;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;
A server security product called Microsoft Antigen flagged it as spam
as it contains the porn and sent a bounce message to the author of
that message.
Regards,
-sm
privately and let me know)
1. Streamsend requires their users to abide with CAN-SPAM
2. An unsubscribe link is required but double opt-in is not.
3. The domain information in Whois is hidden by a privacy service.
Would you whitelist such a domain?
Regards,
-sm
a
resolution through SpamCop.
Regards,
-sm
, channel failed, or the
There is a reason the updates are signed. You can either try and
figure out the right way or you can wait for someone to compromise
one of the endpoints to deliver illegitimate updates.
Regards,
-sm
.
Have you tried http://wiki.apache.org/spamassassin/VBounceRuleset
Regards,
-sm
you need to use them.
Upgrading should be safe and easy unless you have a customized
install. See http://wiki.apache.org/spamassassin/UpgradeNotes for details.
Regards,
-sm
At 14:37 13-08-2008, jdow wrote:
What the heck is Consumers Energy doing using a reserved IP address?
They are not the only ones using these IP addresses for internal
use. It will be interesting to see what happens when these IP
addresses are assigned.
Regards,
-sm
At 14:58 21-07-2008, Skip wrote:
I thought you guys would like a little humor. Here's what I sent my
host and what I got in response. *sigh*
What response did you expect? :-)
Regards,
-sm
is
going on. If it's a spamd configuration problem, you can get the
debug output by following http://wiki.apache.org/spamassassin/HowToDebug
Regards,
-sm
output by piping an email through spamc. It's most likely spamprep
which is creating the orphaned .tmp files.
Regards,
-sm
see all
the prefixes because of the way routing works.
Regards,
-sm
At 11:30 08-07-2008, Adam Harrison wrote:
Because /var/spool/MIMEDefang/.spamassassin/auto-whitelist is still
being updated, but if I go into mysql and do a count on the AWL entries
it comes up zero:
Is your filter (MIMEdefang) reading its settings from local.cf?
Regards,
-sm
to the list only. Some MUAs support it.
Some people, usually those asking a question, ask for a courtesy copy
of the reply. Some prefer not to receive it as they follow the mailing list.
Regards,
-sm
At 05:23 02-07-2008, Starckjohann, Ove wrote:
10.10.10.21 is MY address. It's a smtp-PROXY which passes through
the smtp-connection to EXCHANGE02.
Network tests on the message headers will be ineffective.
Regards,
-sm
,
RCVD_IN_SORBS_DUL autolearn=no version=3.1.8
You can learn it as spam to get a higher score from Bayes. Some
french rules were posted last month. See whether they hit that message.
Regards,
-sm
. If they are doing sender
address verification, it is incorrectly done as the domain of the
sender is spamassassin.apache.org and not the one in the From: header.
Regards,
-sm
that file as
it does not contain any SpamAssassin rules.
Very confusing...just those 2 rulesets...anything I can do to fix them?
Don't use rulesdujour. There hasn't been any updates to those
rulesets since a long time.
Regards,
-sm
. If the score is not too high, you can be
offset it with other rules.
Regards,
-sm
.
Regards,
-sm
verified whether you have that module is installed? if so, is it in
another of the @INC directories?
Regards,
-sm
their software to
include the bug fix.
Regards,
-sm
of trust. It doesn't apply to
trusted. As you pointed out above, that has a different meaning.
Regards,
-sm
of spamming may be a useful metric to judge a host
(witness the effectiveness of DNSBLs), but when discussing SA we
should not use the term trust to refer to that concept.
Agreed.
Regards,
-sm
' -- so that trust is with some grains of 'salt'
Look out for the Green color in the Address bar. :-)
Regards,
-sm
to the MSA to do that. AFAIK, the author of that software
does not agree that the message-id should be added.
Regards,
-sm
of spam originating
from their networks. You might wish to take that into account in
your recommendations.
Regards,
-sm
with the source to correct this issue?
According to your header, there is no reverse DNS for that mail server.
If it is within a part of SpamAssassin, I will gladly submit any
patches that identify/rectify my problem.
The Received headers are parsed in Received.pm.
Regards,
-sm
At 13:23 22-05-2008, Dave Funk wrote:
We require our PC users to authenticate when sending and I had
assumed that would stop viruses/trojans. Am I being naive?
No. But it's only one extra step for malware to capture SMTP
authentication information.
Regards,
-sm
it times out.
Don't use MyISAM.
http://dev.mysql.com/doc/mysql/en/innodb.html
Regards,
-sm
on a lock.
Regards,
-sm
reports for mail originating from
business customers.
Regards,
-sm
SpamAssassin. Each message will be scanned twice if he also has Mimedefang.
Regards,
-sm
if you rely on it to stop spam.
Regards,
-sm
it, or otherwise
remove it.
It was useful as a spam rule before. It no longer is because of myspace.
Regards,
-sm
don't need to call SpamAssassin separately.
How about dkim? Am I missing anything that I can look at?
That's for whitelisting.
Regards,
-sm
is listed.
Regards,
-sm
the copying bit) that I am
missing would anyone like to take the time to explain?
http://wiki.apache.org/spamassassin/RuleUpdates
Regards,
-sm
=4.275 required=2.5
check:
tests=AWL,HTML_MESSAGE,RCVD_IN_PBL,RCVD_IN_SORBS_DUL,URIBL_AB_SURBL,URIBL_BLACK
The message has a score of 4.275 which is about the required score
(2.5). It was detected as spam.
Regards,
-sm
At 12:33 11-04-2008, Igor Chudov wrote:
Hey, this is interesting. I really don't care to process anythng with
score above 10. How can I block it on the sendmail level?
I have sendmail.
Install a milter which interacts with spamd. You can then reject
spam at the SMTP level.
Regards,
-sm
Hello,
[EMAIL PROTECTED] is bouncing messages back to this mailing list
using the email address in the From: header as the Return-Path. The
mailing list software sees it as a loop and bounces the message back
to message poster.
Regards,
-sm
always work.
You can only trust the Received: headers inserted by your mail servers.
Regards,
-sm
filename
The output will show whether the host matches dtdm.tomsk.ru.
Regards,
-sm
possible. You can have
some rules to identify some good and bad messages which are
representative of the userbase.
Regards,
-sm
Funk pointed out, the reverse DNS for 213.183.100.11 points
to dtu.net.tomline.ru.The forward and reverse DNS should
match. You'll have to fix that as well.
Regards,
-sm
of the hostname is because of a CommuniGate Pro configuration
problem or a DNS problem (the host doesn't get the correct answer
when doing a reverse DNS).
Regards,
-sm
Pro Received header format parsed currently.
Neither. It's a feature. Perhaps we need a patch for Received.pm?
Yes. See attached patch.
Post a bug report about the CommuniGate Pro Received header not being
parsed correctly.
Regards,
-sm
communigatercv.diff
Description: Binary data
the
Mail::SpamAssassin::Plugins::SPF plugin if you use the above.
Regards,
-sm
double-quote in the META line. The HTML is
malformed which is why the message appear empty in Eudora's built-in viewer.
At 16:23 04-04-2008, Ed Kasky wrote:
Not real sure but could it have something to do with the boundary?
The boundary is correct.
Regards,
-sm
message (excluding attachments) by most MUAs.
Regards,
-sm
to keeping both versions in one, or allowing me to insert plain
text as well as html in the message. If I could do this, do you think it
would help?
Including the plain text version with the html version only reduces
your score by 0.7. It's one way to get the score reduced.
Regards,
-sm
that I've never seen it used
legitimately.
I've used it. It's a useful feature if you want to get around
message size limits to send attachments. It can also be handy when
there's poor connectivity.
If you have a strict email policy, you might as well drop this content type.
Regards,
-sm
the
tagging. You might also run into problems if the receiving end does
any validation based on the envelope sender.
If your mail server is overwhelmed by bounces, BATV can help to
reduce the load as, unlike SPF, it doesn't rely on the other end
implementing the technology.
Regards,
-sm
are doing above affects the
message body only. There are rules for tests on the headers and
message origin.
Streamling the HTML won't help much if your message contains other
signs, such as images, usually seen in spam.
Regards,
-sm
At 13:51 03-04-2008, Matt wrote:
How do I unsubscribe from here? There are no unsubscribe links at
the bottom of these messages.
The links are in the message headers.
list-help: mailto:[EMAIL PROTECTED]
list-unsubscribe: mailto:[EMAIL PROTECTED]
Regards,
-sm
how to fix things. Remember this is
Brasil, so there may be difficulties in getting things set up
properly. Perhaps someone from there could offer some suggestions?
Could you ask him to send me an email off-list?
Regards,
-sm
by spammers?
Spam messages generally hit the above rules.
The following URL explains how the scores are assigned:
http://wiki.apache.org/spamassassin/HowScoresAreAssigned
You'll find some tips for senders here:
http://wiki.apache.org/spamassassin/AvoidingFpsForSenders
Regards,
-sm
,
-sm
for that code and
assign a negative score for the above. This only works with other
antispam software if they allow the user to customize the
configuration by adding such rules.
Regards,
-sm
mailscanner-4.62.9-3
Mailscanner is using the relays.ordb.org DNSBL. That DNSBL is
returning a positive response for all queries which is why all your
emails are being tagged as Spam. Remove that DNSBL from your
Mailscanner configuration.
Regards,
-sm
:
add_header all Level _STARS(*)_
Subject rewriting will be done even without the X-Spam-Level setting
as it is based on whether the score is above the required_score.
Regards,
-sm
-
scantime=0.1,size=4399,user=me,uid=1005,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=64556,mid=[EMAIL
PROTECTED],autolearn=ham
Mar 25 18:05:06 vinyl sm-mta[914]: m2PH54SR000914: Milter add: header:
X-Spam-Checker-Version: SpamAssassin 3.2.3 (2007-08-08) on myhost
It's up to your milter
.
The startup parameters may be different. Verify what
spamass_milter_flags settings used in rc.conf to start the milter.
Regards,
-sm
At 11:27 22-03-2008, Justin Mason wrote:
what is the URL you think it's missing?
He was referring to the URL that is wrapped into two lines with the
quoted-printable encoding. It is parsed correctly.
Regards,
-sm
may be
wrapper into two lines. At the receiver's end, the message is
decoded and rendered in the MUA to appear on one line. The above
URL would only bypass naive parsers that operate on the raw body.
Regards,
-sm
whether they are being
passed to SpamAssassin.
The message hit BAYES_OO which classified it as ham (non-spam). The
message was also autolearned as ham. Start with a new Bayes db as
the current one has not been trained correctly.
Regards,
-sm
20-03-2008, Agnello George wrote:
SO SORRY!! THIS IS A BIG MISTAKE ON MY BEHALF !!! DIDN'T KNOW IT TOOK
ALL MY ADDRESSES IN MY ADDRESS BOOK!!
THERE IS NOTHING I CAN DO TO REVERSE
You can recall the message. :-)
Regards,
-sm
At 08:44 20-03-2008, Arvid Ephraim Picciani wrote:
wow. i got -1.0 here. you're filtering html agressivly?
That's from ASF.
It's better to whitelist messages from an antispam list given the
nature of the discussion.
Regards,
-sm
At 10:44 20-03-2008, Arvid Ephraim Picciani wrote:
what's ASF?
That's the Apache Software Foundation.
not really. we don't say things like free office 2008 or VIAGRA too
often :D
Yes, we do; see above. :-)
Regards,
-sm
-children) fits in available RAM.
Regards,
-sm
the Received line that is parsed correctly. If it's
a mail server adding the Received line, you could file a bug report.
Regards,
-sm
?
[EMAIL PROTECTED] 1205219837.10611-0.mail.example.com:268
orig-mail.example.com120521983680210609:859
What rules did the message hit? The url is listed in URIBL_GREY.
Regards,
-sm
whether the above timeouts are
what you have in the configuration file (.cf) used by sendmail.
Regards,
-sm
that seemes to describe this 10sec timeout-limit and how to increese it.
The timeout is from your milter. You may be able to configure
timeout if the software has such an option.
Regards,
-sm
your main mail relay came online
they would have retried and delivered it. There would have been NO
DIFFERENCE at all. You didn't need your backup MX relay to proxy
relay the mail to you.
The difference is that you are making assumptions about their retry strategy.
Regards,
-sm
call it a general rule as it can be more of a problem than it is worth.
Regards,
-sm
usage on that server and filtering
load. You can run the reporting on another server. It can be done
hourly by processing the mailbox instead of one message at a
time. That would require some code changes.
Regards,
-sm
error:nouser User unknown
Regards,
-sm
with other filters and I would like
to use spamassassin to check against databases like pyzor and URLBL as well as
others.
http://wiki.apache.org/spamassassin/AdjustRuleScore
Regards,
-sm
and unreachable to others.
Regards,
-sm
verification, then it comes from them.
Time to blacklist google.
The users may complain if you do that.
Regards,
-sm
forgers
everywhere. Without boring you with too many details, it's an
Internet standard
developed in large part at Yahoo! that lets us confirm whether
emails are really from
their claimed domain.
Regards,
-sm
on URI only, you would be blocking Yahoo calendar invites.
What does the spammer want ?
It looks like a work from home scam.
Regards,
-sm
Bayes.
Regards,
-sm
.
Regards,
-sm
.Google turned up several people having the same issue
but no one with a solution. My DSN is right, I have SPF records,
and sign outgoing messages using DomainKeys.
They are deferring connections from your mail servers due to spam or
complaints.
Regards,
-sm
.spamhaus.org doesn't return an answer.
Regards,
-sm
I blocked? Did I piss someone off? Im not blocked because of 'excessive'
use.
It doesn't look like a network issue. It's more like a block.
This is odd. A query to zen.spamhaus.org returned two answers.
Regards,
-sm
including the headers
to a website and post a link.
Regards,
-sm
. As the
proponents said that there are no problems at all, I encourage you to
do it. :-)
Regards,
-sm
/SoughtRules
Regards,
-sm
/spamassassin/SURBL )?
Regards,
-sm
At 15:33 19-02-2008, Andy Dills wrote:
load on your servers. All of the other RBLs that I'm aware of (could be
wrong) are happy to provide data feeds free of charge. To be perfectly
Some RBLs do charge if your organization is doing more than X queries daily.
Regards,
-sm
)
Regards,
-sm
is not
enough to offset such a large positive score. Verify the auto
whitelist and your configuration.
Regards,
-sm
Hello,
At 19:50 13-02-2008, Dale's Stuff wrote:
I would like to see the evidence of any claimed spam or other
inappropriate emails that would cause this domain to be listed as a
banned server.
The domain is listed in a few blacklists. You'll have to contact
them for evidence.
Regards,
-sm
is
Content-Transfer-Encoding: 7bit.
The transfer-encoding conversion may have caused the header problem.
Regards,
-sm
may affect other RBL related network tests as
well. It's better to use a test point at startup and log a warning.
Regards,
-sm
to protect if you don't have a
SMTP server?
Every friend use stmp of own account.
I have to put an antispam between internet and pppoe server.
If you want to prevent spam from leaving your network, you'll need a
SMTP server.
Regards,
-sm
: Incorrect table definition; there can be
only one auto column and it must be defined as a key
What other column is this 'auto column' ?
Your auto_increment column should be the primary key.
I suggest reading about the (MySQL) issues with auto_increment if you
are doing replication.
Regards,
-sm
At 19:31 13-11-2007, Bart Schaefer wrote:
Er, which RFC are you claiming requires them to have a server to receive mail?
It's a BCP quoted by SMTP folks to annoy Web-enabled people. :-)
Regards,
-sm
101 - 200 of 328 matches
Mail list logo