On Thursday 19 October 2006 06:39, Jo Rhett took the opportunity to say:
Magnus Holmgren wrote:
OK, the attacker might have 100 zombies on different ISPs, with each
ISP's smarthost helping amplify the attack a bit. But does that really
count? The servers making the callouts aren't the ones
John D. Hardin wrote:
On Wed, 18 Oct 2006, Jo Rhett wrote:
In our experience the mail which goes to 50 without trying 10 is
always spam.
Any feel for whether or not you're experiencing the same
Exchange-related brokenness as an earlier poster mentioned?
No. I've seen a lot of Exchange
Daryl C. W. O'Shea wrote:
To start, again, I have *nothing* against RDJ. I just like things to be
as efficient as practical (it's how I live and make a living), which is
why I like sa-update. I'll explain why sa-update is more efficient...
[snip]
Thank you very much for the detailed
Matt Kettler wrote:
Yeah, it's a shame that amavis is broken out of the box.
You're still on this amavis kick. This has nothing to do with amavis.
I'm saying that when I read the code, it won't work on a normal system
NO MATTER WHAT CONFIG. Period. It can't work properly, except perhaps
Mark wrote:
We cannot really say SA's autodetection is broken, because SA is designed
to be called post-SMTP. Nor that a milter is broken per se for not adding
a Received: header, as that is the responsibility of the MTA itself. But a
milter using SA *can* be said to be broken if it's not
Chris Lear wrote:
It seems that Jo wants autodetection to:
1) comply with the documentation
2) just work for most people
3) be easily fixable in other cases
Yes.
This, it seems to me, is exactly what it does.
Show me it working properly on a out-of-the-box rpm/ports config on a
direct
Kevin Golding wrote:
FWIW I've run SpamAssassin on a bog-standard, normal, plain, old-
fashioned FreeBSD box sitting in a rack with a public IP, no NAT, no
patches, and no pixies or faeries. Auto-detection worked fine.
Just for my reference Worked fine meaning it never demonstrated a
problem
Contemplating adding DCC to my SA config.
I already do the SURBL tests and Razor2.
Will I likely gain any thing via this? Does DCC catch what other
tests miss?
--
_
John Andersen
Matt Kettler wrote:
Jo Rhett wrote:
I'd love to, but the SA project didn't write the milter you're using,
and the problems you're having can't be fixed by having SpamAssassin
detect the problem without doing something even dumber to someone
else.
Sure it can! It's dead simple to determine
John Andersen wrote:
On Thursday 19 October 2006 00:00, Jo Rhett wrote:
This, it seems to me, is exactly what it does.
Show me it working properly on a out-of-the-box rpm/ports config on a
direct connect, no NAT system. (ie most people)
Amavis worked for me that way when I installed Suse
John Andersen wrote:
Contemplating adding DCC to my SA config.
I already do the SURBL tests and Razor2.
Will I likely gain any thing via this? Does DCC catch what other
tests miss?
DCC and Razor are very similar in approach. DCC has recently lost a lot
of community support due to policy
And as I've stated several times before, spamassassin *DOES* run.
Always. It's just whether or not it's doing anything useful. When it
can't talk to the sockets, it's dead in the water.
Frank Bures wrote:
Interesting. Never came across that one. In my case if the socket is busy,
spamd
On Thu, 19 Oct 2006 01:18:18 -0700, Jo Rhett
[EMAIL PROTECTED] wrote:
And as I've stated several times before, spamassassin *DOES* run.
Always. It's just whether or not it's doing anything useful. When it
can't talk to the sockets, it's dead in the water.
Frank Bures wrote:
John Andersen wrote:
Contemplating adding DCC to my SA config.
I already do the SURBL tests and Razor2.
Will I likely gain any thing via this? Does DCC catch what other
tests miss?
DCC and Razor are very similar in approach. DCC has recently lost a lot
of community support due
Nigel Frankcom wrote:
On Thu, 19 Oct 2006 01:18:18 -0700, Jo Rhett
[EMAIL PROTECTED] wrote:
And as I've stated several times before, spamassassin *DOES* run.
Always. It's just whether or not it's doing anything useful. When it
can't talk to the sockets, it's dead in the water.
Frank
* Jo Rhett wrote (19/10/06 08:55):
Mark wrote:
We cannot really say SA's autodetection is broken, because SA is designed
to be called post-SMTP. Nor that a milter is broken per se for not adding
a Received: header, as that is the responsibility of the MTA itself. But a
milter using SA *can* be
Please reply only to the list. There is no need to CC me since I get
the post from the SA list.
My point, if not particularly well elucidated, is that individual
problems with MTA implementations are the realm of the particular MTA
author/s. Myself and many, many others have no issues with
In my experience (which is not statistically comfirmed), Razor
catches more spam than DCC.
Usually if DCC hits, then Razor will probably also hit. This is not
true the other way around:
if Razor hits, DCC regularly doesn't hit. Giampaolo's comments are
also valid: if they both
hit, you get
* David B Funk wrote (19/10/06 03:47):
On Wed, 18 Oct 2006, Sandy S wrote:
Daryl -
I switched back to 3.1.5 after my last post, and am sorry to report that I'm
still seeing the same issue under 3.1.5. After running a while, the
processes in a state of K start building up until I manually kill
Nigel Frankcom wrote:
My point, if not particularly well elucidated, is that individual
problems with MTA implementations are the realm of the particular MTA
author/s. Myself and many, many others have no issues with
ALL_TRUSTED. This issue seems to be one that's limited to Amavis, a
server that
Someone, quite probably Jo Rhett, once wrote:
Kevin Golding wrote:
FWIW I've run SpamAssassin on a bog-standard, normal, plain, old-
fashioned FreeBSD box sitting in a rack with a public IP, no NAT, no
patches, and no pixies or faeries. Auto-detection worked fine.
Just for my reference Worked
good news.
--j.
--- Forwarded Message
Date:Thu, 19 Oct 2006 00:13:27 -0700
From:Jeff Chan [EMAIL PROTECTED]
To: SURBL Announce [EMAIL PROTECTED]
Subject: [SURBL-Announce] PhishTank data added to SURBL phishing list
I'm pleased to announce that we are now including PhishTank
As far as I know, this will affect the main SpamAssassin.apache.org
website, the wiki, the lists, rules updates, rule-QA, nightly mass-checks
etc. etc more or less everything. Weekend off! ;)
(the ASF machines are moving to http://osuosl.org/ .)
--j.
--- Forwarded Message
Date:
Duncan Findlay writes:
On Wed, Oct 18, 2006 at 06:07:01PM +0100, Justin Mason wrote:
Theo Van Dinter writes:
in other words, reducing the worst-case scenario to just under 1 day. (If
we were to increase frequency of update publishing in the future, that
would then reduce that further,
John Goubeaux writes:
Can someone possibly shed some light on this errror I received, that
also coincided with my spamd processes dying. I have been running
this version of spamd (3.1.5) for a month now and have not seen this
error nor had the daemons crash alltogether. Is this due to
Jo Rhett wrote:
You can only exclude the mailing list if you're running SA from
procmail or .forward or something like that.
No. You can exclude it in other situations as well.
Usually it's running on the MX hosts.
We're using SA on our MX host, daemonized in MIMEDefang (a milter).
We're
On Thursday 19 October 2006 09:55, Jo Rhett took the opportunity to say:
Mark wrote:
We cannot really say SA's autodetection is broken, because SA is designed
to be called post-SMTP. Nor that a milter is broken per se for not adding
a Received: header, as that is the responsibility of the
Giampaolo Tomassoni wrote:
Which kind of algorithm you use for address massacring?
To see it in context, read the code at
http://whatever.frukt.org/mimedefangfilter.text.shtml
The following sub routine is the main part of the mail address changing:
---8---
sub greylist_strip_mail($$$) {
Chris Santerre wrote:
I see this argument a lot. IMHO if you can't wait 30 minutes for an email,
then you should be using a phone, fax, or a car to drive over and talk to
the person.
I agree with that.
My boss accepts it, though I'm not sure she agrees.
Some of those above her have have
Any suggestion to spread a spamtrap e-mail address?
Plase, don't let 'em know...
giampaolo
Giampaolo Tomassoni schrieb:
Any suggestion to spread a spamtrap e-mail address?
Plase, don't let 'em know...
Place it on your homepage(s) (perhaps invisible, only for webcrawlers).
Place it In your signature e.g. on multiple Mailinglists/Forums?
giampaolo
Greetings
MH
Giampaolo Tomassoni schrieb:
Any suggestion to spread a spamtrap e-mail address?
dont use *spam* some spammers might be intelligent enough not to use
these adresses ...
giampaolo
MH
-Original Message-
From: David B Funk [mailto:[EMAIL PROTECTED]
Sent: Thursday, October 19, 2006 1:10 AM
To: Michael Scheidell
Cc: users@spamassassin.apache.org
Subject: RE: Q. about spam directed towards highest MX Record?
On Wed, 18 Oct 2006, Michael Scheidell wrote:
Or,
Jo Rhett wrote:
John Andersen wrote:
Contemplating adding DCC to my SA config.
I already do the SURBL tests and Razor2.
Will I likely gain any thing via this? Does DCC catch what other
tests miss?
DCC and Razor are very similar in approach. DCC has recently lost a
lot of community
Hi friends,
I am getting lot of virus/spam mails with the subject Mail
server report. Have any body cracked any rules for such spam?
Warm Regards,
Suhas
System Administrator
QualiSpace - A
QuantumPages Enterprise
===
Tel India:
+91 (22) 6792 - 1480
Tel
Place it In your signature e.g. on multiple Mailinglists/Forums?
Well, that way somebody would be tempted to use it.
You mean, I have to write something like:
Plase, do NOT send here: [EMAIL PROTECTED]
?
Thanks,
giampaolo
Giampaolo Tomassoni wrote:
Any suggestion to spread a spamtrap e-mail address?
Plase, don't let 'em know...
I like to use example addresses in technical discussions on non-spam
oriented mailing lists.
Oh, yeah, I have a script that parses my firewall logs and then emails
me. insert snipet
-Original Message-
From: David B Funk [mailto:[EMAIL PROTECTED]
Sent: Thursday, October 19, 2006 12:02 AM
To: Michael Scheidell
Cc: OpenDNS First Responders; users@spamassassin.apache.org; Jeff Chan
Subject: RE: [OpenDNS #KMP-79041-857]: Michael Scheidell
Dumb question; there's
dont use *spam* some spammers might be intelligent enough not to use
these adresses ...
Yeah, that was my intention.
But, apart my site, where to spread it? Which (apart this) do you believe are
the best newsgroups/lists to subscribe to?
Greetings, a lot of,
giampaolo
MH
Looks like someone already did it:
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Thursday, October 19, 2006 5:46 AM
To: users@SpamAssassin.apache.org
Subject: [SURBL-Announce] PhishTank data added to SURBL
phishing list (fwd)
good news.
--j.
On Thu, Oct 19, 2006 at 01:32:31PM +0200, Matthias Haegele wrote:
Giampaolo Tomassoni schrieb:
Any suggestion to spread a spamtrap e-mail address?
Plase, don't let 'em know...
Place it on your homepage(s) (perhaps invisible, only for webcrawlers).
Place it In your signature e.g. on
Oh, yeah, I have a script that parses my firewall logs and then emails
me. insert snipet of script with obviously invalid address at my domain
inserted
Fine.
Another thing I've been noticing recently.. some idiot has been culling
the web archives of mailing lists, and is trying to send
Subscribe to several newsletters on untrustworthy web sites or similar.
Ok.
Get an enterprise OID registered by iana.org on
http://www.iana.org/cgi-bin/enterprise.pl
That wouldn't be fair with respect to IANA: you should provide a valid e-mail
address to them, not a spamtrap.
Get
Suhas (QualiSpace) wrote:
Hi friends,
I am getting lot of virus/spam mails with the subject Mail server
report”. Have any body cracked any rules for such spam?
They're viruses.. I'd suggest clamav.
We are using Symantec AV but still it's slipped thru it.
Warm Regards,
Suhas
System Admin
QualiSpace - A QuantumPages Enterprise
===
Tel India: +91 (22) 6792 - 1480
Tel US: +1 (614) 827 - 1224
Fax India: +91 (22) 2530 - 3166
URL: http://www.qualispace.com
We are using Symantec AV but still it's slipped thru it.
Ah, this crappy proprietary code... :)
giampaolo
Warm Regards,
Suhas
System Admin
QualiSpace - A QuantumPages Enterprise
===
Tel India: +91 (22) 6792 - 1480
Tel US: +1 (614) 827 - 1224
Fax India: +91 (22)
Can anybody help me in writing a rule to score the mails with subject Mail
Server Report? I am using SA 3.0.1 (windows version)
Warm Regards,
Suhas
System Admin
QualiSpace - A QuantumPages Enterprise
===
Tel India: +91 (22) 6792 - 1480
Tel US: +1 (614) 827 - 1224
Fax
-Original Message-
From: Matt Kettler [mailto:[EMAIL PROTECTED]
Sent: donderdag 19 oktober 2006 6:40
To: Mark
Cc: users@spamassassin.apache.org
Subject: Re: Scoring PTR's
Yes, a very bad idea. And a mite on the side of RFC ignorance. :)
mail.apache.org is the HELO name,
Waiting for it. Very urgent
Warm Regards,
Suhas
System Admin
QualiSpace - A QuantumPages Enterprise
===
Tel India: +91 (22) 6792 - 1480
Tel US: +1 (614) 827 - 1224
Fax India: +91 (22) 2530 - 3166
URL: http://www.qualispace.com
===
For Any Technical
Jeff Moss wrote:
pain in the butt. In particular dealing with its log files. By default
it creates thousands of them a day. There is a way to cut that down to
hundreds a day by editing the configuration file. But you still have
to run a cron job to keep them from eating your hard drive.
Giampaolo Tomassoni schrieb:
dont use *spam* some spammers might be intelligent enough not to use
these adresses ...
Yeah, that was my intention.
But, apart my site, where to spread it? Which (apart this) do you believe are the
best newsgroups/lists to subscribe to?
All searchable lists
-Original Message-
From: Jo Rhett [mailto:[EMAIL PROTECTED]
Sent: donderdag 19 oktober 2006 9:56
To: Mark
Cc: users@spamassassin.apache.org
Subject: Re: ALL_TRUSTED creating a problem
Perhaps SA being focused on post-SMTP is the problem here. Why is
this the focus? In the
Suhas (QualiSpace) wrote:
Waiting for it. Very urgent
Warm Regards,
Suhas
System Admin
QualiSpace - A QuantumPages Enterprise
===
Tel India: +91 (22) 6792 - 1480
Tel US: +1 (614) 827 - 1224
Fax India: +91 (22) 2530 - 3166
URL: http://www.qualispace.com
I have a number of spamtrap addresses that between them receive between about
3000 and 6000 messages a day. Until recently I have used this mail to simply
populate a database of machines that have sent me spam in the last 48 hours,
which is used as part of a series of checks on incoming
I apologize for that. Actually I am a newbie to SA and don't have much
knowledge on it. I already went through that link but just thought that
let's take some experts help in writing those rules.
Warm Regards,
Suhas
System Admin
QualiSpace - A QuantumPages Enterprise
===
Since I installed FuzzyOCR I've noticed I'm having a lot of files named
similar to .spamassassin8932mZBFrtmp left in my /tmp folder. These are
from FuzzyOCR, correct? The content of these files has lots of spaces,
hyphens, commas with a few readable words and the word picture a few
times.
Matt Kettler wrote:
Steve Lake wrote:
Ok, I'm going to take a huge guess that just dumping the new sare
file into your rules directory (in my case, since I'm on freebsd, it's
/usr/local/share/spamassassin) doesn't work and you need to do some
kind of update thingy.
Well, you do NOT want
Guys, I don't need a lesson on what you think should be done or what you
think is the right thing to do, I just need help writing a rule. I setup
mail servers all the time and I always make sure the: Mail server
broadcast name, the 'A' record and the PTR all match, IT IS JUST GOOD
PRACTICE, I am
I use DCC, Razor and Pyzor. I only installed Pyzor because I thought the
more opinions I get on an email the better. By using all 3 I get more spam
emails rejected than if I just use DCC and Razor. It helps raise the score
of the spam emails.
Bill
- Original Message -
From:
* Bill wrote (19/10/06 14:03):
Since I installed FuzzyOCR I've noticed I'm having a lot of files named
similar to .spamassassin8932mZBFrtmp left in my /tmp folder. These are
from FuzzyOCR, correct? The content of these files has lots of spaces,
hyphens, commas with a few readable words and
I use DCC, Razor and Pyzor.
It is quite like my conf.
I only installed Pyzor because I
thought the
more opinions I get on an email the better. By using all 3 I get more spam
emails rejected than if I just use DCC and Razor. It helps raise the score
of the spam emails.
I have pyzor too,
I just looked and have tmp dirs being created by FuzzyOCR - with what
looks like tmp files in those dirs. No tmp files in the root of /tmp
It looks like certain images are causing FuzzyOCR to quit proccessing
messages in my case based on what I see in these dead tmp dirs left
behind. It's only
Title: RE: Scoring PTR's
That is what I thought but the :EvalTests
modules are not documented. Then I thought maybe a rule that compares the two
names on the Received: line because the PTR always falls after
the ( and before the [. Also, The broadcast name
always comes after Received: from
This seems to extreme to be true. I think you need to fix your DCC
setup :-)
On 19-okt-2006, at 15:19, Coffey, Neal wrote:
John Andersen wrote:
Contemplating adding DCC to my SA config.
I already do the SURBL tests and Razor2.
Will I likely gain any thing via this? Does DCC catch what
Title: RE: spam attacks - so and so wrote about a stock
-Original Message-
From: Spamassassin List [mailto:[EMAIL PROTECTED]]
Sent: Thursday, October 19, 2006 1:13 AM
Cc: users@spamassassin.apache.org
Subject: Re: spam attacks - so and so wrote about a stock
Rob McEwen
I noticed that there is this directive in the fuzzyocr.cf:
# 0 = always cleanup
# 1 = keep only if error
# 2 = always keep
focr_keep_bad_images 0
Mine was set to 1 by default, to keep bad images. I set it to 0 but it
still is keeping bad images. (If what is in the dirs is bad images, when
I
On Wednesday 18 October 2006 17:03, Daryl C. W. O'Shea wrote:
Chris Purves wrote:
How do I properly set trusted_networks when my mail server has a dynamic
IP address?
Assuming your dynamically address mail server is your only mail server,
and SA actually sees your public address, auto
On Wednesday 18 October 2006 18:15, Christopher Martin wrote:
If you are using dhclient, you should try:
man dhclient
man dhclient.conf
This will depend on what flavour of Linux you're on, different ones might
not use the ISC client.
Here is a config example which shows how to run a
My statistics look like this. This is from one lower volume server and
is only since logs rotated at 4am Sunday morning.
DCC - 38,521 (DCC_CHECK)
Razor - 52,596 (RAZOR2_CHECK)
Pyzor - 11,201 (PYZOR_CHECK)
And for the heck of it:
DIGEST_MULTIPLE 38,562
Bill
On Tuesday 17 October 2006 20:49, Chris Purves wrote:
On Tuesday 17 October 2006 12:52, Mark Martinec wrote:
It is a waste of time working with versions of Mail::DomainKeys so old,
there will be numerous false-positive signature failures.
Okay, I installed Mail::DomainKeys 0.88 from CPAN.
On Wed, October 18, 2006 7:42 pm, John D. Hardin said:
I assume the From: address is what you want to check?
perhaps:
header FNORD From=~ /[EMAIL PROTECTED]/i
score FNORD 50
Duh. Thank you. I was obviously thinking to hard about this. ;)
What's the correct procedure to file a
Leander Koornneef wrote:
On 19-okt-2006, at 10:15, Jo Rhett wrote:
John Andersen wrote:
Contemplating adding DCC to my SA config. I already do the
SURBL tests and Razor2. Will I likely gain any thing via this?
Does DCC catch what other tests miss?
DCC and Razor are very similar
Title: RE: spam attacks - so and so wrote about a stock
Sorry Chris I replied directly to you instead of the
list before.
I put in place the new rules yesterday and I am not
getting a hit on animatedgifs from the new
addition.
It should be
this part of the new sarstock rulesthat it hits
Suhas (QualiSpace) wrote:
Can anybody help me in writing a rule to score the mails with subject Mail
Server Report? I am using SA 3.0.1 (windows version)
Here's a rule for ya:
header L_SUBJ_SRV_RPT Subject =~ /Mail Server Report/i
describe L_SUBJ_SRV_RPT Stopgap rule for virus flood
Chris,
Okay, I installed Mail::DomainKeys 0.88 from CPAN.
Thanks for reminding me to prepare a version of my patch for this version.
Part of my patch for 0.86 was already incorporated into 0.88, but not all.
I also noticed an additional (marginal) problem, so I'll report later
on a solution.
I'm using FuzzyOcr-2.3b and I can't find any reference to this option in
any of the FuzzyOCR software I downloaded.
focr_keep_bad_images 0
Here's a sample of the items in my /tmp folder. You said your's were
folders, mine's not. All of these files are left behind as at the time I
Hello all,
Suse 9.2, Sendmail 8.13.1, Proocmail 3.22, Spamassassin 3.1.7,
Clamav 0.88.2, qpopper 4.0.5
I have one user consistently that SA seems to be putting its
header at the very top of the email. I posted a example at www.asccn.com/bubba/header.txt
. He is using outlook as his
I am using 2.3j of Fuzzy OCR according to the Perl script.
drwx-- 2 mail mail 4096 Oct 19 08:29 .spamassassin17656WleDs7tmp
drwx-- 2 mail mail 4096 Oct 19 09:15 .spamassassin25775kNluNhtmp
These are two dirs in my tmp folder currently.
In one of those dirs I have:
Jo Rhett wrote:
Autodetection should work out of the box for out of the box
installs. Custom installations, and most especially people creating
appliances out of this, are managed by Experts who have a clue.
If you are using a milter that calls SA, you are in effect using a custom
Ok, I wasn't going to ask but I guess I'll have to.
Where do I get the j version. It's not at
http://users.own-hero.net/~decoder/fuzzyocr/
Bill
- Original Message -
From: Duncan, Brian M.
To: Bill ; users@spamassassin.apache.org
Sent: Thursday, October 19, 2006 9:36 AM
Title: RE: spam attacks - so and so wrote about a stock
No,
you got it all wrong :)
The ruleset looks
for animated gifstock SPAMS, not animated gifs. They purposely do NOT
bother to look at the animated gif at all. They use other features that those
spams have in common. Watch your traps
* Bill wrote (19/10/06 15:29):
I'm using FuzzyOcr-2.3b and I can't find any reference to this option in
any of the FuzzyOCR software I downloaded.
focr_keep_bad_images 0
Here's a sample of the items in my /tmp folder. You said your's were
folders, mine's not. All of these files are
Title: RE: spam attacks - so and so wrote about a stock
Ahh OK sorry, I figured it was animated gifs
period.
Thanks for clarifying that for me.
From: Chris Santerre
[mailto:[EMAIL PROTECTED] Sent: Thursday, October
19, 2006 9:46 AMTo: Duncan, Brian M.;
Any suggestion to spread a spamtrap e-mail address?
Plase, don't let 'em know...
giampaolo
Post in the newsgroups as well.
Its not a formal released version from Chris/decoder. I'm running b
here as it seems the most stable.
If you want J is at:
To: [EMAIL PROTECTED]
Subject: [Devel-spam] [Announce] Version 2.3j
From: Jorge Valdes [EMAIL PROTECTED]
Date: Mon, 25 Sep 2006 10:49:24 -0600
Hi all,
Just wanted to let
On Thu, Oct 19, 2006 at 02:35:18PM -0500, Robert Smith wrote:
I have one user consistently that SA seems to be putting it's header at the
very top of the email. I posted a example at www.asccn.com/bubba/header.txt
The only problem I see there is that it appears the From separator is
malformed,
On Thu, Oct 19, 2006 at 02:11:56AM +, Sai Seng Wong wrote:
run the sa-update but end up with errors which I had screen captured it in the
attachment. Please do let me why is it unable to perform update?if can't view
attachment, the scrnshot is here as well:
Title: RE: Psst!
-Original Message-
From: [mailto:[EMAIL PROTECTED]]
Sent: Thursday, October 19, 2006 10:48 AM
To: Giampaolo Tomassoni; users@spamassassin.apache.org
Subject: Re: Psst!
Any suggestion to spread a spamtrap e-mail address?
Plase, don't let 'em
De : Bowie Bailey Envoyé : mercredi 18 octobre 2006 18:17
What I do is this:
add_header all Report _REPORT_
This gives me the detailed X-Spam-Report header listing the
scores, rule names, and rule descriptions.
Thanks for the answer. I've tried most add_header options (like all
Jeroen Tebbens [EMAIL PROTECTED] wrote on
10/18/2006 04:27:54 PM:
Theo Van Dinter wrote:
On Wed, Oct 18, 2006 at 11:18:18PM +0200, Turbo Fredriksson wrote:
These kind of spam have been getting through for quite some
time
now, but now they're really starting to bug me!
Thanks for your help matt
Warm Regards,
Suhas
System Admin
QualiSpace - A QuantumPages Enterprise
===
Tel India: +91 (22) 6792 - 1480
Tel US: +1 (614) 827 - 1224
Fax India: +91 (22) 2530 - 3166
URL: http://www.qualispace.com
===
For Any Technical
Daryl -
I switched back to 3.1.5 after my last post, and am sorry to report that I'm
still seeing the same issue under 3.1.5. After running a while, the
processes in a state of K start building up until I manually kill them.
Regretfully (VERY regretfully) turning off FuzzyOCR.
Sandy
I received several variations of the same Spam message overnight.
They all pretty much looked like this:
X-MailScanner-SpamCheck: spam, SpamAssassin (not cached, score=16.149,
required 6.5, BAYES_99 3.50, DATE_IN_FUTURE_96_XX 2.40,
FORGED_RCVD_HELO 0.14, FROM_LOCAL_NOVOWEL 2.86,
Jonas Eckerman wrote:
Jo Rhett wrote:
You can only exclude the mailing list if you're running SA from
procmail or .forward or something like that.
No. You can exclude it in other situations as well.
Usually it's running on the MX hosts.
We're using SA on our MX host, daemonized in
Fabien GARZIANO wrote:
De : Bowie Bailey Envoyé : mercredi 18 octobre 2006 18:17
What I do is this:
add_header all Report _REPORT_
This gives me the detailed X-Spam-Report header listing the
scores, rule names, and rule descriptions.
Thanks for the answer. I've tried most
Chris Hastie wrote:
I have a number of spamtrap addresses that between them receive between about
3000 and 6000 messages a day. Until recently I have used this mail to simply
populate a database of machines that have sent me spam in the last 48 hours,
which is used as part of a series of checks
Matt Kettler wrote:
Which policy change is that? And what community has DCC lost support in?
(and then he answers his own question)
that's not exactly recent. (Spring 2005)
Sorry, after doing this for 20 years anything that happened a year ago
is recent. Sorry if that confused you.
I'd
Robert Swan wrote:
Guys, I don't need a lesson on what you think should be done or what you
think is the right thing to do, I just need help writing a rule. I setup
mail servers all the time and I always make sure the: Mail server
broadcast name, the 'A' record and the PTR all match, IT IS JUST
I have DCC installed and running on my Linux box, running Postfix and
using Amavisd-new to query SA.
In my local.cf file, I have
use_dcc 1
dcc_timeout 10
dcc_add_header 1
use_razor2 1
razor_timeout 10
But if I grep my amavis logs for dcc and/or Razor, I don't see
anything... I think I
DAve wrote:
There is nothing special required for FreeBSD, the etc dir for user
installed software is /usr/local/etc, so the local.cf is in
/usr/local/etc/mail/spamassassin and that is the directory you should
point RDJ to.
Oh, and in case you are thinking about it, don't use the
1 - 100 of 194 matches
Mail list logo
