Thanks for all answers.
Matus UHLAR - fantomas [EMAIL PROTECTED] wrote on 01.04.2008 18:11:03:
[EMAIL PROTECTED] writes:
In addition my SMTP server does *not* support 8-bit MIME for
incoming e-mail.
On 01.04.08 10:52, Enrico Scholz wrote:
That's very uncommon and lot of mail will be
Hi,
We have exacly the same issue over here. I am very interested in a
solution. If i look at the maillog file, I don't see a MY_SERVERS_FOUND
triggered anywhere ?
Greetings... Richard
JP Kelly wrote:
yay i finally had the pleasure of getting joe jobbed!
so i am looking at vbounce. i think
On Wed, Apr 02, 2008 at 08:30:37AM +0200, R.Smits wrote:
Hi,
We have exacly the same issue over here. I am very interested in a
solution. If i look at the maillog file, I don't see a MY_SERVERS_FOUND
triggered anywhere ?
You are not supposed to see __MY_SERVERS_FOUND. It's a hidden rule,
Benny Pedersen wrote:
On Wed, April 2, 2008 02:06, William Terry wrote:
I mostly lurk here, gleaning bits of wisdom from those far more
knowledgeable than me, however...
i have no clue either :-)
I am getting a dramatic increase in bounce messages with my domain
forged sent to
JP Kelly writes:
yay i finally had the pleasure of getting joe jobbed!
so i am looking at vbounce. i think it is working but when i
intentionally bounce to myself the by sending to a non existent
address, whitelist_bounce_relays does not seem to trigger. searching
the archives i
John Hardin writes:
On Tue, 1 Apr 2008, William Terry wrote:
Is there anything I can do to mitigate this?
Do you publish SPF records?
Logically this should have an effect, but in real-world terms, it doesn't.
So don't worry about it.
Instead, try enabling the vbounce ruleset...
--j.
On Tuesday 01 April 2008 16:06:25 Matus UHLAR - fantomas wrote:
On Monday 31 March 2008 22:53:45 Matus UHLAR - fantomas wrote:
Such IP's are thus not designed to send mail directly to recipients -
users have to send mail through mailserver with static IP that can
autenticate them.
On 4/1/2008 5:43 PM, Arvid Ephraim Picciani wrote:
and another mail false positive:
2.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
[Blocked - see http://www.spamcop.net/bl.shtml?91.151.146.244]
1.1 RCVD_IN_SORBS_WEB RBL: SORBS: sender is a abuseable
Recently a guy posted on the list about the problems he has been having for
a month trying to resolve problems with sending mail. The posting made it
appear the problem was a missing head-body separator in the mail he was
sending.
I've been talking with him, and that turns out to not be the
Loren Wilton wrote:
---
Having an PTR like ip-72-167-52-118.ip.secureserver.net does not
look like someone had the intention to run a mailrelay on.
With such an PTR you will not just be blocked by
UCEPROTECT-Appliances, you can expect wide delivery problems out
there.
On Wed, 2008-04-02 at 10:42 +0200, mouss wrote:
Benny Pedersen wrote:
On Wed, April 2, 2008 02:06, William Terry wrote:
I mostly lurk here, gleaning bits of wisdom from those far more
knowledgeable than me, however...
i have no clue either :-)
I am getting a
Thanks Mike. However, I'm getting the same warnings for a majority of
the .cf files in /var/lib/spamassassin/3.002004 and
/etc/mail/spamassassin, not just the two files referenced in my
original e-mail.
Rod
On Tue, Apr 1, 2008 at 9:07 PM, Michael Hutchinson
[EMAIL PROTECTED] wrote:
i see other types of backscatter that could be solved by using spf
only if spammers check spf before forging addresses, which I doubt...
I can say that since I started publishing SPF records at $DAYJOB we've seen
a gigantic reduction in backscatter. I think many spammers do try to avoid
using
- Original Message -
From: Henrik K [EMAIL PROTECTED]
To: users@spamassassin.apache.org
Sent: Wednesday, April 02, 2008 2:49 AM
Subject: Re: vbounce
On Wed, Apr 02, 2008 at 08:30:37AM +0200, R.Smits wrote:
Hi,
We have exacly the same issue over here. I am very interested in a
-Original Message-
From: Loren Wilton [mailto:[EMAIL PROTECTED]
Sent: Wednesday, April 02, 2008 11:46 AM
Recently a guy posted on the list about the problems he has been having
for
a month trying to resolve problems with sending mail. The posting made
it
appear the problem was a
how to unsubscribe to this group
--
Regards
Agnello Dsouza
www.linux-vashi.blogspot.com
www.bible-study-india.blogspot.com
Grant Peel wrote:
- Original Message - From: Henrik K [EMAIL PROTECTED]
To: users@spamassassin.apache.org
Sent: Wednesday, April 02, 2008 2:49 AM
Subject: Re: vbounce
On Wed, Apr 02, 2008 at 08:30:37AM +0200, R.Smits wrote:
Hi,
We have exacly the same issue over here. I am very
Agnello George wrote:
how to unsubscribe to this group
grin
It is amzaing how many people succeed to subscribe and can't find out
how to unsubscribe...
/grin
a Google search would easily lead to
http://wiki.apache.org/spamassassin/MailingLists
and reading that page shows how to
Agnello George wrote:
how to unsubscribe to this group
In the headers of every message on the list:
List-Unsubscribe: mailto:[EMAIL PROTECTED]
From the headers of all list emails
list-help: mailto:[EMAIL PROTECTED]
list-unsubscribe: mailto:[EMAIL PROTECTED]
List-Post: mailto:users@spamassassin.apache.org
List-Id: users.spamassassin.apache.org
Delivered-To: mailing list users@spamassassin.apache.org
oh and for VBounce look at the
Nigel Frankcom wrote:
From the headers of all list emails
list-help: mailto:[EMAIL PROTECTED]
list-unsubscribe: mailto:[EMAIL PROTECTED]
List-Post: mailto:users@spamassassin.apache.org
List-Id: users.spamassassin.apache.org
Delivered-To: mailing list users@spamassassin.apache.org
why
--On Wednesday, April 2, 2008 2:45 -0700 Loren Wilton
[EMAIL PROTECTED] wrote:
Received: from k2smtpout06-01.prod.mesa1.secureserver.net
([64.202.189.102])
by mx-pigeons.atl.sa.earthlink.net (EarthLink SMTP Server) with SMTP id
1jGWCE6yu3Nl34g0
for [EMAIL PROTECTED]; Wed, 2 Apr 2008
Hi all,
I'd like to create a rule that scores 4 points if the word office is in the
From field, or in the subject line
Can someone help me there?
thx
J
Joseph Brennan wrote:
--On Wednesday, April 2, 2008 2:45 -0700 Loren Wilton
[EMAIL PROTECTED] wrote:
Received: from k2smtpout06-01.prod.mesa1.secureserver.net
([64.202.189.102])
by mx-pigeons.atl.sa.earthlink.net (EarthLink SMTP Server) with SMTP id
1jGWCE6yu3Nl34g0
for [EMAIL
At 02:45 02-04-2008, Loren Wilton wrote:
Recently a guy posted on the list about the problems he has been
having for a month trying to resolve problems with sending
mail. The posting made it appear the problem was a missing
head-body separator in the mail he was sending.
I've been talking
On Wed, 2008-04-02 at 11:07 -0400, Jean-Paul Natola wrote:
Hi all,
I'd like to create a rule that scores 4 points if the word office is in the
From field, or in the subject line
Are you sure want to give 4 ??
Any way YSYR ( your server your rules :-) )
header __FROMOFFICE From
On Wed, 2008-04-02 at 11:07 -0400, Jean-Paul Natola wrote:
Hi all,
I'd like to create a rule that scores 4 points if the word office is in the
From field, or in the subject line
On 02.04.08 21:07, ram wrote:
Are you sure want to give 4 ??
Any way YSYR ( your server your rules :-) )
--On Wednesday, April 2, 2008 17:27 +0200 mouss [EMAIL PROTECTED] wrote:
Joseph Brennan wrote:
--On Wednesday, April 2, 2008 2:45 -0700 Loren Wilton
[EMAIL PROTECTED] wrote:
Received: from k2smtpout06-01.prod.mesa1.secureserver.net
([64.202.189.102])
by mx-pigeons.atl.sa.earthlink.net
On Wed, 2 Apr 2008, Justin Mason wrote:
John Hardin writes:
On Tue, 1 Apr 2008, William Terry wrote:
Is there anything I can do to mitigate this?
Do you publish SPF records?
Logically this should have an effect, but in real-world terms, it
doesn't. So don't worry about it.
Sure it
Joseph Brennan wrote:
[snip]
But 72.167.52.118 gave it to 64.202.189.102, and 64.202.189.102 is
the mail server that sent it out to the recipient.
Client software sends crazy stuff as helo.
client software does not insert qmail received headers. The message was
submitted on a qmail machine
On Thu, 27 Mar 2008, Jeff Koch wrote:
From: Jeff Koch [EMAIL PROTECTED]
To: users@spamassassin.apache.org
Date: Thu, 27 Mar 2008 22:53:52 -0400
Subject: Bounce back spam
Our users are getting inundated with bounce-back, joe-job
spam. We have the Vbounce.pm plugin enabled (v3.2.4) and have
I was thinking of adding a rule that explicity allows or does a -10 on
out of office autoreply as a complete string
If possible
-Original Message-
From: Matus UHLAR - fantomas [mailto:[EMAIL PROTECTED]
Sent: Wednesday, April 02, 2008 11:45 AM
To: users@spamassassin.apache.org
Jean-Paul Natola wrote:
I was thinking of adding a rule that explicity allows or does a -10 on
out of office autoreply as a complete string
If possible
only do so conditionally. you don't want spam to slip this way.
anyway, you'll have a hard time finding all the cases that require
Hi Miguel,
I run /usr/local/bin/sa-learn --force-expire daily with MySQL and it
works fine.
Here is an excellent slide show on use SQL with SA:
http://people.apache.org/~parker/presentations/MO13slides.pdf
You may also find these SQL queries helpful, I run them monthly.
echo Starting
ram wrote:
header __FROMOFFICE From =~/office/i
header __SUBOFFICE Subject =~/office/i
meta OFFICERULE (__FROMOFFICE || __SUBOFFICE )
score OFFICERULE 4.0
And don't forget to add word boundaries. You probably don't want it
matching on officer
header __FROMOFFICE From =~/\boffice\b/i
On Wed, 2008-04-02 at 10:08, Justin Mason wrote:
John Hardin writes:
On Tue, 1 Apr 2008, William Terry wrote:
Is there anything I can do to mitigate this?
Do you publish SPF records?
Logically this should have an effect, but in real-world terms, it doesn't.
So don't worry about
Martin Gregorie wrote:
On Wed, 2008-04-02 at 10:08, Justin Mason wrote:
John Hardin writes:
On Tue, 1 Apr 2008, William Terry wrote:
Is there anything I can do to mitigate this?
Do you publish SPF records?
Logically this should have an effect, but in
On Wed, 2008-04-02 at 16:27, mouss wrote:
Joseph Brennan wrote:
--On Wednesday, April 2, 2008 2:45 -0700 Loren Wilton
[EMAIL PROTECTED] wrote:
Received: from k2smtpout06-01.prod.mesa1.secureserver.net
([64.202.189.102])
by mx-pigeons.atl.sa.earthlink.net (EarthLink SMTP Server)
Martin Gregorie wrote:
[snip]
I use secureserver.net to host my domain name and I also run my own MTA.
I don't suffer from this problem, so if he rearranges his setup so it is
similar to mine the chances are the problem will go away.
As I said, Secureserver.net is my domain host. Apart from
On Wed, 2008-04-02 at 21:03, mouss wrote:
He is apparently relaying via k2smtpout06-01.prod.mesa1.secureserver.net
which looks like an official godaddy server.
In that case I'm confused: I thought his problem was described as being
due his MTA sending mail from a residential block of IPs.
Skip wrote:
I am on a linux, shared hosting site (Bluehost.com). I don't
know how I can get it into the startup script for that box, and I only have
access to my own home directory. That may be a showstopper right there.
I'll have no way of knowing when they reboot the box.
Earlier,
-Original Message-
From: Rodney Green [mailto:[EMAIL PROTECTED]
Sent: Thursday, 3 April 2008 12:35 a.m.
To: users@spamassassin.apache.org
Subject: Re: spamassassin lint warnings
Thanks Mike. However, I'm getting the same warnings for a majority of
the .cf files in
On Apr 1, 2008, at 3:00 PM, Bob Proulx wrote:
I have never been fond of AWL because the information it relies upon,
the mail headers, is very easy to forge. It depends too much upon
Yes, but they have to know who to forge. Anyway, I'm not debating
its merits. It works very, very well in
On Apr 1, 2008, at 3:14 PM, Justin Mason wrote:
Sorry, I don't the original messages any more. (I looked) But it
wouldn't surprise me if the /16 matched. The mail I send myself is
usually from Wifi or my phone carrier's GSM network, but accepted via
SMTP AUTH on the local machine. So which
I'm not worried about mail from self to self. I'm annoying because
AWL is decreasing forged spam score so far that the SPF failure
doesn't catch.
On Apr 1, 2008, at 3:14 PM, Benny Pedersen wrote:
INSERT INTO `awl` VALUES('amavis', '[EMAIL PROTECTED]', '80.166', 4, -14,
'2008-04-02 00:02:15');
On Apr 1, 2008, at 4:03 PM, John Hardin wrote:
If you don't scan mails that you know originated from you, then
they won't affect AWL for a forged message...
Sorry, I'm not going to disable virus and bot protection just to
avoid a mis-feature in another module.
The right answer is a fix in
On Apr 1, 2008, at 5:46 PM, Benny Pedersen wrote:
What I am pointing out is that AWL should not be used for
mail from self to self, because this is an easy forgery.
explain why its a problem when awl logs ip
AWL counts on the spammer not being able to forge someone you
correspond
with
On Apr 2, 2008, at 12:34 PM, mouss wrote:
no tuning on your side will help solving problems at the other
side. For example, I found that hotmail cache the value
Yes, they cache the results of that DNS query for exactly how long
you tell them to. If you want the SPF record cached less,
Jo Rhett wrote:
On Apr 2, 2008, at 12:34 PM, mouss wrote:
no tuning on your side will help solving problems at the other side.
For example, I found that hotmail cache the value
Yes, they cache the results of that DNS query for exactly how long you
tell them to.
This is not my observation.
On Wed, 2 Apr 2008, Jo Rhett wrote:
On Apr 1, 2008, at 4:03 PM, John Hardin wrote:
If you don't scan mails that you know originated from you, then
they won't affect AWL for a forged message...
Sorry, I'm not going to disable virus and bot protection just to avoid a
mis-feature in another
Jo Rhett wrote:
Bob Proulx wrote:
I disagree with the premise that it is hard to forge mail from someone
you correspond with frequently. It is equally easy to forge.
Easy to forge, but who to forge? Hard for a spammer to know who I
correspond with frequently. Myself is the only one a
On Wed, 2008-04-02 at 10:23 -0700, Kelson wrote:
ram wrote:
header __FROMOFFICE From =~/office/i
header __SUBOFFICE Subject =~/office/i
meta OFFICERULE (__FROMOFFICE || __SUBOFFICE )
score OFFICERULE 4.0
And don't forget to add word boundaries. You probably don't want it
52 matches
Mail list logo
