Hi,
SpamAssassin DOES NOT bypass scanning, if the internal or trusted
networks contain the server in it.
Hmm.. thanks for correcting me.
How would you, then, go about preventing SA from scanning the
localhost or a specific domain without whitelisting that domain or
range?
Thanks,
Alex
Hi,
I really hate to respond to this because it's so off-topic (how long
did it take you to write that email, anyway?), but you're s
missing the point that I just can't let it go, and it's slow on a late
Friday night.
Yet, you open up a new Mac and what's inside? A PC motherboard and
Hi,
What's the business model of this scam? I can't believe they really want
millions of iron cast ovens from all around the world. Maybe I should
answer and ask directly ;D
Long time since I've last seen one of these...
My impression was, they want money of course. The victim falling for
Hi,
http://englishrussia.com/?p=2137
plenty of abandoned scrap metal already in Russia.
Maybe they could blow it up like the brain surgeons did to that dead
whale that was littering the beach in Oregon?
# The Infamous Exploding Whale
http://www.youtube.com/watch?v=8Vmnq5dBF7Y
Alex
Hi,
On the message that should have been scanned:
The emails that has not been tagged at all:
[...]
From: Angus - 3idea angus.d...@3idea.com
To: supp...@3idea.com
Are you forwarding this spam from your internal account to this other
internal supp...@3idea.com account? It also looked like
Hi,
Over the past few days I have been investigating more closely email
that wasn't tagged that I thought should have been, and vice-versa,
using various factors, such as URIBL_BLACK and JMF_W. I'm very
surprised that obvious hosts are on the URIBL_BLACK list, like
receiveeweek.com.
Even more
Hi,
In order to confirm you Web-Mail identity, you are to provide the
following data;
First Name:
Last Name:
Username/ID:
Password:
Date of Birth:
Try John Hardin's fillform:
http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/jhardin/?sortby=date
Regards,
Alex
Hi,
I'd like to download a few of the rules from the SVN sandbox for
testing without using svn for this. It used to be possible by clicking
Download but in the last week or so the site was updated and that
option is no longer available. Do I have to use svn now for this?
Hi,
Sorry, just after I sent this I saw the message from yesterday about using svn.
Thanks,
Alex
On Sat, Oct 17, 2009 at 1:24 PM, MySQL Student mysqlstud...@gmail.com wrote:
Hi,
I'd like to download a few of the rules from the SVN sandbox for
testing without using svn for this. It used
Hi,
rawbody __CCM_UNSUB
/https?:..visitor\.constantcontact.com\/[^]{60,200}SafeUnsubscribe/
Ouch! Rawbody, that hurts.
Do you mean that it's much more resource-intensive than a regular
body check? When is it necessary (or possible) to use it over the
URIDetail substitute you mentioned?
Hi,
Does anybody here know anything about the legitimacy of Constant
Contact http://www.constantcontact.com/anti_spam.jsp ?
Sometimes abused, but too legit to outright block based on sending IP, imo.
In addition to constantcontact, can I add the following to the list of
hosts I'd like
Hi,
How is Constant Contact better than (say) GNU mailman for that purpose? I
don't understand the concept of sending internal mail via an external third
party...
In addition to what's already been mentioned, CC also provides a nice
template that people can drop their message into and click
Hi,
With this:
Received: from public30108.xdsl.centertel.pl (HELO
marcin-8963fd6f) (79.163.117.156)
my postfix setup would have simply dropped it on the floor at the
HELO/EHLO. If it doens't HELO with an FQDN and a proper rDNS, we don't
talk to it.
Kurt, can you explain how you're
Hi,
smtpd_helo_restrictions = permit_mynetworks,
reject_invalid_helo_hostname,
reject_non_fqdn_helo_hostname,
permit
I'm currently using reject_non_fqdn_sender and
reject_non_fqdn_recipient. I wanted to be sure I should use the two
helo restrictions you've listed above
Hi,
http://www.impsec.org/jhardin/antispam/
This should be:
http://www.impsec.org/~jhardin/antispam/
(note the missing tilde :-)
Regards,
Alex
Hi,
I thought I would look through the quarantine for BAYES_00 to see if
there were any mis-marked messages or if bayes was not firing
correctly, and I have found a few, although not how I expected it
would be.
Instead of finding BAYES_00 in spam, I've found it in ham that was
pushed over the
Hi,
What makes you think any of the rules are incorrect? A score of 6.1 is not
100% (or even 99%, IIRC) spam.
Incorrect in that at least one of the rules fired when they should not
have, making the valid email to be marked as spam.
there's a couple of things here.
First, for some reason
Hi,
I'm not sure which of those scored what. [...]
Seconded. I do see quite a few custom rules. How much did they score?
My apologies; I hadn't realized so much of it was non-standard. It's
otherwise obviously not very possible to help without knowing what the
rules are for if you haven't
Hi,
We use some rules if we talk open about it and say hey this spammer is
stupid look here, then it will take less then 12 hours and that gap is
closed and we loose a valuable trick.
yes its the way it is, spammers can also read maillists and adapt there
spamming rules to get bypassed
It
Hi,
I also don't understand how SPF_SOFTFAIL could happen when there
wasn't any SPF record to test to begin with.
http://www.openspf.org/
i have no spf either
http://old.openspf.org/wizard.html?mydomain=junc.orgsubmit=Go! :)
But it's sent from cron, so the host is localhost.
I definitely
Hi,
I have a set of users that are authorized to use the mail server via
pop-before-smtp, but SA catches the mail they send through the system
as spam because they are on blacklisted Verizon or Comcast IPs:
why are they not using smtp authentication?
I think you're referring to SASL? Some
Hi,
What we need are rules that combine a lot of simple rules into concepts
and then combine those rules into rules that score - and score big. As
an example, [...]
Yes, SA definitely needs that and sorely lacks this ultimate feature!
Can I respectfully add to this that John Hardin has
Hi,
Some portion of our users are from China. I hoped someone could help
me troubleshoot the best way to permit a user from .cn to forward mail
without improperly being tagged as spam, yet still block the majority
of spam from .cn.
Here's the SA report:
X-Spam-Report:
* 0.1
Hi,
I sent this message more than an hour ago, and it looks like it's yet
to hit the list. Resending.
Thanks,
Alex
-- Forwarded message --
From: MySQL Student mysqlstud...@gmail.com
Date: Fri, Oct 9, 2009 at 2:34 PM
Subject: Re: SA needs a new paradigm for rule structure
To: SA
Hi,
Could you ask them to provide ham samples for the automated masschecks?
We currently have none in the corpus so we cannot test the safety of rules
against Chinese language mail.
Yes, I know how important that is. I recall you mentioning that a few
days ago. I think it would be quite
Hi,
I actually would be doing that but the filter does not know how to
handle int(), so I would have to build a filter for all possible number
combinations, but if I could just get SA to do the basic math for me and
write a header or subject I can filter off of that.
We do something
Hi,
That sounds overly complicated and like a lot of wasted cycles. Calling
a Perl script for each message? What you just described sounds a hell of
lot like this light-weight SA configuration:
Yes, I should have mentioned that it is a copy of the mail that users
receive and only visible by a
Hi,
It still is spawning a Perl process per message. You can do away with
that processing hog, if you use the add_header rule I mentioned before
and have SA do it instead.
You may be right. I'll have to investigate doing this for this
specific user only. Thanks for the info.
Thanks,
Alex
Hi,
I have a set of users that are authorized to use the mail server via
pop-before-smtp, but SA catches the mail they send through the system
as spam because they are on blacklisted Verizon or Comcast IPs:
X-Spam-Status: Yes, hits=5.4 tag1=-300.0 tag2=5.0 kill=5.0
use_bayes=1 tests=BAYES_50,
Hi,
Does your pop-before-smtp method cause your MTA to indicate they've been
authed in the Received: header?
I don't believe so. There doesn't appear to be anything additional in
the header relating to pop-b4-smtp. I'm using postfix. Perhaps
off-topic, but ideas on how to do this, if you think
Hi,
It's a shame that, living in Denver, I will be *just* out of range of
hearing the screams as the mailspools fill with viruses, malware, and
massive payloads of Spanish Prinsoner spams.
Awe, c'mon now. Yes, I agree SA is a better solution, but Microsoft
didn't get to be a
Hi,
doesnt it appear to everyone else that this has the (slim to none) makings
of a new urban legend?
I have to admit that when Warren posted this, I went to snopes to
check, and there was nothing there :-)
Regards,
Alex
Hi,
Other than the sought rules, all the rules are manually generated? Is there
any statistics on how frequently are new rules/regex adopted by
spamassasssin? Who are the people who write them? Any details related to
Information on Justin Mason's SOUGHT rules is here:
Hi All,
Regarding the .cn oddity, I added these to my rules, and of about 79k
messages today so far, I have the following:
uri LOC_URI_CN m;^https?://[^/?]+\.cn\b;
uri T_CN_8_URL /[\/.]+\w{8}\.cn(?:$|\/|\?)/i
LOC_URI_CN: 2926
T_CN_8_URL: 1634
HTH,
Alex
Hi,
For those of you getting spam from IPs/Hostnames on my hostkarma
white list, if you could email me a list of false hits (IP or host name) I
could probable clean out the bad entries in the white list pretty quick.
I'm not sure this is the best approach. I have a procmail recipe that
Hi,
header RCVD_IN_JMF_W eval:check_rbl_sub('JMF-lastexternal', '127.0.0.1')
describe RCVD_IN_JMF_W Sender listed in JMF-WHITE
tflags RCVD_IN_JMF_W net nice
score RCVD_IN_JMF_W -5
Hopefully my comment isn't out of place with the current discussion of
JMF/Hostkarma. I think this is not only a
Okay, my bad, please ignore. Damn google auto-complete.
Alex
On Sun, Sep 27, 2009 at 6:46 PM, MySQL Student mysqlstud...@gmail.com wrote:
Hi John,
Another batch of money spam attached. Everything is the same as the last time.
Thanks,
Alex
Hi,
I posted bug 6198 a few weeks ago, and there have been no comments or
fixes on it in two weeks, and I'm unsure what to do next. It's either
not a bug and I'm doing something wrong or it's not significant enough
to bother with the focus on v3.3.
Thought someone might have some ideas here? I'm
Hi,
[13204] dbg: config: read
file /var/lib/spamassassin/3.002005/sought_rules_yerp_
org/20_sought.cf [13204] warn: config: invalid regexp for rule
__SEEK_D52BRW:
grep doesn't find __SEEK_D52BRW in my copy of the rules.
This was from the sa-update when I submitted the bug report.
Hi,
Try using a local SA setup for stripping the headers. By local, I mean
don't use your main production SA - run a separate copy with its own
(cut down) configuration and all data base accesses and UBL calls etc
turned off.
Much better idea, thanks. Thanks for the script, too.
Best,
Alex
Hi,
Thank you all for your help. The mbox split suggestion is a good
one. I'll follow that route and post my experience later.
formail -s is the way to go.
I thought about that as a component of procmail. Sounds great.
Thanks,
Alex
but this will invalidtate dkim headers if this headers is signed, are
spamassassin aware of this problem ? (in general)
Are you saying there is a bug?
mutt -f mbox
in mutt save to another folder if missclassified
Yes, I use pine for that, but would like to eliminate as many of the
FNs as
Hi,
IIRC you previously mentioned using Pine. Just in case you're not aware
the default format for Pine/Alpine is MBX, an extended version of
MBOX. You can tell the difference because MBX mailboxes start with a
dummy email that's hidden by the software.
It seems that if you save messages
Hi,
It's certainly not a fast operation, but using the following will
split an mbox into individual messages:
export FILENO=0
mkdir msgs
formail -s sh -c 'cat - msgs/$FILENO' mbox-name.mbox
I also created a loop that would strip all the SA headers from the messages:
for file in *; do echo
Hi,
I have an mbox with about a 100 messages in it from a few days ago.
The mbox is a combination of spam and ham. What is the best way to run
SA through these messages again, so I can catch the ones that have
URLs in them that weren't on the blacklist at the time they were
received?
Must I
Hi,
Do you just want to re-scan the whole mbox and see what rules hit now
for research reasons?
That's a good start, but I'd like to see if I can break out the ham to
train bayes.
There's no way to (directly) get SA to modify email that's already in an
mbox file. The mass-check and sa-learn
Hi,
You probably want spamassassin --mbox. :)
It won't modify the messages in-place, but you can do something like
spamassassin --mbox infile outfile.
My apologies if it wasn't clear, but these messages have already been
marked by SA. Some are ham, and the rest are FPs that I'd like to
Hi,
You probably want spamassassin --mbox. :)
It won't modify the messages in-place, but you can do something like
spamassassin --mbox infile outfile.
My apologies if it wasn't clear, but these messages have already been
Wait, my mistake. I read that too fast. Does that work, and rewrite
Hi,
I have been going through about 15MB of email generated from a
procmail recipe searching for RCVD_IN_JMF_W, and you would not believe
how many also match URIBL_BLACK or URIBL_GREY. Call me naive, but are
there really that many providers that are unaware their clients are
sending spam? (okay,
Hi,
also if using amavisd make its temp dir on ram speed up scanning and it
considered safe, mta have it on disk for the backup :)
How about mounting /var with noatime? Does anyone do that? Do you
think it helps? What Linux filesystem is best suited for this? ext4?
Thanks,
Alex
\s is the proper way to represent whitespace.
lol, yes, I know that; I was actually trying to match 's' and the
slash is the start of the pattern match.
I wasn't referring to the beginning of the RE.
Yeah, I realized that just after I sent this, if anyone cares :-)
Thanks again,
Alex
Hi,
The 'doubleheadedrover' domain currently shows up in Razor(E8),
uribl_black, surbl_jp, and invaluement.
But it wasn't in all of those when he first started posting about it.
Yes, that's correct. Thanks for your help. That's already caught a
few. I have another that I thought you could
Hi,
I have several emails that are tagged with RCVD_IN_JMF_W,
SPF_SOFTFAIL, and RAZOR2_CHECK such as this one:
http://pastebin.com/m4a4d990e
why accept SPF_SOFTFAIL ?
cant this be solved ?
I don't understand. I'm still learning how the SPF rules work.
Shouldn't I be adding points for an
Hi all,
I've seen this pattern in spam quite a bit lately:
href=http://doubleheaderover.com/jazert/html/?39.6d.3d.31.66.67.6b.79.77.63.77.63.65.6e.74.69.6e.6e.69
.61.6c.5f.68.31.33.33.2e.6f.39.39.41.4d.2e.30.30.45.33.39.2e.30.32.30.61.64.6b.37.61.76.61.67.63.31.66.
Hi,
I have several emails that are tagged with RCVD_IN_JMF_W,
SPF_SOFTFAIL, and RAZOR2_CHECK such as this one:
http://pastebin.com/m4a4d990e
Is the criteria for being listed on the JMF_W simply that it contains
a domain that is whitelisted, despite whether it contains another URL
that is
Hi,
http://pastebin.com/m4a4d990e
Is the criteria for being listed on the JMF_W simply that it contains
a domain that is whitelisted, despite whether it contains another URL
that is blacklisted?
I'm not sure what you are saying here, it's not as if the people
running the whitelist could
Hi all,
I'm trying to understand how shortcircuit works to ease some of the
load on the severs. First, does anyone have any recommended metas that
they use in their environment that might help?
Can I add shortcircuit to an existing rule, or does the rule have to
be designed to be used with
Hi,
I am getting rather tired from messages spamming porn-portals. They typically
originate from hotmail.com, and advertise a porn-portal based on
google.com/groups, google.com/reader, groups.yahoo.com, pipes.yahoo.com,
spaces.live.com, docs.google.com, sites.google.com and livejournal.com.
Hi,
On Saturday August 29 2009 19:47:32 R-Elists wrote:
have many, or any of you folks on the list migrated your production servers
to the 3.3.0 alpha 2 or later release?
We are certainly one of them (actually running CVS head,
which is pretty close to alpha2). About 1000 users here.
Do we
Hi all,
I'm seeing an increase in Google Reader and yahoo
groups/personals/profile spam. Here's an example of the Google Reader
spam:
http://pastebin.com/m1021fc5f
Any ideas on how to catch this one? For the Yahoo spam (with links to
yahoo sites ending in '/1', I've created these:
uri
Hi all,
I thought I understood, but I'm still having trouble converting a
message in the quarantine back into a normal email message that I can
forward on to a recipient. Does anyone know how to do this?
Thanks so much.
Best regards,
Alex
Hi,
I thought I understood, but I'm still having trouble converting a
message in the quarantine back into a normal email message that I can
forward on to a recipient. Does anyone know how to do this?
Maybe I missed something, but SpamAssassin doesn't have a quarantine.
Hi SA users,
I have a few messages found in the quarantine that I need to train as
ham because they were marked as spam incorrectly. To do this, I added
the following to the top of the file so it becomes a normal email:
From DUMMY-LINE Thu Jan 1 00:00:00 1970
Is this correct? (without the
Hi,
If you're using autolearning, what are your learning thresholds?
What do you recommend for thresholds? I'm considering using
autolearning, but very concerned about corrupting the database. I
think I would use something like +15 for spam.
There are FNs on occasion in the 2.x range with low
Hi,
mimeheader AS_090508_CTYP_PNG Content-Type =~ /image\/png/
mimeheader AS_090508_CTYP_JPG Content-Type =~ /image\/jpg/
mimeheader AS_090508_CTYP_JPEG Content-Type =~ /image\/jpeg/
All scored the same. Can be written as a single rule.
I've spent some time and tried to refine
Hi,
mimeheader LOC_CTYP_IMG ((Content-Type =~ /image\/png/) ||
(Content-Type =~ /image\/jpg/) || (Content-Type =~ /image\/jpeg/) ||
I thought this passed through my --lint, but I only caught it the
second time. I was looking around for the (new) right way to do it,
and found this in
Hi,
Text added to e-mail is a bogus one, never repeated, same as the old styled
spam mail with attached images. The OCR doesn't detect nothing, I understand
because of flagged effect. Also, image file name changes, if it have.
A few of these have slipped through on my systems, but for the
Hi,
I've been using the junkmailfilter rules for a few days now, and it's
doing quite well. It occurred to me that I might be able to use the
RCVD_IN_JMF_W rule filter whitelisted domain mail, and use that to
train bayes ham.
Would this work? There of course would be mail from
Hi,
The problem is that the spammers test with the SA rulesets as soon
as they are released, which is why the rulesets become ineffective.
I'm not sure I agree with that. If this were the case, I would have a
lot less spam with scores of 50 or more, which obviously aren't even
trying to do
Hi,
spamassasin. I have a test message which is genuine. Running this through
spamassasin with -t (test) mode as described below gives the output below:
Running : spamassassin -t /tmp/rose2 gives at the bottom the following
(edited for privacy) report.
Try adding some debugging output,
Hi,
list. No errors reported then, and I've now forgotten the url. www.yerp.org
now gets me a webmail login screen, so obviously that wasn't it. Toss that
url to me and I'll replay it again.
You should be able to search through your browser history, no?
With Firefox v3.5, you can also just
Hi,
You can also set your min_cf in your razor config files, which will
affect when the RAZOR2_CHECK rule fires. This does work in SpamAssassin,
as I have over-ridden the min_cf on my own system, and have done so for
years.
Thanks to everyone for their great ideas thus far. I'm looking
Hi,
So perhaps instead of adding another RBL, maybe some admins need to
consider adding in some HELO checking / rejection.
Can you explain a bit more here? What are you checking for, that the
host is valid?
Thanks,
Alex
Hi,
Unknown user 32.00% (32.00%) 87427696
Greylisted 24.88% (16.92%) 46225401
Throttled 11.03% (5.64%) 15399444
Relay access denied 0.01% (0.00%)
Hi,
What log script do you good people use to generate the list above ? Is it
a home brew or one we can download so we can compare our own hits ?
http://www.rulesemporium.com/programs/sa-stats.txt
Any chance someone knows where there is a compatible one that parses
amavisd instead of spamd?
Hi,
I thought grep -c RAZOR2_CHECK through my mail logs would give me a
good approximation of the number of times RAZOR2 was consulted, but
that doesn't seem to be the case. There are some mails that don't have
it listed in the tests= section.
I've also tried the razor-* commands, and they don't
Hi,
I'm having trouble catching a particular type of spam, and hoped
someone had some time to take a look:
http://pastebin.com/d57336542
It doesn't match RAZOR2, or any of the URI lists, and it's only
BAYES_50. I have a pretty well-established BAYES db, so I'm surprised
it's only BAYES_50. What
Hi,
Maybe this will sound dumb but wouldn't it be perfectly
safe to blacklist example.com after all, that isn't a
domain your ever going to get mail from.
I could be wrong, but I'm guessing the example.com is the OP's munging.
Yes, that's correct. My apologies.
Best,
Alex
Hi,
Are we to make guesses on what else might be munged?
Is just example.com munged or the 172.0.0.1 also munged?
Just the domain was munged. Thanks for the info. I should have been
able to figure that out.
Thanks,
Alex
Hi,
it hits spamhaus, and spamcop, what more do you want ?
meta haus_cop (spamhaus spamcop)
score haus_cop 5
X-Spam-Status: No, hits=4.8 tagged_above=-300.0 required=5.0 use_bayes=1
tests=BAYES_50, DATE_IN_PAST_03_06, RCVD_IN_BL_SPAMCOP_NET,
RCVD_IN_SORBS_WEB, RCVD_IN_XBL,
Hi,
50_scores.cf:score RCVD_IN_BL_SPAMCOP_NET 0 2.188 0 1.960 # n=0 n=2
50_scores.cf:score RCVD_IN_XBL 0 2.896 0 3.033 # n=0 n=2
70_relay_country.cf:score RELAYCOUNTRY_US 0.1
50_scores.cf:score RCVD_IN_SORBS_WEB 0 1.117 0 0.619 # n=0 n=2
50_scores.cf:score BAYES_50 0 0 0.001 0.001
Hi,
I have another spam message that is very elusive, and thought someone
might be able to take a look. I tried to post it to pastebin, and its
spam filter apparently catches it, and prevents me from posting. It's
definitely in the header.
Is there something else I can do to post it, or does
Hi,
After another day of hacking, I have a handful of general questions
that I hoped you could help me to answer.
- How can I find the score of a particular rule, without having to use
grep? I'm concerned that I might find it at some score, only for it to
be redefined somewhere else that I
Hi,
I'm trying to configure RelayCountry. I have it installed, and SA recognizes it:
# spamassassin --lint -D 21|grep -i country
[4278] dbg: diag: module installed: IP::Country::Fast, version 604.001
[4278] dbg: plugin: loading Mail::SpamAssassin::Plugin::RelayCountry from @INC
[4278] dbg:
Hi,
I don't know if it makes a difference, but I call it Relay-Countries to
match the name of the pseudo-header used in the tests
add_header all Relay-Countries _RELAYCOUNTRY_
It doesn't appear to make a difference. I must be doing something else
wrong. Using spamassassin --lint -D
Hi,
Has anyone tried the phishing rules generated by Julian Field and
developed by Google? It looks really neat:
http://www.jules.fm/Logbook/files/anti-phishing-v2.html
It's basically a list of 3.5k email addresses found in email thought
to be spam. Looks to be developed by Google, so it's
Hi,
[23760] dbg: metadata: X-Relay-Countries:
The --lint test is *NOT* valid for this. --lint is *ONLY* to verify your
config files are parseable.
Yes, thanks, I should have known that, and I think I did. I mentioned
in the previous post that I tried it with a real message, and even
viewed a
Hi,
This is also why the plugin works and you do get the per-country rule
hits, but don't get the SA Relay-Countries header.
Yes, you are correct. Thanks for the lead and the explanation. Here's
a thread that talks about how to add the header for amavisd:
Hi,
I find ordinary header and meta rules are all I need:
http://pastebin.com/f5e5232d1
Among those rules you have:
meta RELAYCOUNTRY_MED ! RELAYCOUNTRY_HIGH (
__RELAYCOUNTRY_AF || __RELAYCOUNTRY_AS || __RELAYCOUNTRY_EU_S ||
__RELAYCOUNTRY_OC_S || __RELAYCOUNTRY_AM_S )
It's
Hi,
I'm still working on my bayes training project, but also trying to
upgrade the bayes DB due to upgrading perl and all the associated
modules. I started with this output from sa-learn --dump magic
0.000 0 3 0 non-token data: bayes db version
0.000 0
Hi,
We have accumulated quite a large list of whitelisted users, primarily
because they were previously tagged incorrectly. I've extracted a copy
of all whitelisted mail into a separate mbox.
Certainly there is some spam in there as well, but assuming I only
learn the ham, would it make sense to
Hi,
I recently upgraded perl from 5.6.0 to perl-5.10.0, along with all the
modules necessary for sa-3.2.5 and amavisd-new (an old version still).
I'm now having a problem that I really don't understand:
Jul 30 14:24:30 bigship amavis[1757]: (01757-175) TROUBLE in
check_mail:
Hi,
check_mail: decoding2-get-file-types FAILED: 'file' utility
(/usr/bin/file) failed, status=1 (256 ) at /usr/sbin/amavisd line
How's this a SA question?
Yes, my apologies. I don't know enough about amavis yet, and thought
it may be related to all the modules I upgraded, and not amavis
Hi,
* 3.0 RCVD_IN_UCEPROTECT2 RBL: Received via a relay in
* dnsbl-2.uceprotect.net
* [81.202.69.68 listed in dnsbl-2.uceprotect.net]
* 2.0 RCVD_IN_UCEPROTECT3 RBL: Received via a relay in
* dnsbl-3.uceprotect.net
*
Hi,
I'm looking an email that appears to be one of the users from the
whitelist, but instead was from:
From probesqt...@segunitb1.freeserve.co.uk Mon Jul 27 19:49:19 2009
Why can't a comparison be made between the From: info and the actual
sender? Is this because of virtual domains and/or
Hi,
Please don't paste examples to this list.
Please post them to pastebin (or a similar service) and then include the
link.
..
Yes, understood. FWIW, I know enough to not post an entire message
with headers to the list -- I'm sure half the time it would be
filtered anyway. This time it was
Hi,
sa-update lint checks the rules in a sandbox, and does not update the
local channel, if there are any issues. Moreover, do NOT copy these
updates to your site config dir -- but keep it in the update dir where
sa-update puts them [1]. SA knows how to use them instead of the
install-time
Hi,
Firstly, before you convert all these to whitelist_from_rcvd, perhaps you
ought to ask yourself whether you really need 1000 entries on your
whitelist.
I'm surprised you were the first to make that very comment, so thanks.
Does mail from these addresses actually get miscategorised as
Hi,
I have created a routine where I can enter a string into a text file
and it gets converted into a set of rules that form a cf file. They
are all of the form LOCAL_RULE_N, where N is a random 6-digit number.
Two points are added if the rule is triggered. There are now about
3800 of these
How effective are razor/pyzor and SPF/DKIM?
very effective, razor/pyzor altogether with DCC.
SPF also helps much, although it should be implemented at SMTP level and
refuse all messages that cause (hard) fail.
While DKIM is currently in SA, the only place it currently applies is
1 - 100 of 127 matches
Mail list logo
