Dear users of the ZMI-GERMAN ruleset. I manage those ruleset, and just
(again) received the message below, about you won a trip. Those
messages are spammy, although you really can do such a trip and only pay
the flight ticket (which then costs enough to also include the trip
itself ;-).
thus Michael Monnerie spake:
Dear users of the ZMI-GERMAN ruleset. I manage those ruleset, and just
(again) received the message below, about you won a trip. Those
messages are spammy, although you really can do such a trip and only pay
the flight ticket (which then costs enough to also
Am 03. Jun 2009 um 08:57 CEST schrieb Timo Schoeler:
thus Michael Monnerie spake:
But maybe, if response and urge is high, I will include them. What do
you think? Is it spam for you?
Hi,
yes, this is spam.
ack
mfg
Stefan
--
Der Holocaust war eine schlimme Zeit in der Geschichte
On 02.06.09 17:01, fchan wrote:
I recently was checking on servers that were sending out spam and found
one of them had the hostname called localhost which I think is a
attempt to bypass SA. The IP address is 222.252.188.181 which maps back
to Vietnam.
Also I found that a large percentage
Jari Fredriksson wrote:
But if the connection is refused, there simply is no-one
listening. How about trying the other alternatives?
On 02.06.09 23:04, Bob Proulx wrote:
The documentation leads me to believe it does that now.
If host resolves to multiple addresses, then spamc
On 6/3/2009 8:53 AM, Michael Monnerie wrote:
Dear users of the ZMI-GERMAN ruleset. I manage those ruleset, and just
(again) received the message below, about you won a trip. Those
messages are spammy, although you really can do such a trip and only pay
the flight ticket (which then costs
Hello: I am attempting to configure SA to mark as spam all email from
Top-Level-Domains other than .com, .net, and .edu.
I have found three possible ways to do this. Which if any is the preferred
method:
1) blacklisting in local.cf:
add blacklist_from *.info, blacklist_from *.tv,
Am Mittwoch 03 Juni 2009 schrieb Stefan Luetje:
Am 03. Jun 2009 um 08:57 CEST schrieb Timo Schoeler:
thus Michael Monnerie spake:
But maybe, if response and urge is high, I will include them. What do
you think? Is it spam for you?
Hi,
yes, this is spam.
ack
ACK.
--
Freundliche
Jari Fredriksson wrote:
However the killer bad thing for me is this:
Note that this fail-over behaviour is incompatible
with -x; if that switch is used, fail-over will
not occur.
I am not willing to stop filtering mail through
spamassassin if my spamd machine is
On Wed, 2009-06-03 at 00:48 -0700, ryefish wrote:
Hello: I am attempting to configure SA to mark as spam all email from
Top-Level-Domains other than .com, .net, and .edu.
I have found three possible ways to do this. Which if any is the preferred
method:
3) Create custom rule:
design
On Wed, 2009-06-03 at 00:48 -0700, an anonymous Nabble user wrote:
Hello: I am attempting to configure SA to mark as spam all email from
Top-Level-Domains other than .com, .net, and .edu.
I have found three possible ways to do this. Which if any is the preferred
method:
So that's why you
On Wed, 2009-06-03 at 10:35 +0100, Martin Gregorie wrote:
On Wed, 2009-06-03 at 00:48 -0700, an anonymous Nabble user wrote:
Hello: I am attempting to configure SA to mark as spam all email from
Top-Level-Domains other than .com, .net, and .edu.
I have found three possible ways to do
On Wed, 2009-06-03 at 13:29 +1200, Kate wrote:
MailScanner 4.76.24
spamassassin 3.2.5
MTA - postfix
ClamAV 0.95.1
I am trying to trouble shoot why a particular server cannot send into
our email system.
There is no reference in the logs to this server ever trying to connect.
Err, maybe
On Mon, 2009-05-25 at 23:12 +0200, Rudy Gevaert wrote:
Hi Matus,
On Mon, May 25, 2009 at 10:48:25PM +0200, Matus UHLAR - fantomas wrote:
On 25.05.09 17:12, Rudy Gevaert wrote:
Is it possible to generate a rule that when it applies gives the message
that specific score? If so, how do I
On Wed, 2009-06-03 at 00:48 -0700, ryefish wrote:
Hello: I am attempting to configure SA to mark as spam all email from
Top-Level-Domains other than .com, .net, and .edu.
I have found three possible ways to do this. Which if any is the preferred
method:
1) blacklisting in local.cf:
Sorry for the dumb question but I can't seem to find the answer in the
documentation or by googling. I'm trying to follow the Integrated
Spamd In Postfix recipe (http://wiki.apache.org/spamassassin/IntegratedSpamdInPostfix
). How do I invoke spamd and then make sure it runs at boot? I'm
On Tuesday 02 June 2009, Adam Katz wrote:
Larry Starr lar...@fullcompass.com wrote:
I have been using the AWL ( --add-addr-to-blacklist ) for some
time, to bump new spam senders above the Bayes-99 score.
Theo Van Dinter responded:
Well, the first problem is that the AWL has no impact on
On Tuesday 02 June 2009, Michael Scheidell wrote:
I have been using the AWL ( --add-addr-to-blacklist ) for some time, to
bump new spam senders above the Bayes-99 score.
My problem is that this feature seems, extreemly slow.
I'm now trying to use the ( --add-to-blacklist ) option and
Bob Cohen schrieb:
Sorry for the dumb question but I can't seem to find the answer in the
documentation or by googling. I'm trying to follow the Integrated Spamd
In Postfix recipe
(http://wiki.apache.org/spamassassin/IntegratedSpamdInPostfix). How do
I invoke spamd and then make sure it
On Wed, 2009-06-03 at 09:41 -0400, Bob Cohen wrote:
Sorry for the dumb question but I can't seem to find the answer in the
documentation or by googling. I'm trying to follow the Integrated
Spamd In Postfix recipe
(http://wiki.apache.org/spamassassin/IntegratedSpamdInPostfix
). How do
It's getting a little off topic, but keeping old hardware because it
still works can be a bit of a false economy. Yeh, it's nice to have it
working and useful rather than landfill. But on the other hand, they are
so inneficient as far as watts used, you could pay for new hardware with
the
On 3-Jun-2009, at 08:41, Martin Gregorie wrote:
Take a look at the daemon management scripts in /etc/rc.d/init.d
You should find one called spamassassin (or possibly spamd - its
called
spamassassin in Fedora distros).
On my FreeBSD it is
/usr/local/etc/rc.d/sa-spamd
and requires the
Hello: I am attempting to configure SA to mark as spam all email from
Top-Level-Domains other than .com, .net, and .edu.
I have found three possible ways to do this. Which if any is the
preferred
method:
1) blacklisting in local.cf:
add blacklist_from *.info, blacklist_from *.tv,
-Original Message-
From: Maurice Lucas - TAOS-IT [mailto:mslu...@taos-it.nl]
Sent: Wednesday, June 03, 2009 5:06 PM
To: ryefish; users@spamassassin.apache.org
Subject: RE: best way to mark TLDs as spam
Hello: I am attempting to configure SA to mark as spam all email from
ryefish wrote:
Hello: I am attempting to configure SA to mark as spam all email from
Top-Level-Domains other than .com, .net, and .edu.
What about .org, .us, .ca, .co.uk, and all the others that you have no
good reason to filter?
Usually, when I see this kind of reasoning, it's resulting
On Wed, 3 Jun 2009, Lists wrote:
I am trying to trouble shoot why a particular server cannot send into
our email system. There is no reference in the logs to this server ever
trying to connect.
Are users of that system getting reject notifications? Have them forward
one such to an address
On Wed, 2009-06-03 at 10:47 -0400, jp wrote:
It's getting a little off topic, but keeping old hardware because it
still works can be a bit of a false economy. Yeh, it's nice to have it
working and useful rather than landfill. But on the other hand, they are
so inneficient as far as watts
Good morning!
Seeing some messages come through with large amounts of bayes poison text
inserted between style /style tags.
Short of using a 'rawbody' test, is there some other characteristic that
we could catch?
For example, and another question:
Is there any mechanism in SpamAssassin to
On 3-Jun-2009, at 11:07, John Hardin wrote:
What I'd like to see is tflags exponential, so that each hit would
add score*hits_so_far, to make it easier to punish stuff harder the
more it is repeated.
Oooo! can you imagine the scores MS WOrd - HTML - Email would get if
you did that?
The service is still active spamd just does not process the emails, all giving
a score of zero and then get the error message
ServerA spamc [7277]: connect to spamd on 172.16.0.14
Failed, retrying (# 1 of 3): Interrupted system call
When this problem occurs restarted spamd and runs
On Wed, 3 Jun 2009, Luis campo wrote:
The service is still active spamd just does not process the emails, all
giving a score of zero and then get the error message
ServerA spamc [7277]: connect to spamd on 172.16.0.14
Failed, retrying (# 1 of 3): Interrupted system call
When this problem
It's getting a little off topic, but keeping old hardware
because it still works can be a bit of a false economy.
Yeh, it's nice to have it working and useful rather than
landfill. But on the other hand, they are so inneficient
as far as watts used, you could pay for new hardware with
the
On Wed, 3 Jun 2009, Jari Fredriksson wrote:
Hah. The CPU does not even have a cooler on it! All there is PSU fan.
Such a machine can not waste energy, at least it does not generate
heat..
I'd think that in Finland that would be a drawback rather than a
benefit... :)
--
John Hardin
But keep in mind that newer hardware may or may not be
more energy efficient but it has more processing power.
So you can use one faster newer machine with x Watt
energy or use several x Watt older machines to do the
same task.
I now have a new HP DL385G5p using 80Watt running 1 linux
Is spamd running on the same machine?
if spamd is running on the same machine.
Does the maillog file on the machine running spamd log have any messages
that might indicate problems at the time the error occurred?
mailog I get this:
ServerA spamc [7277]: connect to spamd on
On Tuesday 02 June 2009, Michael Scheidell wrote:
What optional fields are you refering to?
I have seen this, on the spamassassin WIKI:
CREATE TABLE awl (
username varchar(100) NOT NULL default '',
email varchar(200) NOT NULL default '',
ip varchar(10) NOT NULL default '',
count
On Jun 3, 2009, at 10:41 AM, Martin Gregorie wrote:
The following assumes that your system uses the Unix System V / RedHat
daemon startup system.
Thank you. I should have mentioned I'm running Fedora 9, so yes
System V applies. There was no init.d script but the Spamassassin
source
On Wed, 3 Jun 2009, Luis campo wrote:
Is spamd running on the same machine?
if spamd is running on the same machine.
Does the maillog file on the machine running spamd log have any
messages that might indicate problems at the time the error occurred?
mailog I get this:
ServerA spamc
On Wed, 2009-06-03 at 13:09 -0700, John Hardin wrote:
On Wed, 3 Jun 2009, Luis campo wrote:
Does the maillog file on the machine running spamd log have any
messages that might indicate problems at the time the error
Hello to all ,
We would like to create our own plugin . I red custom plugin section but
maybe I do not understand, I would like to find out how spamassasin can
provide me header of mail , body of mail because I would like to play on
body and header. Could somebody show me the way for from
On Wed, 3 Jun 2009, Karsten Br?ckelmann wrote:
There are a bunch of word-triplets in the copy-n-paste, re-arranged
randomly, making the text hard to comprehend -- a repeating pattern all
over the reply.
Yeah, I suspect he's using Babelfish or some such to translate to ...
Spanish perhaps?
fchan a écrit :
I recently was checking on servers that were sending out spam and found
one of them had the hostname called localhost which I think is a
attempt to bypass SA. The IP address is 222.252.188.181 which maps back
to Vietnam.
SA will not use localhost unless your MTA is borked.
this is an example of var / log / qmail / spamd
2009-06-03 12:00:16.471682500 [775] info: spamd: result: Y 15 -
DCC_CHECK,DIGEST_MULTIPLE,HTML_MESSAGE,MIME_HTML_ONLY,MISSING_DATE,RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK,RDNS_NONE,URIBL_BLACK
On Tue, 2 Jun 2009, Charles Gregory wrote:
This *really* suggests that one of two things MUST be occuring:
1) What you are seeing is NOT what spamassassin sees.
Charles,
Quite possible.
2) A character (null/ascii-zeros?) has been injected into the e-mail
somewhere in the headers,
On Wed, 03 Jun 2009 11:28:59 -0400
Adam Katz antis...@khopis.com wrote:
The other is RelayCountry, which you'll have to enable in init.pre,
which lets you discriminate against countries rather than just their
domain names.
This discrimination is unfair and quite prone to biting back at
On Wed, 2009-06-03 at 22:00 +, Luis campo wrote:
this is an example of var / log / qmail / spamd
2009-06-03 12:00:16.471682500 [775] info: spamd: result: Y 15 -
We have increased the 20 as well as samples:
/ usr / bin / spamd-v-u vpopmail-m 20-x-q-s stderr-r / var / run / spamd /
spamd.pid \
172.16.10.9-A-i 172.16.10.0/24 2 1 | \
/ usr / local / bin / setuidgid qmaill \
/ usr / local / bin / multilog t! spamdappend / var /
On Wed, 3 Jun 2009, Luis campo wrote:
this is an example of var / log / qmail / spamd
2009-06-03 12:00:16.531889500 [19168] info: prefork: child states: BB
2009-06-03 12:00:16.531949500 [19168] info: prefork: server reached
--max-children setting, consider raising it
There is a
On Wed, 3 Jun 2009, Luis campo wrote:
In simscan have configured as follows
- enable-per-domain = y - enable-attach = y - enable-spam = y -
enable-ripmime = / usr / local / bin / ripmime - enable-received = y -
enable -
spam-hits = 5.0 - enable-spamc = / usr / bin / spamc -
enable-spamc-args
On Wed, 2009-06-03 at 22:54 +, Luis campo wrote:
We have increased the 20 as well as samples:
That's not exactly slowly, as I suggested. Well, your server, feel free
to kill it.
In simscan have configured as follows
. / configure - enable-clamav = y - enable-clamdscan = / usr / local
On Thu, 4 Jun 2009, Karsten Br?ckelmann wrote:
On Wed, 2009-06-03 at 22:54 +, Luis campo wrote:
user_scores_dsn DBI:mysql:spamassassin:localhost
user_scores_sql_usernamespamuser
Any chance your SQL backend actually is the culprit and taking way too
long?
On Wed, 2009-06-03 at 16:23 -0700, John Hardin wrote:
On Thu, 4 Jun 2009, Karsten Bräckelmann wrote:
user_scores_dsn DBI:mysql:spamassassin:localhost
user_scores_sql_usernamespamuser
Any chance your SQL backend actually is the culprit and taking way too
long?
://www.sendmail.org/faq/section3#3.38
header KHOP_MAYBE_FORGED Received =~ /\(may be forged\)/
describe KHOP_MAYBE_FORGED Relay IP's reverse DNS does not resolve to IP
scoreKHOP_MAYBE_FORGED 0.8 # 20050802, raised 0.15-0.8 20090603
# Violates rfc2821? See http://en.wikipedia.org/wiki/FCrDNS#Uses
On 3-Jun-2009, at 14:02, Jari Fredriksson wrote:
`ip` varchar(10) NOT NULL DEFAULT '',
10?
--
There is NO Rule six!
On Wed, 3 Jun 2009, Adam Katz wrote:
Matus UHLAR - fantomas wrote:
181.188.252.222.in-addr.arpa domain name pointer localhost.
That is why FcRDNS is being used everywhere...
localhost has address 127.0.0.1 = fail.
Actually, localhost doesn't resolve via DNS; it has no A record, nor
any
Quoting Luis campo lcr_2...@hotmail.com:
The service is still active spamd just does not process the emails,
all giving a score of zero and then get the error message
ServerA spamc [7277]: connect to spamd on 172.16.0.14
Failed, retrying (# 1 of 3): Interrupted system call
When this
Quoting Luis campo lcr_2...@hotmail.com:
The service is still active spamd just does not process the emails,
all giving a score of zero and then get the error message
ServerA spamc [7277]: connect to spamd on 172.16.0.14
Failed, retrying (# 1 of 3): Interrupted system call
When this
57 matches
Mail list logo