Re: Help with RegEx Rule

On 10/9/2015 12:07 AM, AK wrote: On 20/09/15 03:07, Dave Funk wrote: Notes: 1) Due to SA pre-processing collapsing body into one long line, cannot match on '^' repeatedly, need to look for '\n' as line break indicator. Find start of a line and then following repeats of ".\n" Dave, I've

Re: Help with RegEx Rule

On Fri, 9 Oct 2015, AK wrote: On 20/09/15 03:07, Dave Funk wrote: Notes: 1) Due to SA pre-processing collapsing body into one long line, cannot match on '^' repeatedly, need to look for '\n' as line break indicator. Find start of a line and then following repeats of ".\n" Dave, I've

Re: Help with RegEx Rule

On 20/09/15 03:07, Dave Funk wrote: Notes: 1) Due to SA pre-processing collapsing body into one long line, cannot match on '^' repeatedly, need to look for '\n' as line break indicator. Find start of a line and then following repeats of ".\n" Dave, I need to see the mail message as

Re: Help with RegEx Rule

On 20/09/15 03:07, Dave Funk wrote: Notes: 1) Due to SA pre-processing collapsing body into one long line, cannot match on '^' repeatedly, need to look for '\n' as line break indicator. Find start of a line and then following repeats of ".\n" Dave, I've been creating my own regular

Re: Help with RegEx Rule

On 10/9/2015 12:07 AM, AK wrote: On 20/09/15 03:07, Dave Funk wrote: Notes: 1) Due to SA pre-processing collapsing body into one long line, cannot match on '^' repeatedly, need to look for '\n' as line break indicator. Find start of a line and then following repeats of ".\n" Dave, I've

Re: Help with RegEx Rule

On 09/10/15 15:10, Kevin A. McGrail wrote: Perhaps you'll have more luck looking at the debug output from SA itself? Something like spamassassin -t -D < email.mbox 2>&1 | grep -i RULE Nope, no luck there either; did not see mention of my rule (though it's located inside

Re: Rule Help

At 03:31 PM 9/26/2015, jdow wrote: On 2015-09-26 07:12, RW wrote: On Fri, 25 Sep 2015 10:28:42 -0400 Dianne Skoll wrote: On Fri, 25 Sep 2015 14:21:50 + Dave wrote: I am trying to create a rule that scores TLD's in received headers if they are not certain TLD's. What I

Re: Rule Help

At 03:31 PM 9/26/2015, jdow wrote: On 2015-09-26 07:12, RW wrote: On Fri, 25 Sep 2015 10:28:42 -0400 Dianne Skoll wrote: On Fri, 25 Sep 2015 14:21:50 + Dave wrote: I am trying to create a rule that scores TLD's in received headers if they are not certain TLD's. What I

Re: Rule Help

On Fri, 25 Sep 2015 10:28:42 -0400 Dianne Skoll wrote: > On Fri, 25 Sep 2015 14:21:50 + > Dave wrote: > > > I am trying to create a rule that scores TLD's in received headers > > if they are not certain TLD's. What I have so far: > > Your logic is wrong. And you can do

Re: Rule Help

On 2015-09-26 07:12, RW wrote: On Fri, 25 Sep 2015 10:28:42 -0400 Dianne Skoll wrote: On Fri, 25 Sep 2015 14:21:50 + Dave wrote: I am trying to create a rule that scores TLD's in received headers if they are not certain TLD's. What I have so far: Your logic is wrong.

Re: Rule Help

On 9/25/2015 10:28 AM, Dianne Skoll wrote: On Fri, 25 Sep 2015 14:21:50 + Dave wrote: I am trying to create a rule that scores TLD's in received headers if they are not certain TLD's. What I have so far: Your logic is wrong. And you can do it all with one regex:

Rule Help

b/I || Received !~ /\.net\b/I || Received !~ /\.org\b/I || Received !~ /\.edu\b/I || Received !~ /\.uk\b/I describe GC_TLD Not common TLD score GC_TLD 2 Can someone help me out or point me in the right direction? Thanks, Dave Grolen Communications da...@grolen.com<mailto:da...@grolen.com

Re: Rule Help

On Fri, 25 Sep 2015 14:21:50 + Dave wrote: > I am trying to create a rule that scores TLD's in received headers if > they are not certain TLD's. What I have so far: Your logic is wrong. And you can do it all with one regex: header GC_TLD_COM Received

Re: Help with RegEx Rule

to my local wiki. You are right - posting here will most likely help them change this one, but just this once as you've now taught me to fish - I'm a beggar no more! Cheers, ak.

Help with RegEx Rule

ALL =~ /(^\.\n){5,}/ meta MANY_PERIODS __MANY_PERIODS_1 score MANY_PERIODS 2.0 describe MANY_PERIODS JUNK mail with several lines that contain single dot = End Rule Block = = Begin Test Command = spamassassin -L -t test.msg = End Test Command = Please help me understand

Re: Help with RegEx Rule

On September 19, 2015 4:52:30 PM AK wrote: = Start Rule Block = rawbody __MANY_PERIODS_1 ALL =~ /(^\.\n){5,}/ remove ALL =~, my own rawbody rules dont have it

Re: Help with RegEx Rule

Command = Please help me understand what I'm doing wrong as this is my first attempt at creating a rule. Previously I've just copied and pasted what I've found here in the forums, but this time I'm trying to do it myself but failing. There are multiple issues... 0. I have no basis

Re: Help with RegEx Rule

Hello If you using compiled rules you probably should use: sa-compile command and restart (if use :) sa-spamd Best Regards.

Re: Help with RegEx Rule

On 20/09/15 01:30, Benny Pedersen wrote: On September 19, 2015 4:52:30 PM AK wrote: = Start Rule Block = rawbody __MANY_PERIODS_1 ALL =~ /(^\.\n){5,}/ remove ALL =~, my own rawbody rules dont have it Still no joy after removal. However, at least the rule

Re: Help with RegEx Rule

= Please help me understand what I'm doing wrong as this is my first attempt at creating a rule. Previously I've just copied and pasted what I've found here in the forums, but this time I'm trying to do it myself but failing. Regards, ak. SA does some interesting pre-processing on mail

Re: Help with RegEx Rule

On Sun, 20 Sep 2015, AK wrote: [..snip..] Still no joy after removal. However, at least the rule now hits if I replace: /(^\.\n){5,}/ with /(^\.\n)*/ But that looks like it might bring about some FPs. Any other suggestions? Do you realize that rule will -always- fire on -any- message?

Re: Barracuda / EmailReg.org protection racket? (OT, but help?)

On 6/27/2015 4:02 AM, Noel Butler wrote: Although what you describe is a workaround, the key is to keep your house in order so you don't get listed, especially if you have not actually fixed up the problem, Oh Noel, why are you giving me fish in a barrel to shoot? OK, now that you put your

Re: Barracuda / EmailReg.org protection racket? (OT, but help?)

Ted, there is one ISP who insisted on blocking all emails sent from my system because the internal network is odd. It's not localhost.localdomain or whatever it was they were looking for. And it appears on my email headers. They decided wizardess.wiz is an illegal domain so the email from it

Re: Barracuda / EmailReg.org protection racket? (OT, but help?)

On 6/29/2015 1:37 PM, jdow wrote: Ted, there is one ISP who insisted on blocking all emails sent from my system because the internal network is odd. It's not localhost.localdomain or whatever it was they were looking for. And it appears on my email headers. They decided wizardess.wiz is an

Re: Barracuda / EmailReg.org protection racket? (OT, but help?)

Although what you describe is a workaround, the key is to keep your house in order so you don't get listed, especially if you have not actually fixed up the problem, DNBSBL's are just like local sys admins, they get tired of adding in /32's after /32's for the same @$#holes, thats when the

Re: Barracuda / EmailReg.org protection racket? (OT, but help?)

Heh Heh Heh Heh Heh Since you and Charles have obviously never done this before why do you feel qualified to comment? Go ahead and not do this based on these logic castles you have built that are not founded on any experience of reality. Your customers will be suffering for a few days while

Re: Barracuda / EmailReg.org protection racket? (OT, but help?)

Am 26.06.2015 um 18:43 schrieb Ted Mittelstaedt: Heh Heh Heh Heh Heh Since you and Charles have obviously never done this before why do you feel qualified to comment? *lol* Go ahead and not do this based on these logic castles you have built that are not founded on any experience of

Re: TextCat - Language help

On Wed, Jun 24, 2015 at 07:37:28PM -0400, Charles Sprickman wrote: On Jun 22, 2015, at 5:21 PM, Marc Selig a29508-spamassas...@sedacon.com wrote: On Mon, Jun 22, 2015 at 05:09:45PM -0400, Charles Sprickman wrote: Are there any other options for filtering based on language, or any known

Re: TextCat - Language help

Henrik K h...@hege.li wrote: On Thu, Jun 25, 2015 at 09:37:44AM +0300, Henrik K wrote: On Wed, Jun 24, 2015 at 07:37:28PM -0400, Charles Sprickman wrote: On Jun 22, 2015, at 5:21 PM, Marc Selig a29508-spamassas...@sedacon.com wrote: On Mon, Jun 22, 2015 at 05:09:45PM -0400, Charles

Re: TextCat - Language help

On Thu, Jun 25, 2015 at 09:37:44AM +0300, Henrik K wrote: On Wed, Jun 24, 2015 at 07:37:28PM -0400, Charles Sprickman wrote: On Jun 22, 2015, at 5:21 PM, Marc Selig a29508-spamassas...@sedacon.com wrote: On Mon, Jun 22, 2015 at 05:09:45PM -0400, Charles Sprickman wrote: Are

Re: TextCat - Language help

On Jun 22, 2015, at 5:21 PM, Marc Selig a29508-spamassas...@sedacon.com wrote: On Mon, Jun 22, 2015 at 05:09:45PM -0400, Charles Sprickman wrote: Are there any other options for filtering based on language, or any known patches/fixes for TextCat to make it a bit less aggressive when it runs

Re: Barracuda / EmailReg.org protection racket? (OT, but help?)

for unusual mail volume across all services/clients. Having an emergency MTA in my SPF records that I can relay to (or just bring up as another address on the existing server) would definitely help as long as the netblock isn't listed... getting a spare address on a different network would

Re: Barracuda / EmailReg.org protection racket? (OT, but help?)

Am 23.06.2015 um 14:57 schrieb Jered Floyd: The form does seem to have worked, and I'm not currently on the BRBL, although this morning I got bounces from a Barracuda customer for a very benign message with rejected due to spam content, so who knows. I wish there was better visibility into

Re: Barracuda / EmailReg.org protection racket? (OT, but help?)

The form does seem to have worked, and I'm not currently on the BRBL, although this morning I got bounces from a Barracuda customer for a very benign message with rejected due to spam content, so who knows. I wish there was better visibility into the process. then it was not blocked

Re: Barracuda / EmailReg.org protection racket? (OT, but help?)

Am 23.06.2015 um 14:47 schrieb Jered Floyd: The form does seem to have worked, and I'm not currently on the BRBL, although this morning I got bounces from a Barracuda customer for a very benign message with rejected due to spam content, so who knows. I wish there was better visibility into

Re: Barracuda / EmailReg.org protection racket? (OT, but help?)

Am 23.06.2015 um 21:28 schrieb Charles Sprickman: One thing to keep in mind is that you may need to rotate your spare IPs in now and then. Others can correct me, but my understanding is that all the major email providers are going to treat an IP that regularly sends email to them very

Re: Barracuda / EmailReg.org protection racket? (OT, but help?)

/clients. Having an emergency MTA in my SPF records that I can relay to (or just bring up as another address on the existing server) would definitely help as long as the netblock isn't listed... getting a spare address on a different network would be useful, but I'm not sure how hard

Re: Help me waste spammers resources

supp...@junkemailfilter.com Sent: Friday, June 19, 2015 3:41 PM To: users@spamassassin.apache.org Subject: Help me waste spammers resources I found a great trick for wasting spammer's resources and getting them blacklisted that I'd like to share will all of you. On my main spam filtering servers I

TextCat - Language help

I’m looking to get some more information on how reliable TextCat can be considered at this point. We are running 3.4.0, and have enabled TextCat with some more aggressive scoring a few month ago based on user requests. For the most part, people are very happy with this, we had some very bizarre

Re: TextCat - Language help

On Mon, Jun 22, 2015 at 05:09:45PM -0400, Charles Sprickman wrote: Are there any other options for filtering based on language, or any known patches/fixes for TextCat to make it a bit less aggressive when it runs across gibberish that is probably not any particular language? You could tinker

Re: Help me waste spammers resources

What if I am already using mxbackup1.junkemailfilter.com? From: Marc Perkel Sent: Friday, June 19, 2015 2:41 PM To: users@spamassassin.apache.org Subject: Help me waste spammers resources I found a great trick for wasting spammer's resources and getting them blacklisted that I'd like

Re: Barracuda / EmailReg.org protection racket? (OT, but help?)

Hi Jered, I'm not a Barracuda customer myself I can only report my own interaction with them. I run several public mailservers. 1) I don't run public mailing lists and if I ever was going to do that I would run them on a separate server with a separate IP address 2) I don't run my webserver

Re: Barracuda / EmailReg.org protection racket? (OT, but help?)

Am 21.06.2015 um 18:58 schrieb Antony Stone: On Sunday 21 June 2015 at 17:22:58 (EU time), Jim Popovitch wrote: I appear to be getting a shakedown scam from Barracuda Networks. You are not being shaken down, but you might be slandering. ;-) I'm fairly certain that BN isn't making much

Re: Barracuda / EmailReg.org protection racket? (OT, but help?)

I appear to be getting a shakedown scam from Barracuda Networks. You are not being shaken down, but you might be slandering. ;-) I'm fairly certain that BN isn't making much profit off of your $20. What they are getting is your commitment, and your ID, that one or more IP addrs under your

Re: Barracuda / EmailReg.org protection racket? (OT, but help?)

On Sunday 21 June 2015 at 17:22:58 (EU time), Jim Popovitch wrote: I appear to be getting a shakedown scam from Barracuda Networks. You are not being shaken down, but you might be slandering. ;-) I'm fairly certain that BN isn't making much profit off of your $20. What they are getting

Re: Barracuda / EmailReg.org protection racket? (OT, but help?)

Richard, The BRBL may have listed the entire /24 that includes your sending IPs. Painful experience has shown that Barracuda won't hear your requests for delisting, and the listing may never go away. I believe you've got it in one. I heard back from a colleague on the same /24 (though not

Re: Barracuda / EmailReg.org protection racket? (OT, but help?)

Am 21.06.2015 um 17:00 schrieb Jeroen de Neef: I wonder what their justification is for doing this. the questoon is how many addtional IP's on the /24 where in fact sending spam, see http://www.spamhaus.org/faq/section/Glossary#233 2015-06-21 16:33 GMT+02:00 Jered Floyd

Re: Barracuda / EmailReg.org protection racket? (OT, but help?)

I wonder what their justification is for doing this. 2015-06-21 16:33 GMT+02:00 Jered Floyd je...@convivian.com: Richard, The BRBL may have listed the entire /24 that includes your sending IPs. Painful experience has shown that Barracuda won't hear your requests for delisting, and the

Re: Barracuda / EmailReg.org protection racket? (OT, but help?)

On Sun, 21 Jun 2015 22:55:41 +0200 Reindl Harald h.rei...@thelounge.net wrote: the question is *how* is that de-listing managed and how do you manage i will take care in the future and if that's not true because de-listing is just a click how easy is it for spammers to not realy care I

Re: Barracuda / EmailReg.org protection racket? (OT, but help?)

On Sun, Jun 21, 2015 at 4:52 PM, Dianne Skoll d...@roaringpenguin.com wrote: On Sun, 21 Jun 2015 16:26:54 -0400 Jim Popovitch jim...@gmail.com wrote: On Sun, Jun 21, 2015 at 4:22 PM, Dianne Skoll you should not have to pay for delisting one IP. and with BN you are NOT paying for a

Re: Barracuda / EmailReg.org protection racket? (OT, but help?)

Am 21.06.2015 um 23:50 schrieb Jered Floyd: There is a murky relationship between Barracuda and EmailReg. It's awfully suspicious that signing up on whitelist X clears you from unrelated blacklist Y. So, it may not be paying to delist one IP in framing, but in action it seems to be pretty

Re: Barracuda / EmailReg.org protection racket? (OT, but help?)

On 21 Jun 2015, at 10:33, Jered Floyd wrote: Richard, The BRBL may have listed the entire /24 that includes your sending IPs. Painful experience has shown that Barracuda won't hear your requests for delisting, and the listing may never go away. I believe you've got it in one. I heard

Re: Barracuda / EmailReg.org protection racket? (OT, but help?)

On Sunday 21 June 2015 at 19:23:58 (EU time), Reindl Harald wrote: spammers don't invest money, never Ah, my bad understanding - I followed the link you posted earlier http://www.spamhaus.org/faq/section/Glossary#233 which pointed me to http://www.spamhaus.org/news/article/641?article=641

Re: Barracuda / EmailReg.org protection racket? (OT, but help?)

On Sun, Jun 21, 2015 at 4:22 PM, Dianne Skoll d...@roaringpenguin.com wrote: you should not have to pay for delisting one IP. and with BN you are NOT paying for a delisting.You are paying for the upfront ID validation and verification process that goes into fast-tracking your email flow.

Re: Barracuda / EmailReg.org protection racket? (OT, but help?)

Am 21.06.2015 um 20:52 schrieb Antony Stone: On Sunday 21 June 2015 at 19:23:58 (EU time), Reindl Harald wrote: spammers don't invest money, never Ah, my bad understanding - I followed the link you posted earlier http://www.spamhaus.org/faq/section/Glossary#233 which pointed me to

Re: Barracuda / EmailReg.org protection racket? (OT, but help?)

Am 21.06.2015 um 22:22 schrieb Dianne Skoll: On Sun, 21 Jun 2015 19:23:58 +0200 Reindl Harald h.rei...@thelounge.net wrote: spammers don't invest money, never Of course not. They pay using a stolen credit card. I don't approve of Barracuda's behaviour. If they're blocking /24s because

Re: Barracuda / EmailReg.org protection racket? (OT, but help?)

On Sun, 21 Jun 2015 16:26:54 -0400 Jim Popovitch jim...@gmail.com wrote: On Sun, Jun 21, 2015 at 4:22 PM, Dianne Skoll you should not have to pay for delisting one IP. and with BN you are NOT paying for a delisting. You are splitting hairs. Essentially, you are paying for delisting. We run

Re: Barracuda / EmailReg.org protection racket? (OT, but help?)

On Sun, 21 Jun 2015 19:23:58 +0200 Reindl Harald h.rei...@thelounge.net wrote: spammers don't invest money, never Of course not. They pay using a stolen credit card. I don't approve of Barracuda's behaviour. If they're blocking /24s because of some bad machines, you should not have to pay

Re: Barracuda / EmailReg.org protection racket? (OT, but help?)

On Sun Jun 21 16:22:26 2015, Dianne Skoll wrote: I don't approve of Barracuda's behaviour. If they're blocking /24s because of some bad machines, you should not have to pay for delisting one IP. If they can prove that your specific IP was responsible for a spam run, then it's legit to charge

Re: Barracuda / EmailReg.org protection racket? (OT, but help?)

Am 21.06.2015 um 22:52 schrieb Dianne Skoll: On Sun, 21 Jun 2015 16:26:54 -0400 Jim Popovitch jim...@gmail.com wrote: On Sun, Jun 21, 2015 at 4:22 PM, Dianne Skoll you should not have to pay for delisting one IP. and with BN you are NOT paying for a delisting. You are splitting hairs.

Re: Barracuda / EmailReg.org protection racket? (OT, but help?)

EmailReg.org operates a whitelist, so you pay to get listed there. The site doesn't say much at all about what sort of verification or later delisting for spam they might do. However, they are promoted directly on the Sorry, your email was blocked page for Barracuda Reputation, and the page

Re: Help me waste spammers resources

On Fri, 19 Jun 2015 21:06:17 + David Jones wrote: From: Marc Perkel supp...@junkemailfilter.com Sent: Friday, June 19, 2015 3:41 PM To: users@spamassassin.apache.org Subject: Help me waste spammers resources I found a great trick for wasting spammer's resources and getting them

Re: Help me waste spammers resources

On 19.06.2015 22:41, Marc Perkel wrote: I found a great trick for wasting spammer's resources and getting them blacklisted that I'd like to share will all of you. https://en.wikipedia.org/wiki/Tarpit_%28networking%29 Wasn't this last decade's FUSSP ? Also see

Re: Barracuda / EmailReg.org protection racket? (OT, but help?)

Harald, no you don't understand how a Barracuda appliance works emailreg.org is a whitelist like the ones spamassassin is using in case of a barracuda appliance it overrides the RBL It's a whitelist that appears to be based solely on paying Barracuda a fee. That doesn't sound like a

Re: Barracuda / EmailReg.org protection racket? (OT, but help?)

On 06/20/2015 08:38 AM, Jered Floyd wrote: Hello SA-users, I have a question on the other side of things: outgoing mail. I know this is off-topic but this seems to the only venue where there might be knowledge of the problem, and the offender is a spamassassin customer. (I operate an MTA

Re: Help me waste spammers resources

On Sat, 20 Jun 2015, Axb wrote: On 19.06.2015 22:41, Marc Perkel wrote: I found a great trick for wasting spammer's resources and getting them blacklisted that I'd like to share will all of you. https://en.wikipedia.org/wiki/Tarpit_%28networking%29 Wasn't this last decade's FUSSP ? Also

Re: Barracuda / EmailReg.org protection racket? (OT, but help?)

Am 20.06.2015 um 17:38 schrieb Jered Floyd: A small number of recipients have been getting bounce-unsubscribed a community mailing list that I administer. The most recent bounces say that this blocked using Barracuda Reputation; http://www.barracudanetworks.com/reputation/; Visiting that

Barracuda / EmailReg.org protection racket? (OT, but help?)

Hello SA-users, I have a question on the other side of things: outgoing mail. I know this is off-topic but this seems to the only venue where there might be knowledge of the problem, and the offender is a spamassassin customer. (I operate an MTA host on which I run SpamAssassin -- it works

Re: Barracuda / EmailReg.org protection racket? (OT, but help?)

Am 20.06.2015 um 17:49 schrieb Jered Floyd: Harald, no you don't understand how a Barracuda appliance works emailreg.org is a whitelist like the ones spamassassin is using in case of a barracuda appliance it overrides the RBL It's a whitelist that appears to be based solely on paying

Re: Barracuda / EmailReg.org protection racket? (OT, but help?)

On 21/06/2015 01:38, Jered Floyd wrote: I appear to be getting a shakedown scam from Barracuda Networks. They seem to be getting out of the anti-spam and into the protection racket business. A small number of recipients have been getting bounce-unsubscribed a community mailing list

Re: Barracuda / EmailReg.org protection racket? (OT, but help?)

On 21/06/2015 01:49, Jered Floyd wrote: Harald, no you don't understand how a Barracuda appliance works emailreg.org is a whitelist like the ones spamassassin is using in case of a barracuda appliance it overrides the RBL It's a whitelist that appears to be based solely on paying

Re: Barracuda / EmailReg.org protection racket? (OT, but help?)

On 21/06/2015 02:16, Richard Doyle wrote: On 06/20/2015 08:38 AM, Jered Floyd wrote: Hello SA-users, I have a question on the other side of things: outgoing mail. I know this is off-topic but this seems to the only venue where there might be knowledge of the problem, and the

Help me waste spammers resources

. Just last week on my main good email processing server I accepted 37,232,709 spams. So - this works. I encourage others to do the same thing. Or - you can just help me do it. If you have domains you are filtering just add this as your highers numbered MX record

Re: Help me waste spammers resources

From: Marc Perkel supp...@junkemailfilter.com Sent: Friday, June 19, 2015 3:41 PM To: users@spamassassin.apache.org Subject: Help me waste spammers resources I found a great trick for wasting spammer's resources and getting them blacklisted that I'd like to share will all of you. On my main spam

Re: Help me waste spammers resources

Marc Perkel wrote: If you have domains you are filtering just add this as your highers numbered MX record. As long as this isn't for any valid domains. Don't add the honeypot to a valid domain's MX because valid senders may get trapped otherwise. For example if I were to add your tarpit to my

Please Help for a rules ?

Hi i want create a rules for filters : i want add 100 in score at all email that have: Invoice or Facture in core AND a .DOC file attachment it's possible ? thanks Olivieir

Re: Please Help for a rules ?

On 19.06.2015 09:14, Olivier CALVANO wrote: Hi i want create a rules for filters : i want add 100 in score at all email that have: Invoice or Facture in core AND a .DOC file attachment it's possible ? yes, it's possible Requires a header rule for the Subject string and a mimeheader rule

Re: Help with today's (and previous) spam uptick?

On 04/02/2015 02:18 AM, Larry Rosenman wrote: # Last update: 2015-02-21-axb COMMIT/trunk/lib/Mail/SpamAssassin/Util/RegistrarBoundaries.pm Committed revision 1670891. # Last update: 2015-04-02-axb-Easter-Update

Re: Help with today's (and previous) spam uptick?

On 2015-04-02 09:55, @lbutlr wrote: On Apr 1, 2015, at 6:15 PM, Kevin A. McGrail kmcgr...@pccc.com wrote: The RegistrarBoundaries.pm for new TLDs is hard coded How would I check this for a ports version of SA? I am also getting heavily spammed from new .tlds (.work is the main offender for

Re: Help with today's (and previous) spam uptick?

On Apr 1, 2015, at 6:15 PM, Kevin A. McGrail kmcgr...@pccc.com wrote: The RegistrarBoundaries.pm for new TLDs is hard coded How would I check this for a ports version of SA? I am also getting heavily spammed from new .tlds (.work is the main offender for me). I have

Re: Help with today's (and previous) spam uptick?

On 4/1/2015 8:34 PM, Larry Rosenman wrote: BTW, is my every 6 hour pull of KAM.cf kosher with you? Should be fine. If we see an issues, we have other servers we can move it to that can handle more load.

Re: Help with today's (and previous) spam uptick?

On 4/2/2015 10:55 AM, @lbutlr wrote: On Apr 1, 2015, at 6:15 PM, Kevin A. McGrail kmcgr...@pccc.com wrote: The RegistrarBoundaries.pm for new TLDs is hard coded How would I check this for a ports version of SA? I am also getting heavily spammed from new .tlds (.work is the main offender for

RE: Help with today's (and previous) spam uptick?

Kevin Miller skrev den 2015-04-02 02:27: header CBJ_SCIENCE From =~ /\.in\b/i header CBJ_SCIENCE From:addr =~ /\.in\b/i to avoid in name describe CBJ_SCIENCE In science TLD scoreCBJ_ SCIENCE 5.0 scoreCBJ_SCIENCE 5.0 5.0 5.0 5.0

Re: Help with today's (and previous) spam uptick?

On 2015-04-01 19:23, Kevin A. McGrail wrote: On 4/1/2015 8:21 PM, Larry Rosenman wrote: Is there an ETA for 3.4.1? And, is there anything else I can do mean time? 3.4.1 is planned to announce for release during ApacheCon in about 2 weeks. 1 - Make sure you are using the new Registrar

Re: Help with today's (and previous) spam uptick?

On 2015-04-01 19:23, Kevin A. McGrail wrote: On 4/1/2015 8:21 PM, Larry Rosenman wrote: Is there an ETA for 3.4.1? And, is there anything else I can do mean time? 3.4.1 is planned to announce for release during ApacheCon in about 2 weeks. 1 - Make sure you are using the new Registrar

RE: Help with today's (and previous) spam uptick?

To: SpamAssassin Subject: Help with today's (and previous) spam uptick? I've been getting pounded with stuff from new tld's (cricket, science, work, et al). I'm wondering how to make SA more immune to it. Spamples: http://pastebin.com/jc3efYju Thanks! -- Larry Rosenman

Help with today's (and previous) spam uptick?

I've been getting pounded with stuff from new tld's (cricket, science, work, et al). I'm wondering how to make SA more immune to it. Spamples: http://pastebin.com/jc3efYju Thanks! -- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 214-642-9640 E-Mail:

Re: Help with today's (and previous) spam uptick?

On 4/1/2015 8:21 PM, Larry Rosenman wrote: Is there an ETA for 3.4.1? And, is there anything else I can do mean time? 3.4.1 is planned to announce for release during ApacheCon in about 2 weeks. 1 - Make sure you are using the new Registrar Boundary with the TLDs that are plaguing you. 2 -

Re: Help with today's (and previous) spam uptick?

On 4/1/2015 8:18 PM, Larry Rosenman wrote: On 2015-04-01 19:15, Kevin A. McGrail wrote: On 4/1/2015 8:13 PM, Larry Rosenman wrote: I've been getting pounded with stuff from new tld's (cricket, science, work, et al). I'm wondering how to make SA more immune to it. Spamples:

Re: Help with today's (and previous) spam uptick?

On 2015-04-01 19:20, Kevin A. McGrail wrote: On 4/1/2015 8:18 PM, Larry Rosenman wrote: On 2015-04-01 19:15, Kevin A. McGrail wrote: On 4/1/2015 8:13 PM, Larry Rosenman wrote: I've been getting pounded with stuff from new tld's (cricket, science, work, et al). I'm wondering how to make SA

RE: Help with today's (and previous) spam uptick?

User No: 307357 -Original Message- From: Kevin Miller [mailto:kevin.mil...@juneau.org] Sent: Wednesday, April 01, 2015 4:27 PM To: 'Larry Rosenman'; SpamAssassin Subject: RE: Help with today's (and previous) spam uptick? I simply added them to my sendmail access file with a REJECT

Re: Help with today's (and previous) spam uptick?

On 2015-04-01 19:15, Kevin A. McGrail wrote: On 4/1/2015 8:13 PM, Larry Rosenman wrote: I've been getting pounded with stuff from new tld's (cricket, science, work, et al). I'm wondering how to make SA more immune to it. Spamples: http://pastebin.com/jc3efYju Are you using a recent SA from

Re: Help with today's (and previous) spam uptick?

On 4/1/2015 8:13 PM, Larry Rosenman wrote: I've been getting pounded with stuff from new tld's (cricket, science, work, et al). I'm wondering how to make SA more immune to it. Spamples: http://pastebin.com/jc3efYju Are you using a recent SA from trunk? The RegistrarBoundaries.pm for new

Re: Help with Disk quota exceeded for a user depending on the mail quota

On Mon, 22 Dec 2014 19:45:00 +0100 Almond wrote: On 22/12/2014 19:32, David B Funk wrote: Exactly, but I'd set that /tmp size to something like 10GB or more. He's got a 2TB root drive so no sense scrimping on /tmp and running into fullness problems later. Hi, last questions please.

Re: Help with Disk quota exceeded for a user depending on the mail quota

On 21. dec. 2014 23.41.21 Almond almond27...@gmail.com wrote: I wrote this post on CentOS forum Suggest using tmpwatch in /tmp, the above is not mailqouta du -lh

Re: Help with Disk quota exceeded for a user depending on the mail quota

this was the situation on /tmp before tmpwatch installation: [root@myhostname ~]# du -lh /tmp 4.0K /tmp/.Test-unix 4.0K /tmp/.ICE-unix 4.0K/tmp/systemd-private-U6z6hx/tmp 8.0K/tmp/systemd-private-U6z6hx 20K /tmp/mywww/blog/wp-content/uploads/wpcf7_captcha 24K

Re: Help with Disk quota exceeded for a user depending on the mail quota

Almond skrev den 2014-12-22 13:43: this was the situation on /tmp before tmpwatch installation: [root@myhostname ~]# du -lh /tmp 11M /tmp/systemd-private-jr1YKi/tmp 11M /tmp/systemd-private-jr1YKi is this 11M mail ? [root@myhostname ~]# df -h Filesystem  Size  Used Avail

Re: Help with Disk quota exceeded for a user depending on the mail quota

Almond wrote: 3) ...spamd[28040]: plugin: eval failed: error writing to /tmp/.spamassassin28040V31F7ftmp: Disk quota exceeded at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Message.pm line 965, GEN840 line 1575. this was the situation on /tmp before tmpwatch installation:

Re: Help with Disk quota exceeded for a user depending on the mail quota

hi Mark, do you mean this? http://fedoraproject.org/wiki/Features/tmp-on-tmpfs but tmpfs have no quota... as you can read on that page, i'm confused... so, that's done by default on CentOS ? indeed, I didn't see any tmpfs on CentOS 6, as I remember...but I could be wrong. Do you think that if

Re: Help with Disk quota exceeded for a user depending on the mail quota

be wrong. Do you think that if I do a systemctl mask tmp.mount, and reboot. I solve this issue, and then if needed the apps write on /tmp on /dev/md2 or I misunderstood the matter? So do you think that the /tmp returned by the error is not the /tmp on /dev/md2? outbut of df -hT may help as well

<    1   2   3   4   5   6   7   8   9   10   >