanations above, I'll
start a system to automatically learn from my 'checkspam' folder, but not
my 'highspam' folder.
Remember that your 'highspam' may be separated from 'checkspam' largely
based on network tests; I often see identical messages with a 6-8 point
14 seconds may be just the delay for the various network tests to
respond.
You mean the test form SA? I have googled for this kind of situations
and I found I am the slowest. If I stop the spamd, the delivery will
be much faster.
I mean it depends how your SA is configured.
Some of the
Rob McEwen wrote:
(CCing Marc Perkel because I seem to recall him knowing about this)
Not that I'd ever outright block based on this one factor alone, but...
Does anyone have any stats about what percentage of spam is directed towards
the highest MX Record? (that is, where there is more than
48 matches
Mail list logo