Chris Arnold wrote:
We use zimbra OSS on SLES10 SP1. Zimbra has spamassassin built-in. At
the present time, my mailbox is filled with backscatter; getting around
10 a minute since 4:30 today. I have postfix backscatter rules in
postfix of zimbra,
Per Jessen wrote:
Per Jessen wrote:
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6006
OK, this is beginning to be annoying - I've seen it 4-5 times in the
last week. I'll probably have to cobble up a quick spamd
auto-restart. Is no-one else running spamd and using SIGHUP for
Greg Troxel wrote:
Asking someone to change their domain name to match an SA rule seems
a bit extreme to me! Why not propose that de establish a gmbh 2nd
level for companies, and make him rss.gmbh.de?
FROM_DOMAIN_NOVOWEL was logged for only 3 messages here yesterday,
of
1.3
Michael Scheidell wrote:
I need a domain registry who won't spam me every two weeks with crap and
argue that since I am a client of theirs, its not a violation of
can-spam laws to spam me and refuse to stop. And, no, I can't change
the email address because then we won't get REALLY important
mouss schrieb:
reject_backscatter =
reject_rbl_client ips.backscatterer.org
Which will very likely result in a lot of false positives.
-- Matthias
Per Jessen wrote:
Greg Troxel wrote:
Asking someone to change their domain name to match an SA rule seems
a bit extreme to me! Why not propose that de establish a gmbh 2nd
level for companies, and make him rss.gmbh.de?
FROM_DOMAIN_NOVOWEL was logged for only 3 messages here
Matthias Leisi wrote:
mouss schrieb:
reject_backscatter =
reject_rbl_client ips.backscatterer.org
Which will very likely result in a lot of false positives.
an FP here would mostly be: a bounce from a 3d party that is listed on
backscatterer.org. do you get a lot of such mail?
I have spamd setup to use bayes in a mysql database, works fine. I've
turned off auto-expiry and instead run a cronjob to expire in the middle
of the night (removes about 40k tokens on a run). I've made the DB
innoDB so it can handle locking better. I've got mysql-based user prefs
coming from the
mouss schrieb:
reject_backscatter =
reject_rbl_client ips.backscatterer.org
Which will very likely result in a lot of false positives.
an FP here would mostly be: a bounce from a 3d party that is listed on
backscatterer.org. do you get a lot of such mail?
No, an FP is an FP.
At 10:18 02-11-2008, Per Jessen wrote:
OK, this is beginning to be annoying - I've seen it 4-5 times in the
last week. I'll probably have to cobble up a quick spamd
auto-restart. Is no-one else running spamd and using SIGHUP for
reloading the config?
The configuration reloads correctly.
On Sun, November 2, 2008 19:14, mouss wrote:
PS. don't think SPF will help. this has been discussed here and
elsewhere before.
SPF helps if its used from the sites that does use spf in mta stage, if not
used it will turn over to be a backscatter site itself
that rbl listed sourceforge.net
Matthias Leisi [EMAIL PROTECTED] wrote:
mouss schrieb:
reject_backscatter =
reject_rbl_client ips.backscatterer.org
Which will very likely result in a lot of false positives.
an FP here would mostly be: a bounce from a 3d party that is listed on
backscatterer.org. do you get
On Sun, 2008-11-02 at 01:35 +0100, Karsten Bräckelmann wrote:
Reducing the meta score to compensate indeed might be good. My thought
was, to partially split up the score in case the meta doesn't match. I
guess the word casino in either the Subject or (even stronger) From
header might be worth
Benny Pedersen wrote:
On Sun, November 2, 2008 19:14, mouss wrote:
PS. don't think SPF will help. this has been discussed here and
elsewhere before.
SPF helps if its used from the sites that does use spf in mta stage, if not
used it will turn over to be a backscatter site itself
yes, but
Sahil Tandon wrote:
Matthias Leisi [EMAIL PROTECTED] wrote:
mouss schrieb:
reject_backscatter =
reject_rbl_client ips.backscatterer.org
Which will very likely result in a lot of false positives.
an FP here would mostly be: a bounce from a 3d party that is listed on
backscatterer.org.
On Sun, November 2, 2008 22:18, mouss wrote:
that rbl long ago, olso its bad to see dsn go out to remote mtas is the
biggest problem mailerdaemons should stay local
sorry, I don't understand the last part.
i explain badly sorry for that, but when mta bounces mailer daemons msg
outside the mta
Joseph Brennan [EMAIL PROTECTED] writes:
Reply-to: [EMAIL PROTECTED]
First pass:
header LOCAL_REPLYTO_LIVE Reply-to =~ /[EMAIL PROTECTED]/
score LOCAL_REPLYTO_LIVE8.0
Maybe scoring 8.0 for one thing scares you, but I haven't seen this
fp in a couple of months.
Is live.com a
SM [EMAIL PROTECTED] writes:
At 07:56 01-11-2008, Micah Anderson wrote:
Here is an example one I received recently, note the hideously low bayes
score on this one, caused it to autolearn as ham even, grr.
[snip]
X-Spam-Status: No, score=-3.6 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_LOW
Karsten Bräckelmann [EMAIL PROTECTED] writes:
On Sat, 2008-11-01 at 11:30 -0400, Micah Anderson wrote:
Joseph Brennan [EMAIL PROTECTED] writes:
Do you mean attempts to get your users to send their passwords,
or fake mail pretending to be from banks?
I mean attempts to get my users to
Micah Anderson [EMAIL PROTECTED] wrote:
Joseph Brennan [EMAIL PROTECTED] writes:
Reply-to: [EMAIL PROTECTED]
First pass:
header LOCAL_REPLYTO_LIVE Reply-to =~ /[EMAIL PROTECTED]/
score LOCAL_REPLYTO_LIVE8.0
Maybe scoring 8.0 for one thing scares you, but I haven't
Sahil Tandon [EMAIL PROTECTED] wrote:
We get some legitimate email from @live.com users.
But they don't set a Reply-to header. That's the test.
Joseph Brennan
Lead Email Systems Engineer
Columbia University Information Technology
21 matches
Mail list logo