Hi,
I manage 2 smtp servers, one for outgoing and uses smtp
authentication. Other incoming and scans mail using SA. Our users some
times send mails from dialup ips which are black listed, but the mails
always come via our authenticated smtp server.
Now when one of the customers send a mail to
Marc Perkel wrote:
If you're keen to share your development, why don't you explain to us
how it works?
/Per Jessen, Zürich
The details are a little to complex for this forum but the new trick
is mostly based on the fact that spam bots general don't issue the
QUIT command and when
Hi raj,
your server should not say SMTP in that case but ESMTPA, so that SA knows it
was auth'd message.
Out of the many qmail patch packages I have seen, only one seems to do that
Wolfgang
Rajkumar S wrote:
Hi,
I manage 2 smtp servers, one for outgoing and uses smtp
authentication. Other
Rajkumar S wrote:
Hi,
I manage 2 smtp servers, one for outgoing and uses smtp
authentication. Other incoming and scans mail using SA. Our users some
times send mails from dialup ips which are black listed, but the mails
always come via our authenticated smtp server.
Now when one of the
Apologies if I am asking in the wrong place, since I can see that there are
several possible reasons.
We have just upgraded to SpamAssassin 3.2.3 on an elderly 386 box running Red
Hat 9. At the same time I used CPAN to upgrade any out-of-date perl modules.
Now, when SA starts, we get the
I'm happy to announce that we have won an InfoWorld Best Of Open Source
Software BOSSIE Award, as the winner in the anti-spam category for 2007!
more info here:
http://www.infoworld.com/archives/t.jsp?N=sV=91650
--j.
On Tuesday, September 11, 2007 7:07 PM Marc Perkel wrote:
The details are a little to complex for this forum ...
OK - had quite a few trolls here who seem to be hostile to my
breakthroughs so I wasn't that motivated to post information.
Is there any chance we can get a moderator on this,
Hi;
I've seen this as well. I did a cpan upgrade and upgraded all perl
mods on a BSD, but not SA which was at 3.2.3. I think that may be due to
an issue with Sys:Syslog v0.20
SA seems to be working fine, as you say.
[96054] error: Can't locate Sys/Syslog/Win32.pm in @INC (@INC contains:
Congrats!!
Really happy to hear that!
Best Regards,
Simon Teh
Network and System Administrator
National Advanced IPv6
Centre of Excellence,
School of Computer Science,
Universiti Sains Malaysia
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Wednesday,
Jason Bertoch wrote:
On Tuesday, September 11, 2007 7:07 PM Marc Perkel wrote:
The details are a little to complex for this forum ...
OK - had quite a few trolls here who seem to be hostile to my
breakthroughs so I wasn't that motivated to post information.
Is there any chance we can get a
I back Ken and Jason on this one. It's a waste of time.
-Jeff
Jason Bertoch wrote:
On Tuesday, September 11, 2007 7:07 PM Marc Perkel wrote:
The details are a little to complex for this forum ...
OK - had quite a few trolls here who seem to be hostile to my
breakthroughs so I
On Wed, 12 Sep 2007 at 08:40 -0500, [EMAIL PROTECTED] confabulated:
Jason Bertoch wrote:
On Tuesday, September 11, 2007 7:07 PM Marc Perkel wrote:
The details are a little to complex for this forum ...
OK - had quite a few trolls here who seem to be hostile to my
breakthroughs so I wasn't
On Wed, 12 Sep 2007 at 13:32 +0100, [EMAIL PROTECTED] confabulated:
I'm happy to announce that we have won an InfoWorld Best Of Open Source
Software BOSSIE Award, as the winner in the anti-spam category for 2007!
more info here:
http://www.infoworld.com/archives/t.jsp?N=sV=91650
Awesome!
-Original Message-
From: Jason Bertoch [mailto:[EMAIL PROTECTED]
Sent: Wednesday, September 12, 2007 8:54 AM
To: users@spamassassin.apache.org
Subject: FW: List of 700,000 IP addresses of virus infected computers
On Tuesday, September 11, 2007 7:07 PM Marc Perkel wrote:
The
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Wednesday, September 12, 2007 8:33 AM
To: users@spamassassin.apache.org
Subject: SpamAssassin wins 2007 InfoWorld Best of Open
Source Software
award
I'm happy to announce that we have won an InfoWorld
We began upgrading to 3.2.3 from 3.2.1. There are 5 machines. On the first
machine prior to the upgrade the average scan time for a message was 2 to 4
seconds, fairly consistent at 2.5 or so seconds. After upgrading the same
systems now have a scan time of 7 or more seconds. Not sure if this was
Per Jessen wrote:
Marc Perkel wrote:
If you're keen to share your development, why don't you explain to us
how it works?
/Per Jessen, Zürich
The details are a little to complex for this forum but the new trick
is mostly based on the fact that spam bots general don't issue the
SpamAssassin is a really great product.
But, it is perl-based and checks every message with a lot of (all) rules (,
always!).
Volume of spam is constantly increasing, as well as CPU and memory load that
SA creates on servers.
As a SA user, I would be happy to have the following possibility in the
Justin Mason wrote:
I'm happy to announce that we have won an InfoWorld Best Of Open Source
Software BOSSIE Award, as the winner in the anti-spam category for 2007!
more info here:
http://www.infoworld.com/archives/t.jsp?N=sV=91650
--j.
Well deserved, all. Outstanding product, you do
Duane Hill schrieb:
On Wed, 12 Sep 2007 at 08:40 -0500, [EMAIL PROTECTED] confabulated:
Jason Bertoch wrote:
On Tuesday, September 11, 2007 7:07 PM Marc Perkel wrote:
The details are a little to complex for this forum ...
OK - had quite a few trolls here who seem to be hostile to my
I've somehow made it onto spam list that isn't being picked up by RBLs or
by bayes. All messages have a url that looks like this (where X's are
all digits):
http://aero-dog.com/1-23-28276-45381XXX.html
All messages are originating from 206.131.x.x and I have been submitting
them to
Here is summary of all the responses. Thanks to all who resonded, your
suggestions have been very helpful.
We will
- reduce the number of SA max-children
- look at ratelimit in exim
- only spam scan messages under a certain size
Aaron Wolfe
We reduce the messages bound
On Wednesday 12 September 2007 17:04:40 Brian Wilson wrote:
I've somehow made it onto spam list that isn't being picked up by RBLs or
by bayes. All messages have a url that looks like this (where X's are
all digits):
http://aero-dog.com/1-23-28276-45381XXX.html
All messages are
In order to implement something like this, you would need to know the order
of rules processing (which perhaps there is one - but I don't know it). You
would need to be careful if you have rules which will assign negative scores
which typically do so after other rules have already given positive
Of course, this would not be simple to implement this, but, I think, as SA
becomes more heavy, developers will be forced to find ways of scissoring.
To preserve nagative scores, SA could run these rules first.
And, while sorting, SA should take into account possible dependencies
between rules -
The most effective way I've found to lower the SA footprint is to limit
the mail that gets to it by using some triage on the MTA side. SA as a
standalone tool might benefit from some kind of triage functionality to
kill messages immediately as per a blacklist rule. The blacklist
rule(s)
I've somehow made it onto spam list that isn't being
picked up by RBLs or by bayes. All messages have a url
that looks like this (where X's are all digits):
http://aero-dog.com/1-23-28276-45381XXX.html
All messages are originating from 206.131.x.x and I have
been submitting them to
On Wed, 12 Sep 2007, Brian Wilson wrote:
I've somehow made it onto spam list that isn't being picked up by RBLs or by
bayes. All messages have a url that looks like this (where X's are all
digits):
http://aero-dog.com/1-23-28276-45381XXX.html
All messages are originating from
On Wednesday, September 12, 2007 10:51 AM Marc Perkel wrote:
Why don't you add me to your black hole list? I've added you to mine.
That way you don't have to see what I post. I'm happy not seeing what
you post. And - don't bother replying because I won't get it.
Can we please do something
I just got this personal email from him:
Why don't you add me to your black hole list? I've added you to mine.
That way you don't have to see what I post. I'm happy not seeing what
you post. And - don't bother replying because I won't get it.
I don't believe warnings are in order any longer
Per Jessen wrote:
Perhaps someone can turn this into a rule for SA to add some points.
The mail-server that detects the missing QUIT could easily add a header
which SA would then pick up on. But it might depend on what
those other factors are.
Part of the problem here is that a
On Wed, 12 Sep 2007, Brian Wilson wrote:
uri FROSTY_SAVER_URI /^http\:\/\/[\S\-]+\/[\d\-]+.html/ score
Escape that period.
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
[EMAIL PROTECTED]FALaholic #11174 pgpk -a [EMAIL PROTECTED]
key: 0xB8732E79 -- 2D8C
Hi,
while setting proper trust relatios can solve the problem for mails internal to
the system,
without that auth'd bit in the received header everybody outside the system
will still see
the message as coming from a dialup and passing through a potential open relay
Wolfgang Hamann
Rajkumar
On Wed, 12 Sep 2007, Jason Bertoch wrote:
On Tuesday, September 11, 2007 7:07 PM Marc Perkel wrote:
The details are a little to complex for this forum ...
OK - had quite a few trolls here who seem to be hostile to my
breakthroughs so I wasn't that motivated to post information.
Is there
I use a domain managed by HOSTROUTE, which has installed spamassassin as a
mail filter. My filespace is limited to 10MB, of which some 7.7MB are
currently devoted to spamassassin. Thus, I need to prune this quickly to
maintain service.
As I do not maintain the system, I cannot manage
newby 23 wrote:
I use a domain managed by HOSTROUTE, which has installed spamassassin as a
mail filter. My filespace is limited to 10MB,
O_o That sounds awfully low, even for cheap-to-free hosting.
According to http://www.hostroute.co.uk/hostingplans.html, the smallest
plan is 20M; you
On Wednesday September 12 2007 20:36:50 [EMAIL PROTECTED] wrote:
while setting proper trust relatios can solve the problem for mails
internal to the system, without that auth'd bit in the received header
everybody outside the system will still see the message as coming from
a dialup and
Crocomoth wrote:
SpamAssassin is a really great product.
But, it is perl-based and checks every message with a lot of (all) rules (,
always!).
Volume of spam is constantly increasing, as well as CPU and memory load that
SA creates on servers.
As a SA user, I would be happy to have the
How would you account for negative scoring rules? (if your message hit's
score=5 it may soon be socre=-2 after a negative scoring rule is
applied).
The most effective way I've found to lower the SA footprint is to limit
the mail that gets to it by using some triage on the MTA side. SA as a
Henrik Krohns writes:
On Wed, Sep 12, 2007 at 08:53:10AM -0700, Crocomoth wrote:
The most effective way I've found to lower the SA footprint is to limit
the mail that gets to it by using some triage on the MTA side. SA as a
standalone tool might benefit from some kind of triage
2007/9/12, Marc Perkel [EMAIL PROTECTED]:
I just added you to my blackhole list.
So, You've just added Gmail to it. A Wise one, eh?
--
-
GNU-GPL: May The Source Be With You...
Linux Registered User #448382.
When I grow up, I wanna be like
2007/9/12, Jon Trulson [EMAIL PROTECTED]:
On Wed, 12 Sep 2007, Jason Bertoch wrote:
On Tuesday, September 11, 2007 7:07 PM Marc Perkel wrote:
The details are a little to complex for this forum ...
OK - had quite a few trolls here who seem to be hostile to my
breakthroughs so I wasn't
On Wed, 12 Sep 2007, Luis Hernán Otegui wrote:
2007/9/12, Marc Perkel [EMAIL PROTECTED]:
I just added you to my blackhole list.
So, You've just added Gmail to it. A Wise one, eh?
I suspect Marc thinks blackhole list == kill file. If not, then he
just severely damaged the credibility of his
That's as much detail as I'm going to go into here. But the result is
that I have 720,000 IP addresses of virus infected computers and I'm
fiultering about 1600 domains and I'm not getting any more than the
normal few false positive complaints. And those are due to other
unrelated
Tuc at T-B-O-H wrote:
That's as much detail as I'm going to go into here. But the result is
that I have 720,000 IP addresses of virus infected computers and I'm
fiultering about 1600 domains and I'm not getting any more than the
normal few false positive complaints. And those are due to
I've been running virus.txt for 23 hours.
23368 messages, only 11 hits. All were
Drug messages that were picked up by SA
anyway.
Still, no false positives, FYI.
Jared Hall
General Telecom, LLC.
On Wednesday 12 September 2007 22:08, Tuc at T-B-O-H wrote:
That's as much detail as I'm going to
Luis Hernán Otegui wrote:
2007/9/12, Jon Trulson [EMAIL PROTECTED]:
On Wed, 12 Sep 2007, Jason Bertoch wrote:
On Tuesday, September 11, 2007 7:07 PM Marc Perkel wrote:
The details are a little to complex for this forum ...
OK - had quite a few trolls here who
On Wednesday 12 September 2007, Jason Bertoch wrote:
Is there any chance we can get a moderator on this, please? This is
clearly not a SA topic and I'm weary of insults, flames, and advertisements
from Marc.
You guys are almost as good as smurf amplifiers. Don't feed the trolls and
instead
Tuc at T-B-O-H wrote:
That's as much detail as I'm going to go into here. But the result is
that I have 720,000 IP addresses of virus infected computers and I'm
fiultering about 1600 domains and I'm not getting any more than the
normal few false positive complaints. And those are due
Tuc at T-B-O-H.NET wrote:
Tuc at T-B-O-H wrote:
That's as much detail as I'm going to go into here. But the result is
that I have 720,000 IP addresses of virus infected computers and I'm
fiultering about 1600 domains and I'm not getting any more than the
normal few false positive complaints.
Tuc at T-B-O-H.NET wrote:
Tuc at T-B-O-H wrote:
That's as much detail as I'm going to go into here. But the result is
that I have 720,000 IP addresses of virus infected computers and I'm
fiultering about 1600 domains and I'm not getting any more than the
normal few false positive
Hello,
I have recently change my SA server for another really similar server
but many software version have change between the 2 servers (include
SA 3.1.7 -- 3.2.3)
My old server scan the messages much faster (around 3-4 seconds vs
7.5-10 seconds).
This is not a critical issue for me because
OK - Think about it people. People here are saying that spam fighting
techniques are NOT WELCOME in the Spam Assassin list. Don't you people
realize how absolutely stupid that sounds? I am sitting here with my
mouth open in disbelief that anyone even suggest such a thing.
So the observation
Tuc at T-B-O-H.NET wrote:
Tuc at T-B-O-H.NET wrote:
Tuc at T-B-O-H wrote:
That's as much detail as I'm going to go into here. But the result is
that I have 720,000 IP addresses of virus infected computers and I'm
fiultering about 1600 domains and I'm not getting any more than
Please do not feed the trolls.
Marc Perkel wrote:
OK - Think about it people. People here are saying that spam fighting
techniques are NOT WELCOME in the Spam Assassin list. Don't you people
realize how absolutely stupid that sounds? I am sitting here with my
mouth open in disbelief that
55 matches
Mail list logo