> postfix is waiting 300s
> SA thinks it can spend 300s processing
> postfix gives up 1s before SA is done
The default spamd child timeout is 300s.
The default postfix content milter timeout is 300s.
Each is a reasonable choice, but really postfix's timeout should be
longer.
I set in
I have a systeem with postfix and spamassassin 3.4.6 via spamd. It's
been generally running well. I noticed mail from one of my other
systems timing out and 471, and that caused me to look at the logs. I
have KAM rules, some RBL adjustments, a bunch of local rules for my
spam, but really
On 2021-11-02 12:20, Matus UHLAR - fantomas wrote:
I have tried again, but despite is being listed in
kam_sa-channels_mcgrail_com/nonKAMrules.cf, SA does not accept that
directive.
On 02.11.21 18:25, Benny Pedersen wrote:
problem is that util_rb_2tld is global while kam rules need pr rule
Benoit had already confirmed that the redirector_pattern worked as expected.
On 11/2/21 6:07 PM, Bill Cole wrote:
On 2021-11-02 at 04:52:17 UTC-0400 (Tue, 2 Nov 2021 09:52:17 +0100)
Benoit Panizzon
is rumored to have said:
Hi SA Community
In the last couple of weeks, I see a massive
On 2021-11-02 12:20, Matus UHLAR - fantomas wrote:
I have tried again, but despite is being listed in
kam_sa-channels_mcgrail_com/nonKAMrules.cf, SA does not accept that
directive.
problem is that util_rb_2tld is global while kam rules need pr rule 2tld
make spamassassin change so 2tld can
On 2021-11-02 at 04:52:17 UTC-0400 (Tue, 2 Nov 2021 09:52:17 +0100)
Benoit Panizzon
is rumored to have said:
Hi SA Community
In the last couple of weeks, I see a massive increase of spam mails
which make use of google site redirection and dodge all our attempts
at
filtering.
That is google
Hi Alex
> So what redirector_pattern rule did you use?
Turned out, the shipped one matched:
redirector_pattern
m'^https?:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/url\?.*?(?<=[?&])q=(.*?)(?:$|[&\#])'i
But when I first tested, the URI was not yet blacklisted to this missed
my attention.
Mit
verified with spamassassin -D that this file is loaded.
...maybe because local.cf is parsed before URI rules are defined?
There is over 500 page[.]link subdomains inside SURBL right now so
if you run the latest code its also having fixes to automaticly
lookup the subdomains of those.
(The
Hi Alex
> you're looking to use a redirector_pattern rule - weird that this hasn't
> been yet been added in SA's default ruleset
> Please submit a bug with a sample message
Thank you, that sounds promising. Digging into how to use.
Mit freundlichen Grüssen
-Benoît Panizzon-
--
I m p r o W a
Hi!
verified with spamassassin -D that this file is loaded.
...maybe because local.cf is parsed before URI rules are defined?
There is over 500 page[.]link subdomains inside SURBL right now so if
you run the latest code its also having fixes to automaticly lookup the
subdomains of those.
Hi Martin
> You can find out quite a lot about a spamming site with a few common
> commandline tools:
>
> - 'ping' tells you of the hostname part of the UREL is valid
> - 'host hostname' should get the sender's IP
> - 'host ip' IOW a reverse host lookup, tells yo if the first
>
any idea/tip what to do with it next?
as I sait, I added it to my local domain-based blocklist.
After adding:
util_rb_2tldpage[.]link
it started hitting, which is strange because this directive is contained in:
/var/lib/spamassassin/3.004004/kam_sa-channels_mcgrail_com/nonKAMrules.cf
On Tue, 2021-11-02 at 09:52 +0100, Benoit Panizzon wrote:
> Hi SA Community
>
You can find out quite a lot about a spamming site with a few common
commandline tools:
- 'ping' tells you of the hostname part of the UREL is valid
- 'host hostname' should get the sender's IP
- 'host ip' IOW a
you're looking to use a redirector_pattern rule - weird that this hasn't
been yet been added in SA's default ruleset
Please submit a bug with a sample message
On 11/2/21 9:52 AM, Benoit Panizzon wrote:
Hi SA Community
In the last couple of weeks, I see a massive increase of spam mails
which
Hi Raymond
> If you could check that it would help a lot
>
> Some rules to translate common used services and your example is a good
> one. If you would check the specific domain it would havbe hit SURBL.
Yes, and future hits to the SWINOG Spamtrap (uribl.swinog.ch) will also
extract such
Hi SA Community
In the last couple of weeks, I see a massive increase of spam mails
which make use of google site redirection and dodge all our attempts at
filtering.
That is google redirector is about the only common thing in those
emails. Source IP, text content etc. is quite random.
Such an
16 matches
Mail list logo
