Fixed this by upgrading SA to 3.2.4
I have started, over the last few months, getting a lot of plain text scam
messages (Nigerian type scams, lottery wins etc etc). Previously I had
almost none of these.
Unfortunately I'd need to send rather a lot of information about my configs,
and log files to help, but can anybody point me
Robert S wrote:
I have started, over the last few months, getting a lot of plain text scam
messages (Nigerian type scams, lottery wins etc etc). Previously I had
almost none of these.
Unfortunately I'd need to send rather a lot of information about my configs,
and log files to help, but can
On Fri, 2008-03-07 at 22:41 +1100, Robert S wrote:
I have started, over the last few months, getting a lot of plain text scam
messages (Nigerian type scams, lottery wins etc etc). Previously I had
almost none of these.
Unfortunately I'd need to send rather a lot of information about my
In article [EMAIL PROTECTED], ram
[EMAIL PROTECTED] writes
But ultimately this boils down to end user education.
Recipients must realize that no one from Africa is going to transfer all
the millions of dollars in an unknown account , or there is nothing
called as a national lottery in the united
Have you added the sought rules from
http://taint.org/2007/08/15/004348a.html
With these rules and my custom rules I catch 99% of these
But I keep getting some 2-5 daily complaints yet from customers
I think you're right about the source of these scams. I've installed this
according
Phil, Bill,
Mark, I patched Dns.pm but this didn't resolve the issue for me.
You can test with the sample messages I posted to bugzilla:
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5506
I was getting this sort of symptom without using Botnet.
It's almost as if something's
Mark Martinec wrote the following on 6/15/2007 3:36 AM -0800:
Phil, Bill,
Mark, I patched Dns.pm but this didn't resolve the issue for me.
You can test with the sample messages I posted to bugzilla:
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5506
I was getting this
Bill,
There is now an additional patch at:
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5511
which should fix this.
Mark, thanks for the patches. However, even with both Dns.pm patches
applied, unless I set rbl_timeout to a high enough time interval, SA
still misses the
...a bug pause here...
bug - big
(29 seconds)
Mark Martinec wrote the following on 6/15/2007 10:41 AM -0800:
Bill,
There is now an additional patch at:
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5511
which should fix this.
Mark, thanks for the patches. However, even with both Dns.pm patches
applied, unless I
@spamassassin.apache.org
Subject: Re: These are getting through SA...
Mark, thanks for the patches. However, even with both Dns.pm patches
applied, unless I set rbl_timeout to a high enough time interval, SA
still misses the URIBL test results in the sample messages I posted in
bugzilla 5506.
For example
Randal, Phil wrote the following on 6/15/2007 2:08 PM -0800:
Bill,
The problem is that Botnet uses Net::DNS::Resolver's default retry and
timeout values, which are way too high.
Spamassassin's DnsResolver.pm uses these values:
udp_timeout:3
tcp_timeout:3
retrans:0
retry:1
try
Bill,
Hmmm, once I patched the correct SA version Dns.pm file, Mark's patches
worked fine. However, perhaps my error caused Mark to find a bug, as
noted by his follow-up e-mail, which might have gone undetected
otherwise. :-)
Indeed, thanks! (but there were two other similar reports as
Mark Martinec wrote the following on 6/15/2007 2:34 PM -0800:
So far so good with Mark's patches - although I am awaiting his
follow-up regarding a possible bug...
Not sure I understand this. My fixes make SA more robust when
plugins misbehave. The Botnet problem still causes the mail
On Fri, 2007-06-15 at 22:08 +0100, Randal, Phil wrote:
Bill,
The problem is that Botnet uses Net::DNS::Resolver's default retry and
timeout values, which are way too high.
Spamassassin's DnsResolver.pm uses these values:
udp_timeout:3
tcp_timeout:3
retrans:0
retry:1
And a
Bill Landry wrote:
Also, I'm not sure if John Rudd is still supporting Botnet or not, since
I have sent him 3 e-mails to the address listed in Botnet.pm off-list
over the past week about this, and asked him if he would consider adding
user configurable timeout values, but have not received
John Rudd wrote:
Bill Landry wrote:
Also, I'm not sure if John Rudd is still supporting Botnet or not,
since I have sent him 3 e-mails to the address listed in Botnet.pm
off-list over the past week about this, and asked him if he would
consider adding user configurable timeout values, but
John Rudd wrote the following on 6/15/2007 3:00 PM -0800:
Bill Landry wrote:
Also, I'm not sure if John Rudd is still supporting Botnet or not,
since I have sent him 3 e-mails to the address listed in Botnet.pm
off-list over the past week about this, and asked him if he would
consider
Daniel J McDonald wrote the following on 6/15/2007 2:54 PM -0800:
On Fri, 2007-06-15 at 22:08 +0100, Randal, Phil wrote:
Bill,
The problem is that Botnet uses Net::DNS::Resolver's default retry and
timeout values, which are way too high.
Spamassassin's DnsResolver.pm uses these values:
On Fri, 2007-06-15 at 15:27 -0700, Bill Landry wrote:
Daniel J McDonald wrote the following on 6/15/2007 2:54 PM -0800:
On Fri, 2007-06-15 at 22:08 +0100, Randal, Phil wrote:
And a few others... Might as well be completely consistent. Try this
patch:
--- Botnet.pm.orig 2007-06-15
Daniel J McDonald wrote the following on 6/15/2007 3:37 PM -0800:
On Fri, 2007-06-15 at 15:27 -0700, Bill Landry wrote:
Daniel J McDonald wrote the following on 6/15/2007 2:54 PM -0800:
On Fri, 2007-06-15 at 22:08 +0100, Randal, Phil wrote:
And a few others... Might as well be
-Original Message-
From: Bill Landry [mailto:[EMAIL PROTECTED]
Sent: 12 June 2007 23:30
To: users@spamassassin.apache.org
Subject: Re: These are getting through SA...
Mark Martinec wrote the following on 6/12/2007 3:05 PM -0800:
Bill,
Mark, just curious if you are running Botnet
Phil,
What happens if Botnet is patched to use Mail::SpamAssassin::DnsResolver
instead of Net::DNS::Resolver?
I'm musuing about Net::DNS::Resolver's default timeouts and retries...
Phil (probably barking up the wrong tree)
It would do good if Botnet would impose a time limit on its DNS
Luis,
I don't have any URIBL rules firing up (SA 3.2.0 from source here,
most of the other relevant info is in the header of the mail I sent
before to test). Where did you get them?
[...]
But the main difference between the live run and the ones I did with
SA by itself (both as root and as
Well, I dint't have rbl_timeout set, but after your mail, I did. The
DNSs I have set in resolv.conf are mine, they both cache and work as
internal and external resolvers. But the UNLP NOC got screwed in the
last days, so setting the timeout a little higher wont't hurt. Thanks
for the suggestion.
Luis,
Namely with 22 RBL results coming back, the last one
(which was the crucial URIBL test) had a timeout of 0
and was ignored even though dns result did arrive.
Moreover, there is a bug in Mail::SpamAssassin::Dns, where
a late-spawned URIBL queries (which only start after Razor,
Mark Martinec wrote the following on 6/12/2007 3:53 AM -0800:
Luis,
I don't have any URIBL rules firing up (SA 3.2.0 from source here,
most of the other relevant info is in the header of the mail I sent
before to test). Where did you get them?
[...]
But the main difference between the live
-Original Message-
From: Mark Martinec [mailto:[EMAIL PROTECTED]
Sent: 12 June 2007 17:20
To: users@spamassassin.apache.org
Subject: Re: These are getting through SA...
Luis,
Namely with 22 RBL results coming back, the last one
(which was the crucial URIBL test) had a timeout of 0
Bill,
Mark, just curious if you are running Botnet? I found that some
messages cause the Botnet RDNS test to timeout after hanging for about
30 seconds, and then network test randomly fail (primarily URIBL
tests). I found that if I disable Botnet, then all network tests will
run fine on
: Re: These are getting through SA...
Mark, just curious if you are running Botnet? I found that some
messages cause the Botnet RDNS test to timeout after hanging for about
30 seconds, and then network test randomly fail (primarily URIBL
tests). I found that if I disable Botnet, then all
Mark Martinec wrote the following on 6/12/2007 3:05 PM -0800:
Bill,
Mark, just curious if you are running Botnet? I found that some
messages cause the Botnet RDNS test to timeout after hanging for about
30 seconds, and then network test randomly fail (primarily URIBL
tests). I found that
Bill,
Mark, I patched Dns.pm but this didn't resolve the issue for me.
You can test with the sample messages I posted to bugzilla:
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5506
Yes, it is the same problem as I describe in
Hi!
They aren't scoring very much here...
Return-Path: [EMAIL PROTECTED]
X-Original-To: [EMAIL PROTECTED]
Delivered-To: [EMAIL PROTECTED]@domain.com
Received: from localhost (localhost [127.0.0.1])
by nahuel.biol.unlp.edu.ar (Postfix) with ESMTP id 660BE7B1FE;
Fri, 8 Jun 2007
Luis Hernán Otegui schrieb:
Hi, could somebody run this mail trough SA and give me the scores?
They aren't scoring very much here...
Hi, your mailing probably broke half of the email so these scores are
only an estimate - if you want me to try again attach the mail as a raw
text (or .eml as
Hi, Raymond, I don't have any URIBL rules firing up (SA 3.2.0 from
source here, most of the other relevant info is in the header of the
mail I sent before to test). Where did you get them?
Thanks,
Luis
2007/6/8, Raymond Dijkxhoorn [EMAIL PROTECTED]:
Hi!
They aren't scoring very much
Luis Hernán Otegui wrote:
Hi, Raymond, I don't have any URIBL rules firing up (SA 3.2.0 from
source here, most of the other relevant info is in the header of the
mail I sent before to test). Where did you get them?
Run sa-update to get URIBL_BLACK and URIBL_GREY.
Daryl
Hi!
Hi, Raymond, I don't have any URIBL rules firing up (SA 3.2.0 from
source here, most of the other relevant info is in the header of the
mail I sent before to test). Where did you get them?
X-Prolocation-MailScanner-SpamCheck: spam, SpamAssassin (not cached,
score=14.999, required 5,
Well, right now I'm running these commands to get updates:
sa-update --gpgkey GPGKEY --channel saupdates.openprotect.com
sa-update --gpgkey GPGKEY --channel updates.spamassassin.org
sa-update doesn't download URIBL_BLACK and URIBL_GREY
What am I doing wrong?
Luis
2007/6/8, Daryl C. W.
X-Spam-Status: No, score=3.964 tagged_above=-100 required=5
tests=[BAYES_99=3.5, HTML_30_40=0.463, HTML_MESSAGE=0.001]
To me, it looks like enough tokens were seen to flag it as BAYES_99, but
that the host and IP it came from didn't trigger any RBL hits, which
left your point score well
If you've got the current update from updates.spamassassin.org you've
got a working set of rules for URIBL_BLACK and URIBL_GREY. It turns out
that they didn't hit for Raymond either, so you won't see them in this case.
Daryl
Luis Hernán Otegui wrote:
Well, right now I'm running these
OK, i?ve been googlin' around, and it seems like an issue between
Amavis (or MailScanner, for waht I've found) and some unsupported
versions of Net::DNS, because when I run the message through SA by
itself, this comes out:
Content analysis details: (9.7 points, 5.0 required)
pts rule name
Daryl C. W. O'Shea wrote the following on 6/8/2007 2:41 PM -0800:
If you've got the current update from updates.spamassassin.org you've
got a working set of rules for URIBL_BLACK and URIBL_GREY. It turns
out that they didn't hit for Raymond either, so you won't see them in
this case.
Daryl
On Fri, 2007-06-08 at 18:46 -0300, Luis Hernán Otegui wrote:
OK, i?ve been googlin' around, and it seems like an issue between
Amavis (or MailScanner, for waht I've found) and some unsupported
versions of Net::DNS, because when I run the message through SA by
itself, this comes out:
Whatever
What I copied and pasted into my message was the original spammy
message (the source of it) as IMP showed it. The posterior ALL_TRUSTED
occured because it has already been scanned and tagged by my servers.
But the main difference between the live run and the ones I did with
SA by itself (both as
REMOVED_BY_THE_EXCHANGE_CONTENT_SCANNING_SERVICE_5CAE6CF4_4927_EThe
original message content contained a virus or was blocked due to
blocking rules and has been removed.
46 matches
Mail list logo