Re: Discord used to share malware

I received one today as well. First time I have seen this type. It was a pretty well drawn thread overall, they are stepping it up From: Alan Sent: Monday, July 26, 2021 10:56:29 AM To: users@spamassassin.apache.org Subject: Discord used to share malware

Re: Thanks to Guardian Digital & LinuxSecurity for the nice post about SpamAssassin's upcoming change

Maybelist? Neutrallist? Pcbalancedlist? Sent via the Samsung Galaxy, powered by Cricket Wireless Original message From: Olivier Date: 7/22/20 7:38 PM (GMT-08:00) To: users@spamassassin.apache.org Subject: Re: Thanks to Guardian Digital & LinuxSecurity for the nice post

RE: IMPORTANT NOTICE FOR PEOPLE RUNNING TRUNK re: [Bug 7826] Improve language around whitelist/blacklist and master/slave

The technical merit is simple, it's not broken, don't fix it. There is no technical merit to be achieved here. I feel that a lot of the argument here is just that. The is merely a moral merit. I think these types of changes should be used for new projects, but for existing projects like SA

Off-Topic, any spamhaus people here?

I know this is way off topic, but I'm trying to get ahold of any spamhaus.org support members.

Re: How to view bayesian database in legible text

I could be absolutely wrong but isn't bayes a hash of the string parts which is part of the performance of bayes? From: Emanuel Sent: Thursday, November 9, 2017 8:15 AM To: users@spamassassin.apache.org Subject: How to view bayesian

RE: Looking for assist on a rule

@spamassassin.apache.org Subject: Re: Looking for assist on a rule On 11/1/2017 2:39 PM, Gary Smith wrote: > We have recently seen a huge uptick in spam from a bunch of different TLD's. > Bayes has been a little whacky with them as well. Our install is 3.3.1 > (we're going to be replacin

Looking for assist on a rule

We have recently seen a huge uptick in spam from a bunch of different TLD's. Bayes has been a little whacky with them as well. Our install is 3.3.1 (we're going to be replacing it soon). I'm looking to implement a rule that will assign a higher score to specific TLD's. I tried the rule

RE: Spamassasin not as effective anymore

From: Mark London [mailto:m...@psfc.mit.edu] Sent: Monday, September 29, 2014 2:59 PM To: users@spamassassin.apache.org Subject: Re: Spamassasin not as effective anymore On 9/29/2014 12:58 PM, Mark London wrote: On 9/29/2014 4:21 AM,

RE: Should Emails Have An Expiration Date

I think this would be a great idea. Many end users never bother to delete old emails and on some, such as sales etc, there is no valid reason for them to countinue to waste disk and server space. http://www.zdnet.com/news/should-emails-have-an-expiration-date/6197888 No since emails are

RE: preventing authenticated smtp users from triggering PBL

I've got an issue where users off-campus who are doing authenticated SMTP/TLS from home networks are having their mail hit by the PBL. I have trusted_networks set to include the incoming relay, but still the PBL hits it as follows: I mentioned in a direct email (as my blackberry won't

RE: TMPDIR as a tmpfs

It is safe to use spamassassin tmpdir on a tmpfs mounted system ? And if its safe it would have a better performance ? Here where i work we have big problems with the hard drives, because we basically are sharing virtual machines disk over nfs. and spamassasin is a virtual machine. Any

RE: TMPDIR as a tmpfs

My ram dos not get full, i do not have so many process, i limit it in postfix. It reduces the chances of losing emails if i do not have many process of spamassassin runing. So is safe or not to use tmpfs for tempdir in spamassassin. ? This way, everything that spamassassin have to do with

RE: TMPDIR as a tmpfs

I don't know if it is safe. I suspect it will function normally, but I think you'd be in danger of losing a few messages on an unexpected reboot. I had a very dramatic performance improvement by switching bayes and awl databases to MySQL instead of the default BerkeleyDB. It costs more

RE: Bayes MySQL and innoDB settings question

We've found that our MyISAM tables being used with Bayes in MySQL have caused some bottlenecks on our busier mail servers. We're contemplating using inooDB just for the Bayes database. If MySQL will only be using innoDB, does anyone have any recommendations for innoDB settings in my.cnf to

RE: user_pref override options

the Mail::SpamAssassin::Conf doc/man page shows which settings are privileged and which are not. That's what I was looking for. Thanks.

user_pref override options

What options can't be overridden in user prefs? I would like to disable RBL checks and possible use a separate mysql bayes database for one user. But it would be generally nice if know if there are options that are global that can't overridden.

RE: SORBS

if your isp give you dul ip, then you must use isp smtp servers as relay This ins't necessarily true. I've had to deal with this ever time I've changed hosts (to include Level 3 static IP assignments). Some ISP's just don't publish their ranges as all static. not a fault of sorbs some isp

multiple instances

environments for each one if necessary and either bind each instance to an IP (which I'm not sure if that's possible) or at least a different port. Any advice (or some sample scripts on doing this) would be greatly appreciated. Gary Smith

RE: multiple instances

I'm sure it's possible, but rather than going through all the work of trying to script and setup chroot environments, why not use VMs? You can then quite literally match the production setup. Since you are not worried about performance or memory you could give each VM 128 MB of RAM and

multiple instances, simplification

Background: I've been using SA for a long time, and for a verity of reasons, we run different servers to support some minor changes in different rules. While trying to setup a multi instance version on my laptop, I copied these rules over into different directories, setup the startup/shutdown

RE: multiple instances, simplification

this. Gary Smith

RE: multiple instances, simplification

the last piece of the puzzle. I think I will test this out this weekend on the laptop, then our test environment. Thanks for all of the information. Gary Smith

RE: Pathological messages causing long scan times

Here's one pretty much guaranteed to peg a CPU core for ~130 seconds (or more): http://pastebin.com/2ssy2YEk I'm not seeing your 130 sec CPU issue on my end. Are as mentioned by Matt, are you running into some DNS issue? These are stock rule + other house rules in place. I'm not

RE: Off Topic - SPF - What a Disaster

SPF works great as a selective whitelist in SpamAssassin. (And I don't mean whitelisting all SPF passes. That would be stupid. I mean whitelisting mail coming from domain X, but only when it passes SPF and demonstrates that yes, it really came from domain X.) I'd say that what you

RE: Speeding up even further - Can I make this work?

an alternate port for outgoing as well (which only responds to local network (of 2525). Each port/IP combo in postfix can pass things to it's own filter (thus two separate instances of SA). Hope that helps. Gary Smith From: Dan Gambiera [mailto:anu...@gmail.com] Sent: Monday, December 28

RE: OT bad news

(Standing ovation on both emails) -- Dan Schaefer Web Developer/Systems Analyst Performance Administration Corp. I feel beat down now :( j/k

RE: OT bad news

and the problem is? if they want exchange, give them exchange. don't fight (directly), watch instead. take pleasure of the situation, get fun as you can. I personally took fun all day long in windows-only (and believe it or not, in linux-only) environments. that said, you can still

RE: unsubscribe

Didn't we already have this discussion today. You need to use the link in the headers! Try users-unsubscr...@spamassassin.apache.orgmailto:users-unsubscr...@spamassassin.apache.org From: Danny [mailto:d...@eastcogroup.com.hk] Sent: Tuesday, September 29, 2009 8:34 PM To:

RE: AWL q?

memcache is nice, but how do you use memcache data in postfix ? There is a patch for memcached and postfix. The problem is, which is what I'm working on, is how to populate it. They only give you the mechanism for using memcached. (http://www.aurore.net/projects/postfix_memcached/) So,

AWL q?

I've been finding a lot of singletons in the AWL db for domains that are all spam. Is there a way put an entire domain into AWL or set it up to give an average score for that domain? Obviously I can put this directly into the config file but I'm looking for a less intrusive way to do this.

RE: AWL q?

I don't let that junk get past envelope stage: postmap -q weekendhotdeals.info mysql:/usr/local/etc/postfix/mysql- from_senders_rhsbl.cf 554 RHSBL_DOMAIN I assume you are running some type of background process that generates the list of senders based upon some criteria. Can you share

RE: using external spamassassin server with postfix

We have a cluster of postfix servers through a load balancer. I would like to set up an external set of spamassassin servers where these postfix servers simply query the spamassassin servers over the network for spam decisions then drop or relay accordingly. This is for outbound email

RE: using external spamassassin server with postfix

Very cool. I think that's exactly what we want. How is the handoff to clamav handled? I would probably want that to be on the external server too. Here you go. Smtp, well, that should be obvisous. Anyway, it' hands it off to [IP]:PORT (clamsmtpd) which will then call back on 9993.

RE: your mail

Because as I said numerous times I'm not talking about ISPs. I'm not sure precisely which part of I'm not talking about ISPs you don't understand. Are you not aware that there are companies that provide email services without being ISPs: Google, Fastmail, Tuffmail etc. Just because they

RE: your mail

Again, I've no idea what relevance that has to anything I've written. All I ever said in his thread was that I don't in general rate ISP mail very highly, and that if an ISP blocks outgoing connections to port 25 you can still connect to a third-party server through either the submission

RE: your mail

I agree. We're and ISP and I don't want us to be associated with companies like Google. I don't want Google operating in my market and I'm sure as heck that Google doesn't want me operating in the search engine market, either. I don't agree with this everyone's an ISP mentality that's

RE: mail slipping through

Aug 19 15:03:11 hsoakmsa03l02 spamd[28319]: spamd: result: Y 4 - BAYES_50,HTML_MESSAGE,MIME_HTML_ONLY,SPF_HELO_PASS,URIBL_BLACK,URIBL_RH S_DOB scantime=0.2,size=4543,user=filter,uid=124,required_score=0.0,rhost=10. 80.65.9,raddr=10.80.65.9,rport=53097,mid=509800d.5...@biblegame.info,

RE: mail slipping through

All BAYES_50? Silly question, but are you sure you're properly training? Running sa-learn as the right user, and all that? I must have been tired. I thought I had run sa-learn --dump ealier, but I guess I didn't. It looks like the new server has a very high ham rate and a low spam rate.

RE: sare channels

Read the top of the rulesemporium site: http://www.rulesemporium.com/ SARE rules aren't being updated. Hence, sa-updating them is pointless. Is it still recommended to run the SARE rules?

RE: sare channels

There's nothing wrong with running them if you want.. but using sa-update on them regularly is utterly pointless.. Matt, Thanks. I used them years ago back before rulesemporium actually existed, and I know they had value at the time. I just didn't know if the rules were migrated into

mail slipping through

I've been having a pretty good hit rate on spam until recently (about two weeks). Two types of email have been coming through at a good rate. I'm receiving at least four per hour from the domains included below. I've also been training bayes with them as well, to no avail.

RE: mail slipping through

Is it pretty much the same body, just different senders? Yes and no. They are all the same body layout, some with different items in it. You can take a look at the body content here (screen captures of the content): http://www.localassociates.com/?page_id=7 Wares range from auto

RE: mail slipping through

I'd think that disclaimer code would be good bayes fodder, if the spams are as consistent as you say. That was in the comment right after the pastebin attachment. I will enable debugging on the SA server so I can save it there tonight and see what it says.

RE: mail slipping through

That was in the comment right after the pastebin attachment. I will enable debugging on the SA server so I can save it there tonight and see what it says. Huh? You've lost me. And I meant to say disclaimer text, the Any such information we gather shall never be shared with blah

RE: SA and mail from backup mx?

Hello, Mail from my backup mx is not being scanned for spam as it's coming in. Is this something i'd have to turn on at the MTA level, content filter, or SA? A majority of stuff my backup mx sends me is spam and i'd like to get it tagged as such. Is the backup on the same network

RE: SA and mail from backup mx?

Is the backup on the same network as the primary? Do you have it listed as a trusted machine in the local.cf file? The backup is not on the same network as the primary and it is not listed as a trusted machine in local.cf. My setup is like yours, if the primary goes down for

RE: mail slipping through

Ah. Okay. You might also be able to look up the Message-ID in /var/log/maillog, if you're using spamd. Didn't think of that. Here is the corresponding spam result for the pastbin entry (http://pastebin.com/m51fd9344) 503bb52.5...@biblegame.info Aug 19 14:53:10 hsoakmsa03l02

Spamcheck and how it affects bayes question

We have a process in place using the perl CPAN module for invoking SA. This is outside of the scope of the normal mail system. Basically we use this to see what scores emails would generate for some statistical stuff. The spam engine this calls is to set use -100 as the score so that

RE: Spamcheck and how it affects bayes question

The bayes auto-learning system does not care what your required_score is set to, and does not care if messages are tagged as spam or not. It uses its own thresholds, and its own additional criteria for learning. So, feeding it lots of mail with the threshold set to -100 shouldn't matter at

RE: SORBS bites the dust

If you follow the unlisting proceedure and meet all of the requirements, then you get unlisted. As with all things, it just takes a little patients. After converting my IP's over from my ISP to my DNS servers, I was listed (because the ISP no longer listed us a static). We were able to

RE: Is email becoming unusable due to spam and antispam?

Igor, I'd say your paranoid, but I had a crazy problem recently with my outgoint email. This is my $0.02. About middle March emails sent from our domain to craiglist started bouncing back saying that they would not accept email from hosts with the works dyn or static in their RDNS zones.

RE: [OT] Email Servers

The target environment (software and hardware) would help as well. Under RedHat 9, RHEL3 and Fedora we use postfix, SA, Vexira A/V (commercial but works well) and uw-imap. Configuration was fairly simple. Gary Wayne Smith -Original Message- From: Jeffrey Lee [mailto:[EMAIL PROTECTED]

RE: scan times up!

Chris, Your priorities are wrong... Give the wife and kids the old hardare. :) It seems that AWL could also be to blame. Looking at some of the threads on performance and memory issues everyone seems to have AWL configured. When we ran 3.0.0 rc4 in development it seemed to work fine even

RE: SA 3.0 is eating up all my memory!!!

Hence my comments on the OT thread earlier today about the BigEvil author going mad one day... :) -Original Message- From: snowjack [mailto:[EMAIL PROTECTED] Sent: Friday, October 01, 2004 4:20 PM To: users@spamassassin.apache.org Subject: Re: SA 3.0 is eating up all my memory!!!

[OT] The list is quiet...

Title: [OT] The list is quiet... Almost too quiet! Echo... Echo.. Echo. I guess no ones home today.

RE: scan times up!

Chris, You wouldn't by chance be running the old bigevil ruleset would you. We heard that the author went mad and the final product started ripping the souls out of their systems... Just a thought :) Gary -Original Message- From: Chris Santerre [mailto:[EMAIL PROTECTED] Sent:

RE: Bayes not working

BTW, something else to keep in mind. There is a gotcha for sa-learn. If you happened to be logged in as root when training then the journal file is owned by root and SA can no longer entries in bayes. Check the ownership of the file. If it's not owned by the same user.group as SA needs then

RE: Spammers using my server

You can alternatively tell the SMTP proxy to deny anything from your internal network except from individual machines (such as your RH 3 mail server). We also limit who can hit the DMZ perimeter SMTP servers at the firewall level. Therefore only the Exchange servers (in our case) or our client

RE: What the Hell? Fw: Mail delivery failed: returning message to sender

Which is where the converstation original started :). I have a PDA phone that I used but I cannot send out email through earthlink in the matter discussed. So I send it through my own service (which in on a leased line from Earthlink). I use pop-before-smtp which has been working reliably.

RE: EIP in 3.0 rc5 on FC2

I had similar problems, not related to SA though, and found that the mm application was trying to allocate randomly high memory locations. Turned out to be a bad memory chip. Using the Fedora core 2 boot disk I did a memtest86... Might be worth the extra hour...

RE: [SARE] Some SARE spam.

BTW, if you open source project happened to have an NPO license from the state for which it holds a license to conduct business (yes, I know it's an oxymoron) which isn't hard to get then yes, donations would be a tax write off... Gary -Original Message- From: Chris Santerre

RE: [SARE] Some SARE spam.

She looks like the girl from CSI except blonde. Then again, her eyebrows aren't! From: Jim Maul [mailto:[EMAIL PROTECTED] Sent: Thu 9/16/2004 8:32 AM To: users@spamassassin.apache.org Subject: Re: [SARE] Some SARE spam. Quoting Chris Santerre [EMAIL

RE: [TopPost] RE: [SA-LIST] RE: Subject line

Who said necrophilia is dead? You wouldn't have to worry about her complaining about all of the time that you spend on computers or the amount of spam she gets when you don't (gotta love that double edged blade). From: Jim Maul [mailto:[EMAIL PROTECTED]

RE: Unreasonable penalty for AOL addresses ending in numbers?

there. The combination together probably didn't help the bayes scoring much. Gary Smith [EMAIL PROTECTED] From: Pierre Thomson [mailto:[EMAIL PROTECTED] Sent: Wed 9/8/2004 5:38 AM To: users@spamassassin.apache.org Subject: Unreasonable penalty for AOL addresses ending in numbers

RE: ANNOUNCE: ApacheCon US 2004 (SpamAssassin Sessions!)

Since no one else is offering I guess I'll go with you... Do you know if they allow air horns? BTW, I got a free hat at Linux world that say's Linux Rocks by the guy at the door because the hat I was wearing had a penguin with his head blown off... He said it was Inpropriate (not a

RE: ANNOUNCE: ApacheCon US 2004 (SpamAssassin Sessions!)

Correction, Rooms... My wife might get a little confused if she reads that one! :) Gary From: Gary Smith [mailto:[EMAIL PROTECTED] Sent: Wed 9/8/2004 2:16 PM To: Chris Santerre; users@spamassassin.apache.org Subject: RE: ANNOUNCE: ApacheCon US 2004