Giampaolo Tomassoni wrote:
# Check for amavis termination
while [[ ! -z ${PIDS} ]]; do
sleep 1
PIDS=$( /sbin/pidof ${AMV_NM} )
done
In cases like this I usually just put the sleep command in the init
script like this:
...
case $1 in
I just got a new one with the usual drugs displayed in larged ascii art.
It was nearly unreadable, and it didn't pass my SA checks either.
Peter
OK, I've ransacked mailing lists for over an hour now and have yet to
find an answer to this question.
Until a couple of months ago I was running SA 2.64 under MailScanner
4.36.4, both installed from RPMs on a RedHat 7.3 system. I've been
migrating to a CentOS 4.4 box running SA 3.1.7 and
From this article at eWeek:
http://www.eweek.com/print_article2/0,1217,a=194218,00.asp
The recent surge in e-mail spam hawking penny stocks and penis
enlargement pills is the handiwork of Russian hackers running a botnet
powered by tens of thousands of hijacked computers.
Internet security
Billy Huddleston wrote:
Reverse DNS is a must. I'm surprised at how many people still haven't
got that yet in the IT world.. (Consultants mostly..)
It's not uncommon outside the industrialized world. Last few days I got
a few false positives for a client that was corresponding with folks in
Karl Auer wrote:
On Tue, 2006-11-14 at 09:58 -0500, Peter H. Lemieux wrote:
body __HAS_PENETRATION /\bpenetration\b/i
I think a lot of rules would be better for losing the word boundaries.
Very few of the worst four letter words, are ever legitimate
substrings, either
For your amusement. A spam arriving here today from Taiwan reads:
Dear Sir/Madam,
We learnt your e-mail add.from internet.
FIRST OF ALL,PLEASE KINDLY NOTE THIS E-MAIL IS SENT BY
OUR ADVERTISING COMPANY AND THE E-MAIL ADDRESS IS
NOT REAL(VIRTUAL),THEREFORE,PLEASE CONTACT US
VIA FAX OR
Jean-Paul Natola wrote:
My goal is to is have one email address bounces@ , which can have a different
score threshold than the system- in other words , anything that now comes in
and scores higher than 6.0 is considered spam and rejected- I would like to
have bounces@ set to lets say 12.0
Peter H. Lemieux wrote:
For your amusement. A spam arriving here today from Taiwan reads:
Sorry, I didn't intend to attach the whole message.
Peter
Jean-Paul Natola wrote:
I currently use the local.cf for whitelisitng located in
/usr/local/etc/mail/spamassassin
Is it ok to create that rule in that file?
SA reads rules from any *.cf files it finds in ../etc/mail/spamassassin.
Since I have dozens of custom rules, I find it easier to
Is this a good place for this? If so, I'd like to propose the following
fix to 70_sare_adult.cf:
329d328
body __HAS_PENETRATION /\bpenetration\b/i
331c330
meta FP_MIXED_PORN3 ((__HAS_COLLECTION +
__HAS_HARDCORE + __HAS_YOUNGGIRL + __HAS_PENETRATION +
Matt Kettler wrote:
Should be something like this in 50_scores.cf:
score RCVD_IN_BL_SPAMCOP_NET 0 1.332 0 1.558
Just add score RCVD_IN_BL_SPAMCOP_NET 1.0 in your local.cf.
That said, I would NOT advise raising the score of spamcop.. lots of FPs for me
lately.
I've reduced the score on this
jasonegli wrote:
For example let's say that domain xyz.com wants to allow all messages from
yahoo.com, but domain 123.com does not. Is there a way to allow FROM
[EMAIL PROTECTED] TO [EMAIL PROTECTED]?
Obtuse SMTPD (http://sd.inodes.org/) can handle this at the SMTP level.
I think it may be
Theo Van Dinter wrote:
On Thu, Oct 26, 2006 at 12:19:23PM -0400, Peter H. Lemieux wrote:
No, because there are going to be a lot of mails that would hit that.
Really? Maybe it's because I live in the US, but I can't think of a
legitimate message I've ever received consisting only of a base64
Chris Purves wrote:
In the end, with the help of Mark Martinec, I was able to determine that
the problem was with my ISP provided DNS namerservers not allowing full
TXT records to be returned (they were truncated).
Was this something that the ISP cooked up, or was it intrinsic to the DNS
I received a spam today where the text was only a base64-encoded blob.
Content-Type: text/html;
charset=us-ascii
Content-Transfer-Encoding: base64
Subject: feel young and strong again
PGh0bWw+DQpTdG9wIG92ZXJwYXlpbmcgZm9yIHlvdXIgcHJlc2NyaXB0aW9uIG1lZGljYXRpb25z
Theo Van Dinter wrote:
On Thu, Oct 26, 2006 at 09:46:28AM -0400, Peter H. Lemieux wrote:
Does SA convert the blob into text before scanning? It contains a number
of drug-related words and a URI that points to pharmconnect.org.
Yes.
I was pretty sure this was the case but wanted to confirm
[EMAIL PROTECTED] wrote:
Content-Type: text/html;
charset=us-ascii
Content-Transfer-Encoding: base64
Probably a message in base64 that does not contain any single 8bit code should
be
considered as an attempt to hide the message from scanners
That's a good idea, Wolfgang. The
Elizabeth Schwartz wrote:
IMHO if a rule is getting legit email tagged as SPAM it should be toned
down. Obeying the RFC's is a good thing, but I am trying to tune our
spam filter to filter spam, not to be a netcop. Our particular contact
seems to have gotten onto rfc-ignorant's list because it
Magnus Holmgren wrote:
I thought they did? At least the message from WU/WGA on one computer with
Windows XP I used recently was that unauthorised installations only get
critical updates, but they do get those. Is that going to change with Vista?
Yes. See, for instance,
Steve Ingraham wrote:
I am trying to figure out how I can get scores to this type of spam
bumped up so they do not get delivered to my user mailboxes. Can
anyone give me some suggestions on what I should do to stop this type
of spam from being delivered?
[...]
X-Spam-Flag: YES
X-Spam-Status:
Steve Ingraham wrote:
I was trying to see if there was anything I could change in the rules in
spamassassin to raise the spam score up enough to reach the spam_hits=10
limit set up in my qmail controls so that qmail will not deliver the
message. Once the spam score reaches 10 delivery is
Steve Ingraham wrote:
Could you explain how I can train Bayes? What specifically do I need to
do to accomplish this?
http://spamassassin.apache.org/full/3.0.x/dist/doc/sa-learn.html
Robert Swan wrote:
Guys, if my mail server announces itself as mail.somename.com and has a
PTR that matches. I can send mail out as [EMAIL PROTECTED] or
[EMAIL PROTECTED] as long as the MX record for the domain
anothername.com reads as mail.somename.com
The original questions was how do I
R Lists06 wrote:
Nothing personal, yet that is some messed up reverse dns delegation.
Perhaps, but RIPE, for instance, calls RFC2317, which proposed this
method, a Best Current Practices RFC:
http://www.ripe.net/rs/reverse/infosources.html
I also skimmed the list of complaints about this
Matt wrote:
Just to clarify here You are talking about doing something like:
domain.com 1200 IN MX 10 smtp-1.domain.com
domain.com 1200 IN MX50 smtp-2.domain.com
You all are saying that most of the spam should be coming in MX 50 right?
No, I'm saying most of the mail
Chris Santerre wrote:
But if you rely on email for time sensitive info you best rethink
what you are doing :)
Regardless of your perspective, Chris, the fact is that most people have
come to expect email to be as reliable and instantaneous as making a
phone call. In one sense that's a
Jo Rhett wrote:
Sorry, I should write a rule but no time today or tomorrow. This e-mail
has gotten past SA with no score on 4 different accounts nearly half a
dozen times today. The only change in the e-mail is the name used in
the From address, which is also reflected in the Subject line.
Chris St. Pierre wrote:
I use Postfix and, for a while, I had reject_unknown_hostname as part
of my smtpd_helo_restrictions
This was insanely effective; SpamAssassin started to get lonely while
I had this enabled. I was dropping massive amounts of spam at
connection time -- but,
Jon Trulson wrote:
Hehe, that is an old spammer trick... Our secondary MX is
pretty much 100% spam.
I implemented greylisting on the secondary which reduced spam
through it by about 99% :) The secondary does not do spam
scanning, it's simply store and forward. Greylisting really
helps in these
Fabien GARZIANO wrote:
And for dns, I'm sorry, I typed it too fast and when I meant no 'dns' i
also meant no 'named' process.
On mail servers it's usually a good idea to run a local nameserver, even
if you have no zone files to publish (e.g., the caching nameserver
named configuration that
New phish looks like a LEGIT ebay messege from another user
I handle all problems like this at the SMTP level using the old, but
extremely powerful Obtuse smtpd daemon (http://sd.inodes.org/). All
inbound mail is collected by the smtpd daemon on my MX server, then
passed to another machine
Micke Andersson wrote:
excuse me for my ignorance, but is this really the correct approach
right now, since it is quite a lot of badly configured DNS servers out
there. Should this not be handled by the SMTP server as is instead!
And return an error code of 421 or something like this. Like AOL
Marc Perkel wrote:
Sender Verification is an Exim trick. What it does is start a sequence
where my server starts to send an email back to the sender address to
see if it's a real email account. But I do a quit after the rctp to:
command. If the receiving end says the user doesn't exist then I
John D. Hardin wrote:
The Obtuse daemon also has a function that can reject mail
according to the domain of the sending server's DNS host. That
works well with some spamming operations that have dozens of bogus
domains all pointing at a common DNS host.
Any stats for that?
I'm not sure I
I get a lot of messages with a gif ad for HGH drugs with this image:
http://www.crystalmail.net/hgh.gif. FuzzyOCR doesn't return anything
because gocr doesn't show any text. I've tried various -i settings for
gocr from 1 to 254 and get gibberish at all settings.
For instance, 'gocr -i 180
mouss wrote:
Liam-PrintingAutomation wrote:
given what you posted, you sa seems to be ok. you now need to make sure
your sendmail is actually calling procmail. try putting an error in your
You can tell procmail to log its actions by adding the following to the
top of a procmailrc:
37 matches
Mail list logo
