I received one today as well. First time I have seen this type.
It was a pretty well drawn thread overall, they are stepping it up
From: Alan
Sent: Monday, July 26, 2021 10:56:29 AM
To: users@spamassassin.apache.org
Subject: Discord used to share malware
Maybelist?
Neutrallist?
Pcbalancedlist?
Sent via the Samsung Galaxy, powered by Cricket Wireless
Original message
From: Olivier
Date: 7/22/20 7:38 PM (GMT-08:00)
To: users@spamassassin.apache.org
Subject: Re: Thanks to Guardian Digital & LinuxSecurity for the nice post
The technical merit is simple, it's not broken, don't fix it.
There is no technical merit to be achieved here. I feel that a lot of the
argument here is just that.
The is merely a moral merit.
I think these types of changes should be used for new projects, but for
existing projects like SA
I know this is way off topic, but I'm trying to get ahold of any spamhaus.org
support members.
I could be absolutely wrong but isn't bayes a hash of the string parts which is
part of the performance of bayes?
From: Emanuel
Sent: Thursday, November 9, 2017 8:15 AM
To: users@spamassassin.apache.org
Subject: How to view bayesian
@spamassassin.apache.org
Subject: Re: Looking for assist on a rule
On 11/1/2017 2:39 PM, Gary Smith wrote:
> We have recently seen a huge uptick in spam from a bunch of different TLD's.
> Bayes has been a little whacky with them as well. Our install is 3.3.1
> (we're going to be replacin
We have recently seen a huge uptick in spam from a bunch of different TLD's.
Bayes has been a little whacky with them as well. Our install is 3.3.1 (we're
going to be replacing it soon).
I'm looking to implement a rule that will assign a higher score to specific
TLD's. I tried the rule
From: Mark London [mailto:m...@psfc.mit.edu]
Sent: Monday, September 29, 2014 2:59 PM
To: users@spamassassin.apache.org
Subject: Re: Spamassasin not as effective anymore
On 9/29/2014 12:58 PM, Mark London wrote:
On 9/29/2014 4:21 AM,
I think this would be a great idea. Many end users never bother to
delete old emails and on some, such as sales etc, there is no valid
reason for them to countinue to waste disk and server space.
http://www.zdnet.com/news/should-emails-have-an-expiration-date/6197888
No since emails are
I've got an issue where users off-campus who are doing authenticated
SMTP/TLS from home networks are having their mail hit by the PBL. I
have trusted_networks set to include the incoming relay, but still the
PBL hits it as follows:
I mentioned in a direct email (as my blackberry won't
It is safe to use spamassassin tmpdir on a tmpfs mounted system ?
And if its safe it would have a better performance ?
Here where i work we have big problems with the hard drives, because we
basically are sharing virtual machines disk over nfs. and spamassasin is a
virtual machine.
Any
My ram dos not get full, i do not have so many process, i limit it in postfix.
It reduces the chances of losing emails if i do not have many process of
spamassassin runing.
So is safe or not to use tmpfs for tempdir in spamassassin. ?
This way, everything that spamassassin have to do with
I don't know if it is safe. I suspect it will function normally, but I
think you'd be in danger of losing a few messages on an unexpected
reboot.
I had a very dramatic performance improvement by switching bayes and
awl
databases to MySQL instead of the default BerkeleyDB. It costs more
We've found that our MyISAM tables being used with Bayes in MySQL have
caused some bottlenecks on our busier mail servers. We're
contemplating using inooDB just for the Bayes database. If MySQL will
only be using innoDB, does anyone have any recommendations for innoDB
settings in my.cnf to
the Mail::SpamAssassin::Conf doc/man page shows which settings are
privileged and which are not.
That's what I was looking for. Thanks.
What options can't be overridden in user prefs? I would like to disable RBL
checks and possible use a separate mysql bayes database for one user. But it
would be generally nice if know if there are options that are global that can't
overridden.
if your isp give you dul ip, then you must use isp smtp servers as relay
This ins't necessarily true. I've had to deal with this ever time I've changed
hosts (to include Level 3 static IP assignments). Some ISP's just don't
publish their ranges as all static.
not a fault of sorbs some isp
environments for each one if necessary and
either bind each instance to an IP (which I'm not sure if that's possible) or
at least a different port.
Any advice (or some sample scripts on doing this) would be greatly appreciated.
Gary Smith
I'm sure it's possible, but rather than going through all the work of
trying to script and setup chroot environments, why not use VMs? You
can then quite literally match the production setup.
Since you are not worried about performance or memory you could give
each VM 128 MB of RAM and
Background:
I've been using SA for a long time, and for a verity of reasons, we run
different servers to support some minor changes in different rules. While
trying to setup a multi instance version on my laptop, I copied these rules
over into different directories, setup the startup/shutdown
this.
Gary Smith
the last piece of the puzzle. I think I will test this out this weekend on the
laptop, then our test environment.
Thanks for all of the information.
Gary Smith
Here's one pretty much guaranteed to peg a CPU core for ~130 seconds (or
more):
http://pastebin.com/2ssy2YEk
I'm not seeing your 130 sec CPU issue on my end. Are as mentioned by Matt, are
you running into some DNS issue? These are stock rule + other house rules in
place. I'm not
SPF works great as a selective whitelist in SpamAssassin. (And I don't
mean whitelisting all SPF passes. That would be stupid. I mean
whitelisting mail coming from domain X, but only when it passes SPF
and demonstrates that yes, it really came from domain X.)
I'd say that what you
an alternate port
for outgoing as well (which only responds to local network (of 2525). Each
port/IP combo in postfix can pass things to it's own filter (thus two separate
instances of SA).
Hope that helps.
Gary Smith
From: Dan Gambiera [mailto:anu...@gmail.com]
Sent: Monday, December 28
(Standing ovation on both emails)
--
Dan Schaefer
Web Developer/Systems Analyst
Performance Administration Corp.
I feel beat down now :(
j/k
and the problem is?
if they want exchange, give them exchange. don't fight (directly),
watch
instead. take pleasure of the situation, get fun as you can. I
personally took fun all day long in windows-only (and believe it or
not,
in linux-only) environments.
that said, you can still
Didn't we already have this discussion today. You need to use the link in the
headers!
Try
users-unsubscr...@spamassassin.apache.orgmailto:users-unsubscr...@spamassassin.apache.org
From: Danny [mailto:d...@eastcogroup.com.hk]
Sent: Tuesday, September 29, 2009 8:34 PM
To:
memcache is nice, but how do you use memcache data in postfix ?
There is a patch for memcached and postfix. The problem is, which is what I'm
working on, is how to populate it. They only give you the mechanism for using
memcached. (http://www.aurore.net/projects/postfix_memcached/)
So,
I've been finding a lot of singletons in the AWL db for domains that are all
spam. Is there a way put an entire domain into AWL or set it up to give an
average score for that domain?
Obviously I can put this directly into the config file but I'm looking for a
less intrusive way to do this.
I don't let that junk get past envelope stage:
postmap -q weekendhotdeals.info mysql:/usr/local/etc/postfix/mysql-
from_senders_rhsbl.cf
554 RHSBL_DOMAIN
I assume you are running some type of background process that generates the
list of senders based upon some criteria. Can you share
We have a cluster of postfix servers through a load balancer. I would
like to set up an external set of spamassassin servers where these
postfix servers simply query the spamassassin servers over the network
for spam decisions then drop or relay accordingly. This is for
outbound email
Very cool. I think that's exactly what we want. How is the handoff
to clamav handled? I would probably want that to be on the external
server too.
Here you go. Smtp, well, that should be obvisous. Anyway, it' hands it off to
[IP]:PORT (clamsmtpd) which will then call back on 9993.
Because as I said numerous times I'm not talking about ISPs. I'm not
sure precisely which part of I'm not talking about ISPs you don't
understand.
Are you not aware that there are companies that provide email services
without being ISPs: Google, Fastmail, Tuffmail etc.
Just because they
Again, I've no idea what relevance that has to anything I've written.
All I ever said in his thread was that I don't in general rate ISP mail
very highly, and that if an ISP blocks outgoing connections to port 25
you can still connect to a third-party server through either the
submission
I agree. We're and ISP and I don't want us to be associated with
companies like Google. I don't want Google operating in my market and
I'm sure as heck that Google doesn't want me operating in the search
engine market, either.
I don't agree with this everyone's an ISP mentality that's
Aug 19 15:03:11 hsoakmsa03l02 spamd[28319]: spamd: result: Y 4 -
BAYES_50,HTML_MESSAGE,MIME_HTML_ONLY,SPF_HELO_PASS,URIBL_BLACK,URIBL_RH
S_DOB
scantime=0.2,size=4543,user=filter,uid=124,required_score=0.0,rhost=10.
80.65.9,raddr=10.80.65.9,rport=53097,mid=509800d.5...@biblegame.info,
All BAYES_50? Silly question, but are you sure you're properly
training?
Running sa-learn as the right user, and all that?
I must have been tired. I thought I had run sa-learn --dump ealier, but I
guess I didn't. It looks like the new server has a very high ham rate and a
low spam rate.
Read the top of the rulesemporium site:
http://www.rulesemporium.com/
SARE rules aren't being updated. Hence, sa-updating them is pointless.
Is it still recommended to run the SARE rules?
There's nothing wrong with running them if you want.. but using
sa-update on them regularly is utterly pointless..
Matt,
Thanks. I used them years ago back before rulesemporium actually existed, and
I know they had value at the time. I just didn't know if the rules were
migrated into
I've been having a pretty good hit rate on spam until recently (about two
weeks). Two types of email have been coming through at a good rate. I'm
receiving at least four per hour from the domains included below. I've also
been training bayes with them as well, to no avail.
Is it pretty much the same body, just different senders?
Yes and no. They are all the same body layout, some with different items in
it. You can take a look at the body content here (screen captures of the
content):
http://www.localassociates.com/?page_id=7
Wares range from auto
I'd think that disclaimer code would be good bayes fodder, if the spams
are as consistent as you say.
That was in the comment right after the pastebin attachment. I will enable
debugging on the SA server so I can save it there tonight and see what it says.
That was in the comment right after the pastebin attachment. I will
enable debugging on the SA server so I can save it there tonight and
see
what it says.
Huh? You've lost me.
And I meant to say disclaimer text, the Any such information we
gather
shall never be shared with blah
Hello,
Mail from my backup mx is not being scanned for spam as it's
coming
in. Is this something i'd have to turn on at the MTA level, content
filter,
or SA? A majority of stuff my backup mx sends me is spam and i'd like
to get
it tagged as such.
Is the backup on the same network
Is the backup on the same network as the primary? Do you have it
listed as
a trusted machine in the local.cf file?
The backup is not on the same network as the primary and it is
not
listed as a trusted machine in local.cf. My setup is like yours, if the
primary goes down for
Ah. Okay. You might also be able to look up the Message-ID in
/var/log/maillog, if you're using spamd.
Didn't think of that. Here is the corresponding spam result for the pastbin
entry (http://pastebin.com/m51fd9344)
503bb52.5...@biblegame.info
Aug 19 14:53:10 hsoakmsa03l02
We have a process in place using the perl CPAN module for invoking SA. This is
outside of the scope of the normal mail system. Basically we use this to see
what scores emails would generate for some statistical stuff. The spam engine
this calls is to set use -100 as the score so that
The bayes auto-learning system does not care what your required_score
is set to, and does not care if messages are tagged as spam or not. It
uses its own thresholds, and its own additional criteria for learning.
So, feeding it lots of mail with the threshold set to -100 shouldn't
matter at
If you follow the unlisting proceedure and meet all of the requirements, then
you get unlisted. As with all things, it just takes a little patients. After
converting my IP's over from my ISP to my DNS servers, I was listed (because
the ISP no longer listed us a static). We were able to
Igor,
I'd say your paranoid, but I had a crazy problem recently with my outgoint
email.
This is my $0.02.
About middle March emails sent from our domain to craiglist started bouncing
back saying that they would not accept email from hosts with the works dyn or
static in their RDNS zones.
The target environment (software and hardware) would help as well.
Under RedHat 9, RHEL3 and Fedora we use postfix, SA, Vexira A/V
(commercial but works well) and uw-imap. Configuration was fairly
simple.
Gary Wayne Smith
-Original Message-
From: Jeffrey Lee [mailto:[EMAIL PROTECTED]
Chris,
Your priorities are wrong... Give the wife and kids the old hardare. :)
It seems that AWL could also be to blame. Looking at some of the threads on
performance and memory issues everyone seems to have AWL configured. When we
ran 3.0.0 rc4 in development it seemed to work fine even
Hence my comments on the OT thread earlier today about the BigEvil
author going mad one day... :)
-Original Message-
From: snowjack [mailto:[EMAIL PROTECTED]
Sent: Friday, October 01, 2004 4:20 PM
To: users@spamassassin.apache.org
Subject: Re: SA 3.0 is eating up all my memory!!!
Title: [OT] The list is quiet...
Almost too quiet!
Echo...
Echo..
Echo.
I guess no ones home today.
Chris,
You wouldn't by chance be running the old bigevil ruleset would you. We
heard that the author went mad and the final product started ripping the
souls out of their systems...
Just a thought :)
Gary
-Original Message-
From: Chris Santerre [mailto:[EMAIL PROTECTED]
Sent:
BTW, something else to keep in mind. There is a gotcha for sa-learn.
If you happened to be logged in as root when training then the journal
file is owned by root and SA can no longer entries in bayes. Check the
ownership of the file. If it's not owned by the same user.group as SA
needs then
You can alternatively tell the SMTP proxy to deny anything from your
internal network except from individual machines (such as your RH 3 mail
server).
We also limit who can hit the DMZ perimeter SMTP servers at the firewall
level. Therefore only the Exchange servers (in our case) or our client
Which is where the converstation original started :). I have a PDA phone that
I used but I cannot send out email through earthlink in the matter discussed.
So I send it through my own service (which in on a leased line from Earthlink).
I use pop-before-smtp which has been working reliably.
I had similar problems, not related to SA though, and found that the mm
application was trying to allocate randomly high memory locations. Turned out
to be a bad memory chip. Using the Fedora core 2 boot disk I did a
memtest86... Might be worth the extra hour...
BTW, if you open source project happened to have an NPO license from the
state for which it holds a license to conduct business (yes, I know it's
an oxymoron) which isn't hard to get then yes, donations would be a tax
write off...
Gary
-Original Message-
From: Chris Santerre
She looks like the girl from CSI except blonde. Then again, her eyebrows
aren't!
From: Jim Maul [mailto:[EMAIL PROTECTED]
Sent: Thu 9/16/2004 8:32 AM
To: users@spamassassin.apache.org
Subject: Re: [SARE] Some SARE spam.
Quoting Chris Santerre [EMAIL
Who said necrophilia is dead? You wouldn't have to worry about her complaining
about all of the time that you spend on computers or the amount of spam she
gets when you don't (gotta love that double edged blade).
From: Jim Maul [mailto:[EMAIL PROTECTED]
there. The combination together
probably didn't help the bayes scoring much.
Gary Smith
[EMAIL PROTECTED]
From: Pierre Thomson [mailto:[EMAIL PROTECTED]
Sent: Wed 9/8/2004 5:38 AM
To: users@spamassassin.apache.org
Subject: Unreasonable penalty for AOL addresses ending in numbers
Since no one else is offering I guess I'll go with you... Do you know if they
allow air horns?
BTW, I got a free hat at Linux world that say's Linux Rocks by the guy at the
door because the hat I was wearing had a penguin with his head blown off... He
said it was Inpropriate (not a
Correction, Rooms... My wife might get a little confused if she reads that
one! :)
Gary
From: Gary Smith [mailto:[EMAIL PROTECTED]
Sent: Wed 9/8/2004 2:16 PM
To: Chris Santerre; users@spamassassin.apache.org
Subject: RE: ANNOUNCE: ApacheCon US 2004
66 matches
Mail list logo