On Fri, 28 Sep 2007 09:49:33 -0400, Bowie Bailey [EMAIL PROTECTED]
wrote:
Paul Griffith wrote:
Greetings SA users,
I have a question that many of you have had to deal with. In our
setup we use Exim to call SA. Here is the issue, we reject anything
over a score
5.0. If a user that is in my
Paul Griffith wrote:
Greetings SA users,
I have a question that many of you have had to deal with. In our
setup we use Exim to call SA. Here is the issue, we reject anything
over a score
5.0. If a user that is in my whitelist sends a spammy e-mail with a
score over 5.0, the mail is
Greetings SA users,
I have a question that many of you have had to deal with. In our setup we
use Exim to call SA. Here is the issue, we reject anything over a score
5.0. If a user that is in my whitelist sends a spammy e-mail with a score
over 5.0, the mail is rejected.
i.e
This is
--On Thursday, September 27, 2007 7:05 PM +0200 Giampaolo Tomassoni
[EMAIL PROTECTED] wrote:
The only problem is that a spammer could query it days before it will
bulk send, thereby impairing the effectiveness of such approach.
I think we need some official data like the domain's creation
We now subscribe to the Spamhaus datafeed service. Being the zones are now
running locally under the name zen.dnsbl, I have to rewrite some of the
rules in SA. Do I just have to rewrite the relevant parts? I.e.:
Instead of:
header __RCVD_IN_ZENeval:check_rbl('zen',
Giampaolo Tomassoni wrote:
The only problem is that a spammer could query it days before it will bulk
send, thereby impairing the effectiveness of such approach.
So we check (with DNS) wether a domain MX record exists before
adding it to the database. Something like this:
1: It receives a
On Fri, 28 Sep 2007 at 11:01 -0400, [EMAIL PROTECTED] confabulated:
Duane Hill wrote:
On Fri, 28 Sep 2007 at 10:37 -0400, [EMAIL PROTECTED] confabulated:
On Sep 28, 2007, at 10:14 AM, Duane Hill wrote:
We now subscribe to the Spamhaus datafeed service. Being the zones are
now running
Paul Griffith wrote:
On Fri, 28 Sep 2007 09:49:33 -0400, Bowie Bailey
[EMAIL PROTECTED] wrote:
Paul Griffith wrote:
Greetings SA users,
I have a question that many of you have had to deal with. In our
setup we use Exim to call SA. Here is the issue, we reject
anything over a
I saw one of these nearly a month ago, but that was it. That it comes
addressed to a personal name is a bit disturbing.
- Skip
It is definately Sys:Syslog causing the problem. If you look in the actual
spamd file, it gives some indication of this. I found that if I specified
my log file options in the spamassassin options files that the problem is
resolved. Add something like -s /var/log/spam.d to the existing options
* Alex Woick [EMAIL PROTECTED] [070927 02:14]:
Micah Anderson schrieb am 27.09.2007 02:20:
processing has ground down to really slow. I'm seeing some incredibly
long queries now in my slow-query log, such as:
Try an optimize table tabname for each of the sa tables. You just
filled the
Duane Hill wrote:
I have made the changes and it is working. I just didn't want the
queries going off server in the event either rbldnsd or bind had issues.
I have more than one entry in /etc/resolv.conf for this reason.
Unless I'm mistaken and the feature made the 3.2.3 release, 3.2.4 (as
At 08:10 AM 9/28/2007, Kenneth Porter wrote:
Is there a new PayPal phish going about? This almost looks
legitimate, and I imagine it would have a lot of appeal to the
survey-lovers. (I had no communication with PayPal this week, so I
know this is bogus.)
some time ago when setup on
tuxbeagle wrote:
Thanks,
Knowing what to search for helps.
The first document I started reading has an installation where spam is
filtered to a specific user 'spammy'. I hope that there is a way to just
tag the spam in the header and let the user filter locally.
visit the postfix and
processing has ground down to really slow. I'm seeing some incredibly
long queries now in my slow-query log, such as:
Try an optimize table tabname for each of the sa tables. You just
filled the database from scratch, so perhaps the counters/statistics do not
reflect the actual value
I was interested to find out what would happen if spamd was totally
overloaded, so I set my --max-children=1 and --max-conn-per-child=1 and
then started hitting spamd with spamc and -t timeout values to see what
happens.
Essentially, each connection (simultaneously generated) took 1 second
On Sep 28, 2007, at 10:14 AM, Duane Hill wrote:
We now subscribe to the Spamhaus datafeed service. Being the zones
are now running locally under the name zen.dnsbl, I have to rewrite
some of the rules in SA. Do I just have to rewrite the relevant
parts? I.e.:
Why would you need to do
* Michael Parker [EMAIL PROTECTED] [070926 21:14]:
micah wrote:
On Wed, 26 Sep 2007 17:54:05 -0700, John D. Hardin wrote:
On Wed, 26 Sep 2007, Micah Anderson wrote:
SELECT count(*)
FROM bayes_token
WHERE id = '4'
AND ('1190846660' -
Is there a new PayPal phish going about? This almost
looks legitimate, and I imagine it would have a lot of
appeal to the survey-lovers. (I had no communication with
PayPal this week, so I know this is bogus.)
I received those too, and before that, an email from their customer support
disgusting as it is, this is almost certainly genuine.
... and to them we trust them with out money ~:(
Mup.
-Original Message-
From: Kenneth Porter [mailto:[EMAIL PROTECTED]
Sent: 28 September 2007 16:11
To: users@spamassassin.apache.org
Subject: New PayPal phish?
Is there a new
It IS legitimate. I received one 07/14 referencing a e-mail on 07/12,
and yes, on 07/12, Paypal did e-mail me (I had asked about a broken
security key).
At 08:10 AM 9/28/2007, Kenneth Porter wrote:
Is there a new PayPal phish going about? This almost looks
legitimate, and I imagine it would
On Fri, 28 Sep 2007 at 10:37 -0400, [EMAIL PROTECTED] confabulated:
On Sep 28, 2007, at 10:14 AM, Duane Hill wrote:
We now subscribe to the Spamhaus datafeed service. Being the zones are now
running locally under the name zen.dnsbl, I have to rewrite some of the
rules in SA. Do I just have
On Fri, 28 Sep 2007, Kenneth Porter wrote:
Is there a new PayPal phish going about? This almost looks
legitimate, and I imagine it would have a lot of appeal to the
survey-lovers. (I had no communication with PayPal this week, so I
know this is bogus.)
I reported it to paypal as such.
If
open source ipcop firewall has a pluging called copfilter that has a
transparent mail proxy that scans all pop and smtp email using sa and
clamav
On 9/25/07, tuxbeagle [EMAIL PROTECTED] wrote:
I am trying to find a mail proxy/spamassassin solution for 2 situations.
Situation 1 is
Mail
Duane Hill wrote:
On Fri, 28 Sep 2007 at 10:37 -0400, [EMAIL PROTECTED] confabulated:
On Sep 28, 2007, at 10:14 AM, Duane Hill wrote:
We now subscribe to the Spamhaus datafeed service. Being the zones
are now running locally under the name zen.dnsbl, I have to rewrite
some of the rules in
Quoting Kenneth Porter [EMAIL PROTECTED]:
--On Thursday, September 27, 2007 7:05 PM +0200 Giampaolo Tomassoni
[EMAIL PROTECTED] wrote:
The only problem is that a spammer could query it days before it will
bulk send, thereby impairing the effectiveness of such approach.
I think we need
Is there a new PayPal phish going about? This almost looks legitimate, and
I imagine it would have a lot of appeal to the survey-lovers. (I had no
communication with PayPal this week, so I know this is bogus.)---BeginMessage---
Dear Kenneth Porter,
On 09/26/2007, I sent you an email regarding
Micah Anderson schrieb am 27.09.2007 02:20:
processing has ground down to really slow. I'm seeing
some incredibly long queries now in my slow-query log,
such as:
Try an optimize table tabname for each of the sa
tables. You just filled the database from scratch, so
perhaps the
On Fri, 28 Sep 2007 at 21:57 +0300, [EMAIL PROTECTED] confabulated:
Micah Anderson schrieb am 27.09.2007 02:20:
processing has ground down to really slow. I'm seeing
some incredibly long queries now in my slow-query log,
such as:
Try an optimize table tabname for each of the sa
tables. You
On Fri, 28 Sep 2007 13:01:23 -0400, Micah Anderson wrote:
This leads me to wonder what would happen if I hit my SOMAXCONN with
incoming messages, would they not be queued up? The SOMAXCONN on my
linux box appears to be 128. So to test, I did the following on my spamd
server, and then
On Friday, September 28, 2007 4:06 PM hanz wrote:
looking at the debug code, I notice that botnet,pm version 0.8 is only
checking the last server IP and not all IPs in the path.
A botnet sends mail directly from the infected source, rather than relay it via
the ISP's mail server. Any
Thanks for confirming how botnet works. This is exactly the problem!
Botnet.pm is only checking the LAST IP and not the FIRST in the example
email.
The first IP in the list is a definite botnet source but botnet.pm does not
detect this as a botnet email.
hanz
Jason Bertoch [Electronet]
Botnet 0.8 is up and available. It took me a while (things have been
REALLY busy at work for the last 6 months), but it's there.
http://people.ucsc.edu/~jrudd/spamassassin/Botnet-0.8.tar
ooking at the debug code, I notice that botnet,pm version 0.8 is only
checking the last server IP and
-Original Message-
From: hanz [mailto:[EMAIL PROTECTED]
Sent: Friday, September 28, 2007 4:31 PM
To: users@spamassassin.apache.org
Subject: RE: Botnet 0.8 Plugin is available (FINALLY!!!)
Thanks for confirming how botnet works. This is exactly the problem!
Botnet.pm is only
Hanz wrote:
[L]ooking at the debug code, I notice that botnet,pm version 0.8 is only
checking the last server IP and not all IPs in the path.
Which is correct, if you checked the originating address in the list then all
messages sent from home (through your ISP or work) would be marked as
I'm out of my element on this, so please forgive me if I ask something silly.
We have two SpamAssassin (v3.002003) servers on Red Hat, each with 4gb RAM.
ServerA ROCKS while ServerB SUCKS.
So I've been comparing the two systems hoping to find some configuration
differences between them.
When
On 28.09.07 14:06, JOW wrote:
I'm out of my element on this, so please forgive me if I ask something silly.
We have two SpamAssassin (v3.002003) servers on Red Hat, each with 4gb RAM.
ServerA ROCKS while ServerB SUCKS.
ServerA (the good one) is using nearly all of the 4gb of RAM available
On Fri, 28 Sep 2007, JOW wrote:
ServerA (the good one) is using nearly all of the 4gb of RAM
available to it. But ServerB is only using a fraction of available
RAM and the # of context switches is tons higher, too.
I hope this isn't a silly question, but how significant is this,
and where
Thanks for the quick reply.
So I shouldn't read anything into the disparity of memory usage between the
two boxes?
I'm at a loss as to why the one box is consistently in distress, while the
other is consistently doing great.
I should have mentioned we're using spamd (-m 50) and I've compared
hanz wrote:
I believe if botnet.pm is checking all the path the mail went thru like how
dnsbl is used, botnet will get more accurate.
No, it would throw a lot more false-positives. Every end user
(corporate, home, etc.) on a dynamic IP address would suddenly get their
email flagged by
At 02:31 PM 9/28/2007, John Rudd wrote:
Consider this senario:
a) user on dynamic IP sends email to their ISP's mail server
b) ISP's mail server submits message to your mail server
In your suggested processing, this would generate a false positive:
the message would be marked as a
From a uname -v, they both appear to be #1 SMP Fri Oct 13 17:56:20 EDT 2006.
Here's a uname -a on each:
ServerB (B as in bad):
Linux expurgate2 2.4.21-47.0.1.ELsmp #1 SMP Fri Oct 13 17:56:20 EDT 2006
i686 i686 i386 GNU/Linux
ServerA (A as in awesome):
Linux expurgate1 2.4.21-47.0.1.ELsmp #1 SMP
Thanks for confirming how botnet works. This is exactly
the problem!
Botnet.pm is only checking the LAST IP and not the FIRST
in the example email.
The first IP in the list is a definite botnet source but
botnet.pm does not detect this as a botnet email.
hanz
As far as I have
On Fri, 28 Sep 2007 at 21:57 +0300, [EMAIL PROTECTED]
confabulated:
Optimize table does not work with InnoDB.
Are you sure? An excerpt from the MySQL 5.0 documentation
found here:
May be old information what I told. I tried and no errors from optimize table
with InnoDB table.
processing has ground down to really slow. I'm seeing
some incredibly long queries now in my slow-query log,
such as:
Try an optimize table tabname for each of the sa
tables. You just filled the database from scratch, so
perhaps the counters/statistics do not reflect the actual
value
45 matches
Mail list logo