Thanks for the advise.
Rick Macdougall wrote:
Mikael Bak wrote:
schmero...@gmail.com wrote:
One of our client's websites gets hacked frequently - 1x per month -
usually with some kind of phishing scam.
We've also had some problems lately. After deep investigations we saw
that in 100% of
If I try to run the spamd.exe service it will run as a process up to around
24k of memory usage then quit out.
nothing showing in error log or anything else???
I've tried to run it by itself... also tried running it within a daemon
service provider such as NTrunner for example but no joy.. any
On 10.07.09 08:43, Daniel Schaefer wrote:
I'm running SA daemonized. I know that it reads
/.spamassassin/user_prefs (not a typo),
only for users whose homedir is the root (/) directory...
/etc/mail/spamassassin/local.cf,
actually, /etc/mail/spamassassin/*.pre and
On 10.07.09 16:48, Jonas Eckerman wrote:
Rosenbaum, Larry M. wrote:
I have found the Xpdf package [...] has a pdftotext command line utility.
If you build it with the --without-x option,
Ah. I didn't see that option. That's nice. I'm now using pdftotext
instead of pdftohtml here as well.
On Fri, Jul 10, 2009 at 05:01:14PM +0200, Jonas Eckerman wrote:
Steven W. Orr wrote:
http://wiki.apache.org/spamassassin/ClamAVPlugin
It looks like what I thought I wanted already exists. Based on what I wrote
above, and that I like the result of running sa + clamav via the two
On 10.07.09 10:28, Admin wrote:
I do not see spamassassin processing information in the SMTP header of
incoming messages. So I am fairly sure that the processing is not
working. I am hoping to get the postfix-procmail-spamc processing
path working system-wide. I need some help though
On Sat, 2009-07-11 at 14:27 -0700, dmy wrote:
So is there a way to configure that ALL DNS tests just use the last external
ip address (or at least NOT the first one?). Because to me it doesn't make
any sense to test the ip people use to deliver messages to their smarthost
and it produces
On Mon, 2009-07-13 at 12:10 +0200, Matus UHLAR - fantomas wrote:
On Sat, 2009-07-11 at 14:27 -0700, dmy wrote:
So is there a way to configure that ALL DNS tests just use the last
external
ip address (or at least NOT the first one?). Because to me it doesn't make
any sense to test
On Mon, 2009-07-13 at 12:03 +0200, Matus UHLAR - fantomas wrote:
On 10.07.09 10:28, Admin wrote:
I do not see spamassassin processing information in the SMTP header of
incoming messages. So I am fairly sure that the processing is not
working. I am hoping to get the
On Mon, Jul 13, 2009 at 12:01:35PM +0200, Matus UHLAR - fantomas wrote:
On 10.07.09 19:09, Henrik K wrote:
When you block botnets directly from MTA (zen, helo checks, greylist etc),
possible ClamAV/SA load is already reduced by a huge factor. Personally I
only see handful of official
On Mon, Jul 13, 2009 at 12:01:35PM +0200, Matus UHLAR - fantomas wrote:
On 10.07.09 19:09, Henrik K wrote:
When you block botnets directly from MTA (zen, helo checks, greylist etc),
possible ClamAV/SA load is already reduced by a huge factor. Personally I
only see handful of
Second, I don't want to keep adding/modifying rules/scores in
/.spamassassin/user_prefs if it's not the correct way. As I am
constantly tweaking my spam scores, can I add scores to a config file
and make them become active without having to restart SA? Right now,
adding them to
On Fri, 3 Jul 2009, RW wrote:
I understand that Spamhaus doesn't recommend this, because dynamic IP
addresses can be reassigned from a spambot to another user, but I added
my own rule it does seem to work. In my mail it hits about 9% of my
spam, with zero false-positives.
You will get false
If I might interject. This seems to be an excellent occasion for
the PerlRE 'negative look-ahead' code (excuse the line wrap):
body =~ /(?!www\.[a-z]{2,6}[0-9]{2,6}\.(com|net|org))
www[^a-z0-9]+[a-z]{2,6}[0-9]{2,6}[^a-z0-9]+(com|net|org)/i
...unless someone can think of an FP for this
On Mon, 13 Jul 2009, rich...@buzzhost.co.uk wrote:
On Mon, 2009-07-13 at 12:10 +0200, Matus UHLAR - fantomas wrote:
Oh, you again?
Oh you again ? Sigh.
Here we ego again? :)
- C
On Mon, 2009-07-13 at 10:46 -0400, Charles Gregory wrote:
(?!www\.[a-z]{2,6}[0-9]{2,6}\.(com|net|org))
www[^a-z0-9]+[a-z]{2,6}[0-9]{2,6}[^a-z0-9]+(com|net|org)
Does not seem to work with;
www. meds .com
On Fri, 3 Jul 2009, RW wrote:
I understand that Spamhaus doesn't recommend this, because dynamic IP
addresses can be reassigned from a spambot to another user, but I added
my own rule it does seem to work. In my mail it hits about 9% of my
spam, with zero false-positives.
On 13.07.09
On Mon, 2009-07-13 at 16:03 +0100, rich...@buzzhost.co.uk wrote:
On Mon, 2009-07-13 at 10:46 -0400, Charles Gregory wrote:
(?!www\.[a-z]{2,6}[0-9]{2,6}\.(com|net|org))
www[^a-z0-9]+[a-z]{2,6}[0-9]{2,6}[^a-z0-9]+(com|net|org)
Does not seem to work with;
www. meds .com
It shouldn't. The
On Mon, 2009-07-13 at 17:19 +0200, Matus UHLAR - fantomas wrote:
On Fri, 3 Jul 2009, RW wrote:
I understand that Spamhaus doesn't recommend this, because dynamic IP
addresses can be reassigned from a spambot to another user, but I added
my own rule it does seem to work. In my mail it
On Mon, 13 Jul 2009, rich...@buzzhost.co.uk wrote:
On Mon, 2009-07-13 at 10:46 -0400, Charles Gregory wrote:
(?!www\.[a-z]{2,6}[0-9]{2,6}\.(com|net|org))
www[^a-z0-9]+[a-z]{2,6}[0-9]{2,6}[^a-z0-9]+(com|net|org)
Does not seem to work with;
www. meds .com
Correct. With spaces being one of the
Matus UHLAR - fantomas wrote:
Ah. I didn't see that option. That's nice. I'm now using pdftotext
instead of pdftohtml here as well. :-)
I've been thinking about it. The pdftohtml could provide interesting
infromations like colour informations that could lead to better spam
detection. Any
On Mon, 13 Jul 2009, McDonald, Dan wrote:
On Mon, 2009-07-13 at 16:03 +0100, rich...@buzzhost.co.uk wrote:
On Mon, 2009-07-13 at 10:46 -0400, Charles Gregory wrote:
(?!www\.[a-z]{2,6}[0-9]{2,6}\.(com|net|org))
www[^a-z0-9]+[a-z]{2,6}[0-9]{2,6}[^a-z0-9]+(com|net|org)
Does not seem to work
On Mon, 13 Jul 2009, Charles Gregory wrote:
On Mon, 13 Jul 2009, rich...@buzzhost.co.uk wrote:
On Mon, 2009-07-13 at 10:46 -0400, Charles Gregory wrote:
(?!www\.[a-z]{2,6}[0-9]{2,6}\.(com|net|org))
www[^a-z0-9]+[a-z]{2,6}[0-9]{2,6}[^a-z0-9]+(com|net|org)
Does not seem to work with;
On Mon, 13 Jul 2009, John Hardin wrote:
Why be restrictive on the domain name?
If a conservative spec is sufficient to match the spam, then we're
helping avoid false positives I'd rather tweak the rule to
catch the new tricks of the spammer than overgeneralize. :)
The + signs are a
RW wrote:
I think it might be worth having 2 XBL tests, a high scoring test on
last-external and a lower-scoring test that goes back through the
untrusted headers.
I understand that Spamhaus doesn't recommend this, because dynamic IP
addresses can be reassigned from a spambot to another user,
On Mon, 2009-07-13 at 17:19 +0200, Matus UHLAR - fantomas wrote:
On Fri, 3 Jul 2009, RW wrote:
I understand that Spamhaus doesn't recommend this, because dynamic IP
addresses can be reassigned from a spambot to another user, but I added
my own rule it does seem to work. In my mail
On Mon, 13 Jul 2009, Charles Gregory wrote:
On Mon, 13 Jul 2009, John Hardin wrote:
Why be restrictive on the domain name?
If a conservative spec is sufficient to match the spam, then we're
helping avoid false positives I'd rather tweak the rule to
catch the new tricks of the spammer
On Mon, 2009-07-13 at 18:28 +0200, Matus UHLAR - fantomas wrote:
On Mon, 2009-07-13 at 17:19 +0200, Matus UHLAR - fantomas wrote:
On Fri, 3 Jul 2009, RW wrote:
I understand that Spamhaus doesn't recommend this, because dynamic IP
addresses can be reassigned from a spambot to
On Mon, 2009-07-13 at 17:38 +0100, rich...@buzzhost.co.uk wrote:
On Mon, 2009-07-13 at 18:28 +0200, Matus UHLAR - fantomas wrote:
On Mon, 2009-07-13 at 17:19 +0200, Matus UHLAR - fantomas wrote:
On Fri, 3 Jul 2009, RW wrote:
I understand that Spamhaus doesn't recommend this, because
On Fri, Jul 3, 2009 at 22:43, RWrwmailli...@googlemail.com wrote:
I think it might be worth having 2 XBL tests, a high scoring test on
last-external and a lower-scoring test that goes back through the
untrusted headers.
I understand that Spamhaus doesn't recommend this, because dynamic IP
that old message I was talking about.
-- Forwarded message --
From: Daniel Quinlan quin...@pathname.com
Date: Sat, May 22, 2004 at 16:25
Subject: DNSBL accuracy using -firsttrusted
To: spamassassin-...@incubator.apache.org
Someone at Spamhaus poked me to try testing only the
On Mon, 2009-07-13 at 17:38 +0100, rich...@buzzhost.co.uk wrote:
On Mon, 2009-07-13 at 18:28 +0200, Matus UHLAR - fantomas wrote:
On 13.07.09 16:26, rich...@buzzhost.co.uk wrote:
Do the RFC's state that they need to?
yes, RFC4954 in section 7 does
Where - I don't see it say it needs
I agree so strongly about not checking against all IPs in the header
that I'll probably turn down business from large anti-spam vendors who
cannot guarantee in writing that ivmSIP and ivmSIP/24 will ONLY be
checked against the actual sending IP. If this means I lose 4-5 figures
in annual revenue
On Mon, 13 Jul 2009, John Hardin wrote:
The + signs are a little risky, it might be better to use {1,3} instead.
(nod) Though without the '/m' option it would be limited to the same line.
body rules work on paragraphs, but you are right, the badness has an upper
limit.
Ugh. Forgot it was
On Mon, 13 Jul 2009 17:21:36 +0100
Ned Slider n...@unixmail.co.uk wrote:
I do a very similar thing and see very similar results to yours.
I use zen.spamhaus to block at the smtp level and then run all
headers through sbl-xbl for a further few points. As already
mentioned elsewhere in this
MrGibbage a écrit :
I have read the help pages for those two settings over and over, and I guess
I'm just not smart enough. I can't figure out what I should put for those
two settings. Can one of you give me a hand by looking at the headers from
an email? I can tell you that my SA
MrGibbage a écrit :
#ps11651.dreamhostps.com and pelorus.org
internal_networks 75.119.219.171
trusted_networks 75.119.219.171 #I think this is wrong
no, it is not wrong. the documentation says:
Every entry in internal_networks must appear in
trusted_net-
works;
so whenever you
Jari Fredriksson a écrit :
MrGibbage a écrit :
#ps11651.dreamhostps.com and pelorus.org
internal_networks 75.119.219.171
trusted_networks 75.119.219.171 #I think this is wrong
no, it is not wrong. the documentation says:
Every entry in internal_networks must appear in
trusted_net-
Hi,
I've been running SA for about a month, everything is running great until:
I have configured our domain mail to forward messages to a gmail account.
I did a test sending an email from my gmail account to my domain mail; I
receive the message sent from my gmail account, but immediately this
At 04:03 PM 7/13/2009, you wrote:
Hi,
I've been running SA for about a month, everything is running great until:
I have configured our domain mail to forward messages to a gmail account.
I did a test sending an email from my gmail account to my domain mail; I
receive the message sent from my
On Mon, 13 Jul 2009, neroxyr wrote:
Checking the maillog, I can see why SA is blocking this message as it is
being considered as a spam with a score of 103.5/4.5. I don't know how
SA gets this score.
Hope you can help with that.
Not without a copy of the message in question, including full
Hope this is the log you wanted
http://www.nabble.com/file/p24471425/block.jpg
--
View this message in context:
http://www.nabble.com/forward-mails-as-spam-tp24470970p24471425.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Chris Owen wrote:
On Jul 13, 2009, at 2:55 PM, Charles Gregory wrote:
To answer your next post, I don't use '\b' because the next 'trick'
coming
will likely be something looking like Xwww herenn comX... :)
At that point it can be dealt with.
Well, they're getting close. I'm seeing
At 04:45 PM 7/13/2009, you wrote:
Hope this is the log you wanted
http://www.nabble.com/file/p24471425/block.jpg
Who are you talking to? I only see two replies, myne and another, and
neither of us asked for a jpg image of a log.
If you're going to post something as simple as a log file,
On Mon, 13 Jul 2009, neroxyr wrote:
Hope this is the log you wanted
http://www.nabble.com/file/p24471425/block.jpg
No, don't send the log. Especially, don't send a *screenshot* of the log.
Upload a copy of your test message (in text, with all headers intact) to
someplace like pastebin. To
neroxyr wrote:
Hope this is the log you wanted
http://www.nabble.com/file/p24471425/block.jpg
It's not possible to see from this whether the first log line that you
have highlighted is necessarily related to the second and third
highlights (the message IDs are different), but I'll assume they
46 matches
Mail list logo