We have been experiencing this problem for about a year now. It normally
lasts for about a month and then clears with no explanation and no
corrective action taken on our part. I thought that maybe yahoo were
experiencing load issues and targeted certain TLDs (in our case .co.za) to
alleviate load.
>
>
> I hope to use this to cut down on spam and phishing attempts, because
> I could identify legitimate mail by virtue of having the correct
> sender address (or at least domain) and recipient. That is, mail from
> [EMAIL PROTECTED] to the [EMAIL PROTECTED] is very likely mail
> from my bank, but
Thanks John, I had tried this. It appears that the \1 is not defined within
the pattern. Only for substitution?
mike
On 11/2/07, John D. Hardin <[EMAIL PROTECTED]> wrote:
>
> On Fri, 2 Nov 2007, Mike Kenny wrote:
>
> > I have a number of users that are receiving spam of vary
I have a number of users that are receiving spam of varying types. The only
common factor is the from address. This looks like
from=<[EMAIL PROTECTED]>
where sX.com looks like it is a genuine site name, e.g.
shibatec.com
southstreetfinancial.com
skiprockmultimedia.com
etc.
What I need (I think)
Jonas,
thanks for the reply. Some queries below, if you have the time.
Mike
On 6/14/07, Jonas Eckerman <[EMAIL PROTECTED]> wrote:
Blocking because a system/netblock has made many attempts to send
to non-existant users makes sense.
Any single address from wich a certain number of such attempt
On 6/13/07, SM <[EMAIL PROTECTED]> wrote:
Were you sending mail to non-existent accounts or doing sender validation?
we weren't sending anything. We are an ISP providing email services to a
large number of users in South Africa. Some of these users may have:
mis-remembered an email
mis-typ
On a related topic, netzero.com has been refusing connections from our SMTP
servers. When I queried them the response I got was:
have been blocked because we detected probe attempts. Activities like
sending mail to non-existent accounts or empty connections would qualify as
a "dictionary search"
Some mail is getting bounced due to receiving a largish number of points for
the rule in the Subject line.
When I dig the from address the MX does resolve to a valid address, but the
A record resolves to 127.0.0.1. Is this what is causing the rule to hit? Is
this a mis-configured DNS?
Thanks
mi
Thanks, I will disable it tonight.
Mike
On 1/30/07, Theo Van Dinter <[EMAIL PROTECTED]> wrote:
On Tue, Jan 30, 2007 at 01:43:31AM +0200, Mike Kenny wrote:
> To the best of my knowledge I have awl turned off. I am using SA 3.1 and
I
> notice that my v310.pre has this line in it:
I get the following error in my log file
Jan 29 21:51:31 mx4 amavis[8555]: (08555-03) SA TIMED OUT, backtrace: at
/usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/DBBasedAddrList.pm line
165\n\teval {...} called at
/usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/DBBasedAddrList.pm line
165\n\tMa
On 1/29/07, Nick Leverton <[EMAIL PROTECTED]> wrote:
They were intended to detect obfuscated spams, but I think they're not
really needed now that SA includes 20_drugs.cf and the ReplaceTags plugin.
As you say they did FP quite often on base64, on program code, and even on
ham from people who ju
The subject may be sufficient. I have a file in my /etc/mail/spamassassin
directory named 88_chickenpox. It seems to be checking for various sequence
of a number of alpha followed by a punctuation character followed by a
number of alpha. Any mail wit ha base64 encoded attachment appears to
trigger
Thank guys. This is helpful.
On 1/16/07, Robert Brooks <[EMAIL PROTECTED]> wrote:
Mike Kenny wrote:
> As I understand the situation when using amavis/spamassassin/postfix the
> flow of a messages is that it is received by postfix, passed to amavisd,
> from there to clamav, then
As I understand the situation when using amavis/spamassassin/postfix the
flow of a messages is that it is received by postfix, passed to amavisd,
from there to clamav, then to spamassassin and then back to postfix. My
questions are:
1. is this correct?
2. if I change spamassasin's local.cf or use
Thanks, mu comments embedded below.
mike
On 12/27/06, Michael Scheidell <[EMAIL PROTECTED]> wrote:
you will need to so lots of custom code.
Not so much
First, you will need a database of abusesive users (why not just suspend
their account. PERIOD, they violate your TOS, they violate the
op RELAYING, what you want to do is to catch accounts that are
SPAMMING (on purpose or infected?)
Something like a postfix policy server might help.
-Original Message-----
*From:* Mike Kenny [mailto:[EMAIL PROTECTED]
*Sent:* Wednesday, December 27, 2006 6:11 AM
*To:* users@spamassassin
rs by blacklisting them
mike
On 12/27/06, Miles Fidelman <[EMAIL PROTECTED]> wrote:
Mike Kenny wrote:
> A client of mine provides an email service to a number of mobile
> users. This leave my client open to abuse as addresses are assigned
> dynamically and blocking specific users is diffi
A client of mine provides an email service to a number of mobile users. This
leave my client open to abuse as addresses are assigned dynamically and
blocking specific users is difficult. We have set up an internal, private
DNS which we update with the authentication details of the user and the IP
I have copied a mail to spa.mail and now I execute
$ cat spam.mail|spamassassin
which outputs along with the message:
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.1.5 (2006-08-29) on
mx4.mydomain.co.za
X-Spam-Level: *
X-Spam-Status: Yes, score=5.7 required=5.0 tests=BAYES_00,FORG
The configuration that I inherited had only got TRUSTED_RULESETS="TRIPWIRE
SARE_EVILNUMBERS0 SARE_RANDOM"; in /etc/rulesdujour/config. This obviously
allows a lot of spam to filter through (or at elaast would allow the rules
to become outdated). Looking at rulesdujour.sh I notice it references a
On 11/9/06, Jim Maul <[EMAIL PROTECTED]> wrote:
I think pretty much everyone understand WHY people use these BLs. Thisis not the point. The point is, its not a very good solution.Is it even a solution? I guess that depends o nwhat the problem is. If the problem is the volume of mail passing throu
I copy the files while spamd is running and restart it after the copy.I run also sa-learn --sync in the slave server.
Do you run sa-learn --sync on the master?I ask because I wan under the impression that this just synchronized the journal with the database. As you have copied everything ac
On 11/7/06, Derek Harding <[EMAIL PROTECTED]> wrote:
Gary W. Smith wrote:>> Was the SA group listed by spamcop last month? I just now received> this for messages from October 26th.>Who cares?> <
[EMAIL PROTECTED]>:>> 209.209.82.24 does not like recipient.>> Remote host said: 554 5.7.1 Service unav
spamassassin is trapping spam and moving the mails to my quarantine
directory. I have take these and fed them through sa-learn starting
with a clean database. I then execute
sa-learn --dump all
and my output looks like
0.500 1 0 1160374814 d6b567c24b
0.500 1 0
On 10/2/06, John Andersen <[EMAIL PROTECTED]> wrote:
On Sunday 01 October 2006 06:39, Mike Kenny wrote:
> Success in the sense that
> spam is no longer entering our system. However it is still being
> passed through.
Well stop being an open relay and problem solved.
I would ha
Hi,
I am fairly new to the email environment (at least to the
administration of it). I have recently inherited an email system that
has developed a somewhat unfavourable reputation with some of the
anti-spam sites. I have been trying to address this through the use of
spamassassin and amavis with
spamassassin --lint was reporting:
debug: bayes: no dbs present, cannot tie DB R/O: =
/var/spool/amavis/.spamassassin/bayes_toks
sa-learn --dump reported:
ERROR: Bayes dump returned an error, please re-run with -D for more information
sa-learn --backup reported:
v 3 db_version # this
Pardon me if much of this has been covered in the past. I have browsed
the archives but could find nothing that seemed to addres my rather
basic questions.
First some background, though my question may be somewhat basic, myt
setup is not. I have inherited a system that is running postfix,
clamd,
28 matches
Mail list logo