Re: Further information on tweaking tips...

Thanks for the responses. I have to admit that I am still fresh-newbie to SA administration, however, the "integration" method is simply to pipe mail from citadel to spamd, which happens to be on the same server, and then if the filtration passes, then the mail gets passed back to the email server

Re: I love you

I guess the spammer figures it only takes one click...and there are neurotic people out there desperate to believe that a computerized stranger loves them (as long as they click). On 4/10/09, Karsten Bräckelmann wrote: > > Why does any spammer believe a subject like "I love you" would be a good >

I love you

Why does any spammer believe a subject like "I love you" would be a good idea? http://ars.userfriendly.org/cartoons/?id=2512 Oh, and don't forget to read the classy one the day before. :) *sigh* -- char *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4"; main(){ char

Re: Further information on tweaking tips...

On Fri, 2009-04-10 at 19:24 -0400, martes wrote: > There was a mention of evolution's junk plugin, however, I had to > disable that plugin and just rely on the server, since it would just > cause an infinite loop, whenever new mail was looked at, causing > Evloution to lock up. While the "loop" i

Re: Segfaul on message

On 10-Apr-2009, at 04:52, Giampaolo Tomassoni wrote: http://www.spamcop.net/sc?id=z2777168254z0fdfee4493414fc9bde77b85d4d93f01z;action=display No segfault here: Content analysis details: (7.4 points, 5.0 required) pts rule name description -- --

Re: Further information on tweaking tips...

I will check on all of these things, however, I have to read some docs on the subject. I was just getting into this type of configuration when I got swamped with some other projects. I will have to research bayes configurations. I am reinstalling spamassassin to include some of the optional perl

Re: Further information on tweaking tips...

On Fri, 2009-04-10 at 14:05 -0400, martes wrote: > Thanks for the tips guys. > > In response to the simpler of the two inquiries, after using the > syslog switch, I am only able to get the logs sent directly to > spamd.log, so the frequent archiving that syslogd does is not going to > be done for

Re: Further information on tweaking tips...

On Fri, 2009-04-10 at 11:20 -0700, John Hardin wrote: > On Fri, 10 Apr 2009, martes wrote: > > Here is a link to the listed message that passed through the filter. > > > > http://pastebin.com/d6fe63bd6 > > The headers in that spample don't say anything about SA at all. Did you > export the messa

Re: Further information on tweaking tips...

On Fri, 2009-04-10 at 14:05 -0400, martes wrote: > Thanks for the tips guys. > > In response to the simpler of the two inquiries, after using the > syslog switch, I am only able to get the logs sent directly to > spamd.log, so the frequent archiving that syslogd does is not going to > be done for

Re: Further information on tweaking tips...

On Fri, 10 Apr 2009, martes wrote: Apr 10 10:00:07 dataserver1 spamd[94633]: spamd: result: . 2 - MSGID_FROM_MTA_HEADER,RCVD_IN_PBL,XMAILER_MIMEOLE_OL_4BF4C scantime=0.8,size=1219,user=(unknown),uid=1004,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=51745,mid=<01c9ba27$b4686080$f6c93.

Re: Further information on tweaking tips...

Thanks for the tips guys. In response to the simpler of the two inquiries, after using the syslog switch, I am only able to get the logs sent directly to spamd.log, so the frequent archiving that syslogd does is not going to be done for this file. I guess this is good enough for now. However, I

Re: Further information on tweaking tips...

On Fri, 10 Apr 2009, martes wrote: I have been running spamassassin in default install mode for a few months now, and in the past week, I have been getting some miss-fires, I would have to assume, since I have been receiving obvious spam. Where should I start in troubleshooting this type of i

Re: emailreg.org (was: zen.spamhaus.org)

On Fri, 2009-04-10 at 18:50 +0200, Ralf Hildebrandt wrote: > * SM : > > At 01:19 10-04-2009, Ralf Hildebrandt wrote: > >> They could simply offer free registration for "old" domains... > > > > They could. I doubt that someone running such a service would do that if > > people are willing to pay.

Re: Further information on tweaking tips...

On Fri, 10 Apr 2009, martes wrote: I also want to know how to pipe the logs from spamd into /var/log/spamd.log. I have newsyslog.conf and syslog.conf set up to shoot those logs to that log file, however, nothing gets sent there. I guess everything is getting picked up by the maillog.info direct

Re: Further information on tweaking tips...

On Fri, 2009-04-10 at 12:13 -0400, martes wrote: > Where should I start in troubleshooting this type of issue? > Are you getting rules updates? If not, that could have a bearing. Running sa_update as a daily or weekly cron job is pretty much a fire and forget solution. > I have not had the time

Re: emailreg.org (was: zen.spamhaus.org)

* SM : > At 01:19 10-04-2009, Ralf Hildebrandt wrote: >> They could simply offer free registration for "old" domains... > > They could. I doubt that someone running such a service would do that if > people are willing to pay. Indeed! -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwe

Re: Further information on tweaking tips...

On Fri, 2009-04-10 at 12:13 -0400, martes wrote: > I have been running spamassassin in default install mode for a few > months now, and in the past week, I have been getting some miss-fires, I > would have to assume, since I have been receiving obvious spam. By mis-fire you actually mean "not fi

Re: Further information on tweaking tips...

Actually, I have just come across the -s options, etc... I think this is where I may be able derive the functionality that I need from the logging facilities. However, I would still like some input for the tweaking tips for correcting the current miss-fires that seem to be occuring, which are al

Re: livejournal?

On Fri, April 10, 2009 15:59, Bogdan ?ulibrk wrote: > Spam including livejournal subdomains is just next episode after > almost identical spam involving live.com. could you send samples to pastebin ?, and or uribl.com ?, if its this domain and not just a subdomain then uribl might change life :)

Re: emailreg.org (was: zen.spamhaus.org)

On Fri, April 10, 2009 10:19, Ralf Hildebrandt wrote: > They could simply offer free registration for "old" domains... +1 -- http://localhost/ 100% uptime and 100% mirrored :)

Further information on tweaking tips...

Greetings list. I have been running spamassassin in default install mode for a few months now, and in the past week, I have been getting some miss-fires, I would have to assume, since I have been receiving obvious spam. Where should I start in troubleshooting this type of issue? I have not h

Re: livejournal?

On Thu, 2009-04-09 at 17:10 -0500, McDonald, Dan wrote: > I notice that uribl is listing livejournal.com as a util_rb_2tld host, > but http://daryl.dostech.ca/sa-update/sare/90_2tld.cf doesn't have > livejournal.com yet, and updates_spamassassin_org/25_uribl.cf has > livejournal.com listed in uridn

Re: emailreg.org (was: zen.spamhaus.org)

On Fri, 10 Apr 2009, SM wrote: I don't see any difference in the usage of ".org" instead of ".com" as there are commercial organizations that use it. That's a registrars-don't-follow-the-rules problem, not an extortionate-Barracuda problem. AND EXCEPT TO ASK: Is that $20 fee a one-time fee?

Re: livejournal?

Raymond Dijkxhoorn a écrit : > Hi! > the presence of uridnsbl_skip_domain prevent it from being checked? And if so, how do I "unskip" that domain? > >>> no its just subdomain that might be blacklisted in url, and the >>> domain is still whitelisted > >> Spam including livejournal subd

Re: livejournal?

Hi! the presence of uridnsbl_skip_domain prevent it from being checked? And if so, how do I "unskip" that domain? no its just subdomain that might be blacklisted in url, and the domain is still whitelisted Spam including livejournal subdomains is just next episode after almost identical s

Re: emailreg.org (was: zen.spamhaus.org)

At 01:19 10-04-2009, Ralf Hildebrandt wrote: They could simply offer free registration for "old" domains... They could. I doubt that someone running such a service would do that if people are willing to pay. At 04:52 10-04-2009, Rob McEwen wrote: I don't understand your last sentence above

Re: livejournal?

Benny Pedersen wrote: On Fri, April 10, 2009 00:10, McDonald, Dan wrote: [snip] If I were to add util_rb_2tld livejournal.com to local-foo.cf, would the presence of uridnsbl_skip_domain prevent it from being checked? And if so, how do I "unskip" that domain? no its just subdomain that might

Re: Slightly OT: identifying IP source locations

On Thu, Apr 9, 2009 at 08:31, Kai Schaetzl wrote: > John Rudd wrote on Wed, 8 Apr 2009 12:44:29 -0700: > >> 1) Does anyone know of a convenient command line tool (perl library >> being ideal) that lets you give it an IP address, and it tells you the >> country and/or continent (and that's it)? > >

Re: Segfault on message

> Perl just doesn't segfault normally, even when a regex is > (too) complex. Wishful thinking. s/normally/usually/ The rules that come with SpamAssassin are resonably safe from exploding - unlike some third party or home-grown rules. https://issues.apache.org/SpamAssassin/show_bug.cgi?id=4570 h

RE: Segfault on message

> -Original Message- > From: Mark [mailto:ad...@asarian-host.net] > Sent: Friday, April 10, 2009 3:02 PM > To: users@spamassassin.apache.org > Subject: RE: Segfault on message > > -Original Message- > From: Giampaolo Tomassoni [mailto:g.tomass...@libero.it] > Sent: vrijdag 10 april

RE: Segfault on message

-Original Message- From: Giampaolo Tomassoni [mailto:g.tomass...@libero.it] Sent: vrijdag 10 april 2009 14:46 To: users@spamassassin.apache.org Subject: RE: Segfault on message > No, I actually I'm not comfortable installing SA 3.3 on a production > server. > > I'll try to pick and silenc

RE: Segfault on message

> -Original Message- > From: Mark Martinec [mailto:mark.martinec...@ijs.si] > Sent: Friday, April 10, 2009 1:56 PM > > ...omissis... > > > > Any clue why? > > > > Please note that the line endings you see in the message are the way > they > > are in the original one. Maybe this is the re

poor phisher has nimda?

just when you thought nimda was dead ! A couple of interesting things in this spam, including the use of some Firstlast (lots of them) almost like the '[]' block art ED adds of last week. also, the email ends in: (shouldn't a multi line rawbody check, or

RE: Segfaul on message

-Original Message- From: Giampaolo Tomassoni [mailto:g.tomass...@libero.it] Sent: vrijdag 10 april 2009 12:53 To: users@spamassassin.apache.org Subject: Segfaul on message > 3.2.4 here. > > This message: > kernel: amavisd[nnn]: segfault at bf5eae7c ip 081162a5 sp bf5eae80 > error 6 in p

Re: Segfault on message

Giampaolo, > 3.2.4 here. > This message: > http://www.spamcop.net/sc?id=z2777168254z0fdfee4493414fc9bde77b85d4d93f01z > ;action=display > > yields this: > kernel: amavisd[nnn]: segfault at bf5eae7c ip 081162a5 sp bf5eae80 > error 6 in perl5.8.8[8048000+11] > A segfault also happens when dir

Re: emailreg.org

SM wrote: > Are you upset because people are paying money to a site with a domain > owner hidden by the Whois privacy registration? :-) Some antispam > offers are big and easy money as there's always somebody ready to pay > or to jump on the bandwagon because it is free. I don't understand your l

Segfaul on message

3.2.4 here. This message: http://www.spamcop.net/sc?id=z2777168254z0fdfee4493414fc9bde77b85d4d93f01z;a ction=display yields this: kernel: amavisd[nnn]: segfault at bf5eae7c ip 081162a5 sp bf5eae80 error 6 in perl5.8.8[8048000+11] A segfault also happens when directly runni

Re: Spam Rats - does anyone know them?

> > On 09/04/09 2:35 PM, "Matus UHLAR - fantomas" wrote: > > > OK, I don't want to bitch, I'm searching for some valid informations, > > > mostly > > > about their "best practices". > On Thu, 2009-04-09 at 15:55 -0400, Neil Schwartzman wrote: > > Well there certainly has been some discussion on

Re: emailreg.org (was: zen.spamhaus.org)

* SM : > The usage policy at http://www.emailreg.org/index.cgi?p=policy mentions > that there is a $20 registration fee to "discourage domain tasters from > sending spam and to further verify the contact information". They could simply offer free registration for "old" domains... -- Ralf Hild