Len Conrad wrote:
For the same period of about 4.5 hours, zen had about 110 hits, while
b.barracuda had about 165.
What about overlap? Were the barracuda hits only those that skipped by
zen? Thanks.
for the same period, zen = 153 hits, barracuda = 226 hits
when I comm the two sorted files,
Bob Proulx writes:
Are the hit frequencies from the SpamAssassin corpus available on the
web somewhere? I looked through the docs and wiki but didn't see it
if they were.
What is the hit frequency in the corpus of SUBJ_ALL_CAPS scoring 2.1?
I wanted to know so that I could educate a
On 13.09.08 19:44, aladdin Sorry about the generic wrote:
Sorry about the generic subject, but it is the only thing this newbie knows
to
describe the symptom.
Platform: Debian (Etch?)
Latest Spamassassin in apt (version 3.1.7-deb)
there's 3.2.3 in volatile archive, just FYI
--
Matus
On 13.09.08 20:34, aladdin wrote:
On Saturday 13 September 2008 20:20, aladdin wrote:
On Saturday 13 September 2008 20:00, Daryl C. W. O'Shea wrote:
Check to make sure that network tests aren't disabled. Many distro
packages have network tests turned off my default. Not sure where
For the same period of about 4.5 hours, zen had about 110 hits, while
b.barracuda had about 165.
What about overlap? Were the barracuda hits only those that skipped by
zen? Thanks.
On 21.09.08 21:14, Len Conrad wrote:
for the same period, zen = 153 hits, barracuda = 226 hits
There's
The problem is in false positives - you won't get any mail with it
I've had servers listed on Barracuda before, despite 17 emails to their
support systems we never had any response, and had to change a customers
mail architecture to compensate.
Very wary of them ..
Chris
Hi,
I nstalled Sendmail 8.14.2, MIMEDefang-2.63, SpamAssassin 3.2.4, and MySQL
5.0.51a on FreeBSD 6.3. Normal messages (including sample-spam.txt and
sample-nospam.txt) are processed properly and everything appears to work
properly until I try to implement per-user settings with MySQL.
Hi, spamassassin.apache.org
Now I try to update rule of spamassassin through proxy.
I inserted http://proxy:port in /etc/wgetrc already but when I type command
#sa-update -D
I see this :
check: is spam? score=0 required=5[8931] dbg: check: tests=[8931] dbg: check:
subtests=[8931] dbg:
On Sun, 2008-09-21 at 18:18 -0500, Len Conrad wrote:
We're trying it today.
For the same period of about 4.5 hours, zen had about 110 hits, while
b.barracuda had about 165.
In about 26 hours I had 885 hits on b.barracuda, and 309 hits on the
various zen lists.
Zen had only 18 unique
On 20 Sep 2008 at 5:21, J.J. Day wrote:
Hi,
I nstalled Sendmail 8.14.2, MIMEDefang-2.63, SpamAssassin 3.2.4, and
MySQL 5.0.51a on FreeBSD 6.3. Normal messages (including sample-spam.txt
and sample-nospam.txt) are processed properly and everything appears to
work properly until I
Jeff Chan wrote:
[Pardon the spam; thought this new blacklist might be worth at
least trying.]
Apparently Barracuda will be publishing a free-to-use sender
blacklist called BRBL:
http://www.barracudacentral.org/rbl
Haven't tried it myself but thought it may be of interest.
We have a
Alangchang Zuuzuu wrote:
I inserted _http://proxy:port_ in /etc/wgetrc already but when I type
command
sa-update doesn't use wget.
*what should I do*
Try setting the environment variable http_proxy to whatever
address your proxy uses before calling sa-update.
*Should I edit
Hi Alangchang,
At 06:40 21-09-2008, Alangchang Zuuzuu wrote:
Now I try to update rule of spamassassin through proxy.
I inserted http://proxy:porthttp://proxy:port in /etc/wgetrc
already but when I type command
#sa-update -D
I see this :
[snip]
[8931] dbg: channel: no MIRRORED.BY
--On Sunday, September 21, 2008 18:39 -0600 Bob Proulx [EMAIL PROTECTED]
wrote:
OVERALLSPAM% HAM% S/ORANK SCORE NAME
1.116 1.5957 0.27050.855 0.512.08 SUBJ_ALL_CAPS
Am I reading that correctly to see that in spam all caps showed up in
1.60% of the
At 03:24 22-09-2008, Chris Russell wrote:
I've had servers listed on Barracuda before, despite 17 emails to their
support systems we never had any response, and had to change a customers
mail architecture to compensate.
It's a free blacklist. People will use it until they get listed and
Joseph Brennan writes:
--On Sunday, September 21, 2008 18:39 -0600 Bob Proulx [EMAIL PROTECTED]
wrote:
OVERALLSPAM% HAM% S/ORANK SCORE NAME
1.116 1.5957 0.27050.855 0.512.08 SUBJ_ALL_CAPS
Am I reading that correctly to see that in spam all caps
I'm having trouble with a correspondent who is using SPF, is sending
from a host allowed in policy, but the SPF rule is not matching.
Their spf record (obfuscated) is:
example.com.3600IN TXT v=spf1 mx ptr ip4:a.a.a.0/24
ip4:b.b.b.0/24 a:mailrelay a:exchange
SM writes:
At 03:24 22-09-2008, Chris Russell wrote:
I've had servers listed on Barracuda before, despite 17 emails to their
support systems we never had any response, and had to change a customers
mail architecture to compensate.
It's a free blacklist. People will use it until they get
Matus UHLAR - fantomas [EMAIL PROTECTED] 9/22/2008 3:26 AM
On 13.09.08 19:44, aladdin Sorry about the generic wrote:
Sorry about the generic subject, but it is the only thing this newbie
knows to
describe the symptom.
I have used spamassassin for many years. We use a number of add-ins
McDonald, Dan wrote:
I'm having trouble with a correspondent who is using SPF, is sending
from a host allowed in policy, but the SPF rule is not matching.
Their spf record (obfuscated) is:
example.com.3600IN TXT v=spf1 mx ptr ip4:a.a.a.0/24
ip4:b.b.b.0/24 a:mailrelay
DAve wrote:
Jeff Chan wrote:
[Pardon the spam; thought this new blacklist might be worth at
least trying.]
Apparently Barracuda will be publishing a free-to-use sender
blacklist called BRBL:
http://www.barracudacentral.org/rbl
Haven't tried it myself but thought it may be of interest.
We
* Justin Mason [EMAIL PROTECTED]:
The fact that there's a prominent removal-request link is a good
sign, in my opinion ;) Let's see how it goes.
My top rejections for today are:
% fgrep www.barracudanetworks.com/reputation /var/log/mail.log |
awk '{print $10}' | sort |uniq -c | sort -n |
On Mon, 22 Sep 2008, Daniel J McDonald wrote:
On Sun, 2008-09-21 at 18:18 -0500, Len Conrad wrote:
We're trying it today.
For the same period of about 4.5 hours, zen had about 110 hits, while
b.barracuda had about 165.
In about 26 hours I had 885 hits on b.barracuda, and 309 hits on the
On Mon, 2008-09-22 at 10:14 -0400, Justin Piszcz wrote:
On Mon, 22 Sep 2008, Daniel J McDonald wrote:
On Sun, 2008-09-21 at 18:18 -0500, Len Conrad wrote:
We're trying it today.
Hmm I signed up for this 1-2 days ago but never got a confirmation e-mail
from them? What is the RBL
I had the same issue and found that the system that's relaying
(216.129.105.40) those confirmation emails doesn't have a PTR record.
You'd think someone selling a antispam/email appliance would be familiar
with the RFCs.
-Original Message-
From: Justin Piszcz [mailto:[EMAIL PROTECTED]
On Mon, 2008-09-22 at 15:49 +0200, mouss wrote:
McDonald, Dan wrote:
I'm having trouble with a correspondent who is using SPF, is sending
from a host allowed in policy, but the SPF rule is not matching.
Their spf record (obfuscated) is:
example.com.3600IN TXT
Justin Piszcz wrote ... (9/22/2008 10:14 AM):
Hmm I signed up for this 1-2 days ago but never got a confirmation
e-mail from them? What is the RBL name?
Justin.
Same here. For those currently running this, how long did it take to
get confirmation email and setup?
~ Sparky ~
About 10 minutes. I've had it up and running for about 30 minutes now and
I've gotten 127 hits. Pretty impressive. Now we will need to see what
fallout occurs. :)
Curtis LaMasters
http://www.curtis-lamasters.com
http://www.builtnetworks.com
Dave
I got mine in seconds this morning.
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
-Original Message-
From: Dave Koontz [mailto:[EMAIL PROTECTED]
Sent: 22 September 2008 15:30
To: Justin Piszcz
Cc: users@spamassassin.apache.org
Subject:
Dave Koontz wrote:
Justin Piszcz wrote ... (9/22/2008 10:14 AM):
Hmm I signed up for this 1-2 days ago but never got a confirmation
e-mail from them? What is the RBL name?
Justin.
Same here. For those currently running this, how long did it take to
get confirmation email and setup?
I ran
Rose, Bobby wrote:
I had the same issue and found that the system that's relaying
(216.129.105.40) those confirmation emails doesn't have a PTR record.
You'd think someone selling a antispam/email appliance would be familiar
with the RFCs.
-Original Message-
From: Justin Piszcz
Rose, Bobby wrote ... (9/22/2008 10:24 AM):
I had the same issue and found that the system that's relaying
(216.129.105.40) those confirmation emails doesn't have a PTR record.
You'd think someone selling a antispam/email appliance would be familiar
with the RFCs.
That would explain why I
The problem is in false positives - you won't get any mail with it
I've had servers listed on Barracuda before, despite 17 emails to their
support systems we never had any response, and had to change a customers
mail architecture to compensate.
Very wary of them ..
Chris
SOUNDS
Justin Piszcz wrote:
Hmm I signed up for this 1-2 days ago but never got a confirmation
e-mail from them? What is the RBL name?
They send from an IP without rDNS.
Received: from barracudacentral.org (unknown [216.129.105.40])
you may have rejected or quarantined it.
Hi, spamassassin.apache.org
Now I try to update rule of spamassassin through proxy.
I inserted http://proxy:port http://proxy:port in /etc/wgetrc already but
when I type command
donĀ¹t know if sa-update uses wget.
on freebsd, we just set http_proxy environment
mouss wrote:
Justin Piszcz wrote:
Hmm I signed up for this 1-2 days ago but never got a confirmation
e-mail from them? What is the RBL name?
They send from an IP without rDNS.
Received: from barracudacentral.org (unknown [216.129.105.40])
you may have rejected or quarantined it.
On Mon, 22 Sep 2008, Dave Koontz wrote:
Rose, Bobby wrote ... (9/22/2008 10:24 AM):
I had the same issue and found that the system that's relaying
(216.129.105.40) those confirmation emails doesn't have a PTR record.
You'd think someone selling a antispam/email appliance would be familiar
with
Dave Koontz writes:
Rose, Bobby wrote ... (9/22/2008 10:24 AM):
I had the same issue and found that the system that's relaying
(216.129.105.40) those confirmation emails doesn't have a PTR record.
You'd think someone selling a antispam/email appliance would be familiar
with the RFCs.
I realize that it is malformed - shouldn't have non FQDN's in the a: or
mx: types, and male.example.com doesn't have an mx record (it is the mx
for 'example.com'). But that being said, those ones that are valid
ought to be recognized.
A gentle suggestion to the SPF owner to visit
My top rejections for today are:
% fgrep www.barracudanetworks.com/reputation /var/log/mail.log |
awk '{print $10}' | sort |uniq -c | sort -n | tail
18 mx35.ispgateway.de[80.67.29.41]:
. . .
21 mx20.ispgateway.de[80.67.18.53]:
21 mx43.ispgateway.de[80.67.29.52]:
. . .
Ralf Hildebrandt [EMAIL PROTECTED] wrote:
My top rejections for today are:
x28 smtp-out.orange.net[193.252.22.118]:
Orange is a major ISP. Their mail-sending hosts are in 193.252.22 and
80.12.242. Mail from Orange runs about 85 to 90% spam here. The
minority remaining are legit
Justin Mason wrote:
Joseph Brennan writes:
OVERALLSPAM% HAM% S/ORANK SCORE NAME
1.116 1.5957 0.27050.855 0.512.08 SUBJ_ALL_CAPS
No, it's high. Only 1.87% had all caps subject, but of those 85%
were spam: 1.60 / 1.87.
If I am reading correctly.
I had the same issue and found that the system that's relaying
(216.129.105.40) those confirmation emails doesn't have a PTR record.
You'd think someone selling a antispam/email appliance would be familiar
with the RFCs.
That would explain why I got no confirmation, we do not accept
* Joseph Brennan [EMAIL PROTECTED]:
My top rejections for today are:
% fgrep www.barracudanetworks.com/reputation /var/log/mail.log |
awk '{print $10}' | sort |uniq -c | sort -n | tail
18 mx35.ispgateway.de[80.67.29.41]:
. . .
21 mx20.ispgateway.de[80.67.18.53]:
21
* Dave Koontz [EMAIL PROTECTED]:
Rose, Bobby wrote ... (9/22/2008 10:24 AM):
I had the same issue and found that the system that's relaying
(216.129.105.40) those confirmation emails doesn't have a PTR record.
You'd think someone selling a antispam/email appliance would be familiar
with
* Matt [EMAIL PROTECTED]:
In fairness -- if you drop mail with no rDNS, you are dropping 3.6% of
legit email in general, going by the test results for our RDNS_NONE
rule... ;)
Everyone should block/defer ALL email with no reverse DNS. Then maybe
those email admins would get a clue.
* Michael Scheidell [EMAIL PROTECTED]:
SOUNDS LIKE MY FREE BLACKLIST: blocked.secnap.net (google for it), lists
all ipv4 addresses in the world.
(and for some reason, one of the perl maintainers used it)
Finally. No. More. Spam.
--
Ralf Hildebrandt (i.A. des GB IT) [EMAIL
I would very much want to know how this mail is scored.
--
Regards
Lars Ebeling
http://leopg9.no-ip.org
Hobbithobbyist
I am not young enough to know everything.
-- Oscar Wilde
Lars Ebeling wrote:
I would very much want to know how this mail is scored.
Umm.. Take a look at the headers? Or am I misunderstanding what you're
asking?
Matt wrote:
I had the same issue and found that the system that's relaying
(216.129.105.40) those confirmation emails doesn't have a PTR record.
You'd think someone selling a antispam/email appliance would be familiar
with the RFCs.
That would explain why I got no confirmation, we
On Mon, Sep 22, 2008 at 09:23:45AM -0500, Daniel J McDonald wrote:
On Mon, 2008-09-22 at 10:14 -0400, Justin Piszcz wrote:
On Mon, 22 Sep 2008, Daniel J McDonald wrote:
On Sun, 2008-09-21 at 18:18 -0500, Len Conrad wrote:
We're trying it today.
Hmm I signed up for this 1-2
You can set up Barracuda to not to reply to spam which is default
behavior, which I hate. This is the backscatter we all experienced
from Barracuda devices. I set one up for a friend but it does take
awhile to look for the instructions and to get this setting correct
which I don't understand
At 08:58 22-09-2008, Matt wrote:
Everyone should block/defer ALL email with no reverse DNS. Then maybe
those email admins would get a clue.
Assuming you have signed up for that service, would you whitelist the
sending host or wait for the postmaster to get a clue?
Regards,
-sm
* Michael Scheidell [EMAIL PROTECTED]:
SOUNDS LIKE MY FREE BLACKLIST: blocked.secnap.net (google for it), lists
all ipv4 addresses in the world.
(and for some reason, one of the perl maintainers used it)
Finally. No. More. Spam.
Now lets see how many idiots start using it.
For the next
* SM [EMAIL PROTECTED]:
At 08:58 22-09-2008, Matt wrote:
Everyone should block/defer ALL email with no reverse DNS. Then maybe
those email admins would get a clue.
Assuming you have signed up for that service,
Service? Sign up? It's a simple setting in the MTA.
would you whitelist the
* Michael Scheidell [EMAIL PROTECTED]:
* Michael Scheidell [EMAIL PROTECTED]:
SOUNDS LIKE MY FREE BLACKLIST: blocked.secnap.net (google for it), lists
all ipv4 addresses in the world.
(and for some reason, one of the perl maintainers used it)
Finally. No. More. Spam.
Now lets
Michael Scheidell wrote:
yes, I can set a positive score for RCVD_IN_BSP_TRUSTED rules (I have!)
Without it, lots of spam would get through with the default -4.3 score.
I have also been unable to contact them and removed the default score of
-4.3. In fact, I'm concerned that if nobody
identify their netblock and never hear from them again.
Is this hypothetical or does this happen to you in real life?
Real life. Some 'rbl testing' companies make money by monitoring rb's.
Some rbl testing software includes blocked.secnap.net
Seems to come in spurts. Won't hear from anyone
Henrik K wrote:
On Mon, Sep 22, 2008 at 09:23:45AM -0500, Daniel J McDonald wrote:
On Mon, 2008-09-22 at 10:14 -0400, Justin Piszcz wrote:
On Mon, 22 Sep 2008, Daniel J McDonald wrote:
On Sun, 2008-09-21 at 18:18 -0500, Len Conrad wrote:
We're trying it today.
Hmm I signed up for this 1-2
Joseph Brennan wrote:
Ralf Hildebrandt [EMAIL PROTECTED] wrote:
My top rejections for today are:
x28 smtp-out.orange.net[193.252.22.118]:
Orange is a major ISP. Their mail-sending hosts are in 193.252.22 and
80.12.242. Mail from Orange runs about 85 to 90% spam here. The
minority
I don't know how this will work but I'm building the data now. For those
of you who are familiar with Day old bread lists to detect new domains,
as you know there's a lag time in the data and they often don't have
data from all the registries. So - here's a different solution.
What I'm
Marc Perkel wrote:
I don't know how this will work but I'm building the data now. For those
of you who are familiar with Day old bread lists to detect new domains,
as you know there's a lag time in the data and they often don't have
data from all the registries. So - here's a different
Henrik K wrote:
On Mon, Sep 22, 2008 at 09:23:45AM -0500, Daniel J McDonald wrote:
On Mon, 2008-09-22 at 10:14 -0400, Justin Piszcz wrote:
On Mon, 22 Sep 2008, Daniel J McDonald wrote:
On Sun, 2008-09-21 at 18:18 -0500, Len Conrad wrote:
We're trying it today.
Hmm I signed up for
Ken A wrote:
Marc Perkel wrote:
I don't know how this will work but I'm building the data now. For
those of you who are familiar with Day old bread lists to detect new
domains, as you know there's a lag time in the data and they often
don't have data from all the registries. So - here's a
McDonald, Dan wrote:
Henrik K wrote:
On Mon, Sep 22, 2008 at 09:23:45AM -0500, Daniel J McDonald wrote:
On Mon, 2008-09-22 at 10:14 -0400, Justin Piszcz wrote:
On Mon, 22 Sep 2008, Daniel J McDonald wrote:
On Sun, 2008-09-21 at 18:18 -0500, Len Conrad
On Mon, 2008-09-22 at 15:44 -0700, Marc Perkel wrote:
Ken A wrote:
Marc Perkel wrote:
I don't know how this will work but I'm building the data now. For
those of you who are familiar with Day old bread lists to detect new
domains, as you know there's a lag time in the data and they
Daniel, I think your missing the point, or I'm completely lost but I
believe the point of the list is to tag domains with a registration date of
a week or less when sending mail to you (prevent spam from newly registered
domains). I may be off but that's the way I understand DOB.
Curtis
On Mon, 2008-09-22 at 18:17 -0500, Curtis LaMasters wrote:
Daniel, I think your missing the point, or I'm completely lost but I
believe the point of the list is to tag domains with a registration
date of a week or less when sending mail to you (prevent spam from
newly registered domains). I
McDonald, Dan wrote:
On Mon, 2008-09-22 at 15:44 -0700, Marc Perkel wrote:
Ken A wrote:
Marc Perkel wrote:
I don't know how this will work but I'm building the data now. For
those of you who are familiar with Day old bread lists to detect new
domains, as you know there's a
On Mon, 22 Sep 2008, Curtis LaMasters wrote:
Daniel, I think your missing the point, or I'm completely lost but I
believe the point of the list is to tag domains with a registration date
of a week or less when sending mail to you (prevent spam from newly
registered domains).
Marc didn't say
John Hardin wrote:
Why is it so flippin' difficult to get a feed of newly-registered
domain names?
Because the TLDs hate giving people access to the data and certainly
won't provide a feed without a bunch of cash involved. Even worse, all
the ccTLDs pretty much refuse to even talk to you
Hi Blaine,
At 17:00 22-09-2008, Blaine Fleming wrote:
Honestly, on my system I have less than 0.01% hits against a list of
domains registered in the last five days so I've always considered
the list a failure. However, several others are reporting excellent
hit rates on it. I think it is
Blaine Fleming wrote:
John Hardin wrote:
Why is it so flippin' difficult to get a feed of newly-registered
domain names?
Because the TLDs hate giving people access to the data and certainly
won't provide a feed without a bunch of cash involved. Even worse,
all the ccTLDs pretty much
On Mon, 22 Sep 2008, Blaine Fleming wrote:
John Hardin wrote:
Why is it so flippin' difficult to get a feed of newly-registered domain
names?
Because the TLDs hate giving people access to the data and certainly
won't provide a feed without a bunch of cash involved. Even worse, all
the
SM wrote:
Even if your traffic patterns are different, the hit rates shouldn't
be that low. There would be a difference if your MTA uses a DNSBL to
reject or if you apply other pre-content filtering techniques.
It's not a matter of different traffic patterns as much as a matter of
when I
Blaine Fleming wrote:
John Hardin wrote:
Why is it so flippin' difficult to get a feed of newly-registered
domain names?
Because the TLDs hate giving people access to the data and certainly
won't provide a feed without a bunch of cash involved. Even worse,
all the ccTLDs pretty much refuse
John Hardin wrote:
This is why I started processing all the TLDs I was able to obtain
access to. There is lag but the most it could be is about 24 hours
and that assumes they register a new domain immediately after the TLD
dumps the zone.
Does your data allow mapping domain name to
McDonald, Dan wrote:
I'm having trouble with a correspondent who is using SPF, is sending
from a host allowed in policy, but the SPF rule is not matching.
Their spf record (obfuscated) is:
example.com. 3600IN TXT v=spf1 mx ptr ip4:a.a.a.0/24
ip4:b.b.b.0/24 a:mailrelay
On Mon, 2008-09-22 at 17:13 -0700, Marc Perkel wrote:
Where I'm getting hits is on spam bots that link to these new domains.
Spambots are easy to detect because they never use the QUIT command to
clost the connection. So if a spambot message links to an unfamliar
domain (a domain NOT on my
On Mon, 2008-09-22 at 18:26 -0600, Blaine Fleming wrote:
John Hardin wrote:
This is why I started processing all the TLDs I was able to obtain
access to. There is lag but the most it could be is about 24 hours
and that assumes they register a new domain immediately after the TLD
Sorry for the top-post, I'm using a brain-damaged web-mailer...
Actually, I think it is to uribl_gold list that is the real day-old-bread list.
You have to subscribe to a datafeed service to get the gold list.
-Original Message-
From: John Hardin [mailto:[EMAIL PROTECTED]
Sent: Mon
On Mon, 22 Sep 2008, Marc Perkel wrote:
McDonald, Dan wrote:
On Mon, 2008-09-22 at 15:44 -0700, Marc Perkel wrote:
Ken A wrote:
Marc Perkel wrote:
I don't know how this will work but I'm building the data now. For those
of you who are familiar with Day old bread lists to detect new
On Mon, 22 Sep 2008, Karl Pearson wrote:
On Mon, 22 Sep 2008, Marc Perkel wrote:
McDonald, Dan wrote:
On Mon, 2008-09-22 at 15:44 -0700, Marc Perkel wrote:
Ken A wrote:
Marc Perkel wrote:
I don't know how this will work but I'm building the data now. For
those of you who are familiar
83 matches
Mail list logo