Jonas,
thanks for the reply. Some queries below, if you have the time.
Mike
On 6/14/07, Jonas Eckerman [EMAIL PROTECTED] wrote:
Blocking because a system/netblock has made many attempts to send
to non-existant users makes sense.
Any single address from wich a certain number of such attempts
I'm trying out a new idea for blacklisting hosts. I have several email
servers for processing spam. These servers service my lowered numbered
MX records. I also have several dummy mx records that are higher
numbered than my real servers. So in theory no one should ever hit the
higher numbered
Hi,
From: Justin Mason [EMAIL PROTECTED]
[EMAIL PROTECTED] ~]# sa-update --nogpg
can't resolve localhost to address at
/usr/local/libdata/perl5/site_perl/i386-openbsd/Net/DNS/Resolver/Base.pm
line 751.
[EMAIL PROTECTED] ~]#
A guess-- you have
server localhost
in /etc/resolv.conf.
In deed,
On Fri, June 15, 2007 08:20, Helmut Schneider wrote:
Hi,
From: Justin Mason [EMAIL PROTECTED]
[EMAIL PROTECTED] ~]# sa-update --nogpg
can't resolve localhost to address at
/usr/local/libdata/perl5/site_perl/i386-openbsd/Net/DNS/Resolver/Base.pm
line 751. [EMAIL PROTECTED] ~]#
A
Marc Perkel wrote:
I'm trying out a new idea for blacklisting hosts. I have several email
servers for processing spam. These servers service my lowered numbered
MX records. I also have several dummy mx records that are higher
numbered than my real servers. So in theory no one should ever hit
From: Duncan Hill [EMAIL PROTECTED]
On Fri, June 15, 2007 08:20, Helmut Schneider wrote:
From: Justin Mason [EMAIL PROTECTED]
[EMAIL PROTECTED] ~]# sa-update --nogpg
can't resolve localhost to address at
/usr
local/libdata/perl5/site_perl/i386-openbsd/Net/DNS/Resolver/Base.pm
line 751.
Hi,
I am wondering if bad things happen in case multiple
instances of sa-update run at the same time, e.g. if a
manual call interferes with a call invoked by cron in
background.
As I understand the code, sa-update downloads any new
rules into a temporary directory where it does some
sanity
Hi!
servers for processing spam. These servers service my lowered numbered MX
records. I also have several dummy mx records that are higher numbered than
my real servers. So in theory no one should ever hit the higher numbered
servers. Especially when the IP addresses are on the same server
Phil, Bill,
Mark, I patched Dns.pm but this didn't resolve the issue for me.
You can test with the sample messages I posted to bugzilla:
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5506
I was getting this sort of symptom without using Botnet.
It's almost as if something's
-Original Message-
From: Marc Perkel [mailto:[EMAIL PROTECTED]
Sent: Friday, June 15, 2007 3:19 AM
To: users@spamassassin.apache.org
Subject: Innovative Host Blacklisting Idea
I'm trying out a new idea for blacklisting hosts. I have
several email
servers for processing
Daryl writes:
Make sure your milter is providing a return path header field so that SA
gets the correct envelope-from address. I believe old versions of
amavisd-new don't do this. If the milter fails to do this SA will end
up using the From: header field value and, yeah, you'll get SPF fail.
Daryl C. W. O'Shea wrote:
Marc Perkel wrote:
I'm trying out a new idea for blacklisting hosts. I have several
email servers for processing spam. These servers service my lowered
numbered MX records. I also have several dummy mx records that are
higher numbered than my real servers. So in
Raymond Dijkxhoorn wrote:
Hi!
servers for processing spam. These servers service my lowered
numbered MX records. I also have several dummy mx records that are
higher numbered than my real servers. So in theory no one should ever
hit the higher numbered servers. Especially when the IP
Michael Scheidell wrote:
-Original Message-
From: Marc Perkel [mailto:[EMAIL PROTECTED]
Sent: Friday, June 15, 2007 3:19 AM
To: users@spamassassin.apache.org
Subject: Innovative Host Blacklisting Idea
I'm trying out a new idea for blacklisting hosts. I have
several email
servers
Hi,
I just installed SA on a stock CentOS 5 machine. I forwarded a spam to it
and it worked. Then I sent a very short hi message that I would expect
should make it through but it did not.
From looking at the X-Spam headers:
X-Spam-Status: Yes, score=5.3 required=5.0 tests=AWL autolearn=no
On Fri, 15 Jun 2007, Marc Perkel wrote:
Shane Williams wrote:
Unless you have some other reliable source of statistics regarding how
various entities choose MX records, I'd expect blacklisting this way
is likely to garner significant false positives.
It appears that some spammers hit the
Shane Williams wrote:
On Fri, 15 Jun 2007, Marc Perkel wrote:
What I see happening is that they are hitting MX randomly. So some
times they hit a good server and sometimes they hit the trap. Once
they have hit the trap several times then they are blacklisted in my
hostkarma blacklist and
Hi!
Spamassassin to bounce spam? Sure it does a good job at filtering spam but I
don't want it from my web(mail)server to my inbox. I want my web- or
mailserver to bounce suspected spam. Is this a feature that could be
implemented?
Bounce spam? Are you nuts? This is as worse as the spammers
On Jun 15, 2007, at 5:37 AM, Mark Martinec wrote:
always_trust_envelope_sender 1
envelope_sender_header Return-Path
Done, thanks.
-Original Message-
From: WLamotte [mailto:[EMAIL PROTECTED]
Sent: Friday, June 15, 2007 10:13 AM
To: users@spamassassin.apache.org
Subject: Why doesn't Spamassassin bounce spam?
Sorry if this is an obvious question but why isn't there an
option for
Spamassassin
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Michael Scheidell wrote:
-Original Message-
From: Eric W. Bates [mailto:[EMAIL PROTECTED]
Sent: Thursday, June 14, 2007 2:17 PM
To: users@spamassassin.apache.org
Subject: spamd crashes when using sa-compile body (undefined symbol)
Jari Fredriksson wrote, On 15/6/07 7:53 AM:
Both installation tries were via cpan, and here is the result.
That looks like bug 5510, about failing tests when they are run s root,
which breaks CPAN installation in the common setup in which the build
and test are run as root. I think you can
In the testing we have done here, less than 1% of connections to our low
priority MX actually cycled around to one of the higher priority MX
systems to deliver the message. I'm still not sure if this is a growing
pattern yet, but it could be a sign of spambots catching on. Whether or
not they
Sorry if this is an obvious question but why isn't there an option for
Spamassassin to bounce spam? Sure it does a good job at filtering spam but I
don't want it from my web(mail)server to my inbox. I want my web- or
mailserver to bounce suspected spam. Is this a feature that could be
On Fri, 15 Jun 2007, Marc Perkel wrote:
What I see happening is that they are hitting MX randomly. So some times they
hit a good server and sometimes they hit the trap. Once they have hit the
trap several times then they are blacklisted in my hostkarma blacklist and if
they hit a real server
On Fri, June 15, 2007 15:13, WLamotte wrote:
Sorry if this is an obvious question but why isn't there an option for
Spamassassin to bounce spam? Sure it does a good job at filtering spam but I
don't want it from my web(mail)server to my inbox. I want my web- or
mailserver to bounce
Terry Soucy wrote:
In the testing we have done here, less than 1% of connections to our low
priority MX actually cycled around to one of the higher priority MX
systems to deliver the message. I'm still not sure if this is a growing
pattern yet, but it could be a sign of spambots catching on.
Hi, list,
the DNS server of manitu.net, Germany, currently the only server hosting
the iXhash blacklist @ ix.dnsbl.manitu.net, is apparently being ddos'ed.
Admins using the iXhash plugin should either temporarily disable using
that server or request being included in a whitelist the provider has
[EMAIL PROTECTED] schrieb:
Hi, list,
the DNS server of manitu.net, Germany, currently the only server hosting
the iXhash blacklist @ ix.dnsbl.manitu.net, is apparently being ddos'ed.
Admins using the iXhash plugin should either temporarily disable using
that server or request being included in
[EMAIL PROTECTED] schrieb:
Hi, list,
the DNS server of manitu.net, Germany, currently the only server hosting
the iXhash blacklist @ ix.dnsbl.manitu.net, is apparently being ddos'ed.
Admins using the iXhash plugin should either temporarily disable using
that server or request being included in
On Fri, Jun 15, 2007 at 10:00:43AM -0400, Michael B Allen wrote:
X-Spam-Status: Yes, score=5.3 required=5.0 tests=AWL autolearn=no
version=3.1.9
X-Spam-Report:
* 5.3 AWL AWL: From: address is in the auto white-list
I don't see an explaination. Where is the explaination?
It's
Michael B Allen wrote:
Hi,
I just installed SA on a stock CentOS 5 machine. I forwarded a spam to it
and it worked. Then I sent a very short hi message that I would expect
should make it through but it did not.
From looking at the X-Spam headers:
X-Spam-Status: Yes, score=5.3
The subject says it. I installed 3.2.1 on Windows Server 2003 with
ActivePerl 5.8.8.820 yesterday. No problems since installing. Good job
as usual.
Bret
Terry Soucy wrote:
In the testing we have done here, less than 1% of connections to our low
priority MX actually cycled around to one of the higher priority MX
systems to deliver the message. I'm still not sure if this is a growing
pattern yet, but it could be a sign of spambots catching on.
Marc Perkel wrote:
Terry Soucy wrote:
In the testing we have done here, less than 1% of connections to our low
priority MX actually cycled around to one of the higher priority MX
systems to deliver the message. I'm still not sure if this is a growing
pattern yet, but it could be a sign of
On Fri, 15 Jun 2007 11:42:43 -0400
Theo Van Dinter [EMAIL PROTECTED] wrote:
On Fri, Jun 15, 2007 at 10:00:43AM -0400, Michael B Allen wrote:
X-Spam-Status: Yes, score=5.3 required=5.0 tests=AWL autolearn=no
version=3.1.9
X-Spam-Report:
* 5.3 AWL AWL: From: address is in the
[EMAIL PROTECTED] schrieb:
BTW: at one time I was quite happy with some pre-filtering on my private mail
(which is
fetchmail ultimately feeding to SA) until I found that SA would no longer
recognize some
spam in the bayes section. So, if capacity permits, it might be a good idea to
feed (a
[EMAIL PROTECTED] wrote:
Hi, list,
the DNS server of manitu.net, Germany, currently the only server hosting
the iXhash blacklist @ ix.dnsbl.manitu.net, is apparently being ddos'ed.
Admins using the iXhash plugin should either temporarily disable using
that server or request being included in
Marc Perkel schrieb:
Dude - that sucks! Anything I can do to help?
Guess in the long term it might be a good idea if someone provided a
second level i.e. non-rootzone alternate dns server that provides data
from all 3 companies that use the IXhash system.
Unfortunately i'm not good with
I'm trying out a new idea for blacklisting hosts. I have
several email
servers for processing spam. These servers service my lowered
numbered
As others said, not a good idea.
Don't bother BL isting them, if they hit your dummy mx record, they die,
don't retry, and
Richard Frovarp wrote:
Marc Perkel wrote:
Terry Soucy wrote:
In the testing we have done here, less than 1% of connections to our
low
priority MX actually cycled around to one of the higher priority MX
systems to deliver the message. I'm still not sure if this is a
growing
pattern yet,
On Jun 15, 2007, at 9:06 AM, [EMAIL PROTECTED] wrote:
A simpler approach might be to blacklist senders that try multiple
non-existent recipients,
regardless of mx priority
In Postfix I tarpit after the first bad recipient and eventually
disconnect. That's cut things down quite a bit.
Jerry Durand schrieb:
I have a few spamtrap addresses that feed directly to sa-learn. Seems
to work pretty well.
I do almost the same, but i first check email coming into the spamtraps
and require a score of 2 before learning it to avoid poisening my bayes
in case a real ham should come
Marc Perkel wrote:
I'm trying out a new idea for blacklisting hosts. I have several email
servers for processing spam. These servers service my lowered numbered
MX records. I also have several dummy mx records that are higher
numbered than my real servers. So in theory no one should ever
Marc Perkel wrote:
Richard Frovarp wrote:
Marc Perkel wrote:
Terry Soucy wrote:
In the testing we have done here, less than 1% of connections to
our low
priority MX actually cycled around to one of the higher priority MX
systems to deliver the message. I'm still not sure if this is a
Eric W. Bates wrote:
-BEGIN PGP SIGNED MESSAGE-
Also, you do have re2c version .12.0 or better, right?
pkg_info -cQ 're2c=0.12.0'
Nope. Current FreeBSD port is pushing version 0.11.1. I can update
that manually without a lot of trouble (sent a note to the maintainer)
but
Mark Martinec wrote the following on 6/15/2007 3:36 AM -0800:
Phil, Bill,
Mark, I patched Dns.pm but this didn't resolve the issue for me.
You can test with the sample messages I posted to bugzilla:
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5506
I was getting this
Richard Frovarp wrote:
I've heard Exchange and Notes/Domino in the past. I don't know if there
is any truth to this or not.
I swear Domino did/does it so that they can claim faster queue clearing
times.
In any case, be aware that caching of your involved MX and A records can
have drastic
I installed both patches and still get errors in some of the dnsbl
tests. Here is a possibly relevant section of t/log/d.dns/1 from a
system where the test succeeded:
[27718] dbg: check: running tests for priority: 500
[27718] dbg: async: select found 1 socks ready
[27718] dbg: uridnsbl:
Bill,
There is now an additional patch at:
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5511
which should fix this.
Mark, thanks for the patches. However, even with both Dns.pm patches
applied, unless I set rbl_timeout to a high enough time interval, SA
still misses the
Juergen Georgi wrote:
Hi,
I am wondering if bad things happen in case multiple
instances of sa-update run at the same time, e.g. if a
manual call interferes with a call invoked by cron in
background.
As I understand the code, sa-update downloads any new
rules into a temporary directory
...a bug pause here...
bug - big
(29 seconds)
On Fri, 15 Jun 2007, WLamotte wrote:
Sorry if this is an obvious question but why isn't there an option
for Spamassassin to bounce spam?
To boil down the responses: because SA is a scoring tool, only.
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
[EMAIL PROTECTED]
Mark Martinec wrote the following on 6/15/2007 10:41 AM -0800:
Bill,
There is now an additional patch at:
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5511
which should fix this.
Mark, thanks for the patches. However, even with both Dns.pm patches
applied, unless I
How did you setup your spamtrap address with postfix.. Do you have them
delivered after they are scanned by spamassassin or do you scan them and
send them on from there? If you bypass SA, how are you doing that?
If you don't mind, what tarpit settings are you using?
I am using the following:
Bill,
The problem is that Botnet uses Net::DNS::Resolver's default retry and
timeout values, which are way too high.
Spamassassin's DnsResolver.pm uses these values:
udp_timeout:3
tcp_timeout:3
retrans:0
retry:1
try
export RES_OPTIONS=udp_timeout:3 tcp_timeout:3 retrans:0 retry:1
Spamassassin to bounce spam? Sure it does a good job at filtering spam but I
don't want it from my web(mail)server to my inbox. I want my web- or
mailserver to bounce suspected spam. Is this a feature that could be
implemented?
Bounce spam? Are you nuts? This is as worse as the spammers
Randal, Phil wrote the following on 6/15/2007 2:08 PM -0800:
Bill,
The problem is that Botnet uses Net::DNS::Resolver's default retry and
timeout values, which are way too high.
Spamassassin's DnsResolver.pm uses these values:
udp_timeout:3
tcp_timeout:3
retrans:0
retry:1
try
Bill,
Hmmm, once I patched the correct SA version Dns.pm file, Mark's patches
worked fine. However, perhaps my error caused Mark to find a bug, as
noted by his follow-up e-mail, which might have gone undetected
otherwise. :-)
Indeed, thanks! (but there were two other similar reports as
Mark Martinec wrote the following on 6/15/2007 2:34 PM -0800:
So far so good with Mark's patches - although I am awaiting his
follow-up regarding a possible bug...
Not sure I understand this. My fixes make SA more robust when
plugins misbehave. The Botnet problem still causes the mail
On Fri, 2007-06-15 at 22:08 +0100, Randal, Phil wrote:
Bill,
The problem is that Botnet uses Net::DNS::Resolver's default retry and
timeout values, which are way too high.
Spamassassin's DnsResolver.pm uses these values:
udp_timeout:3
tcp_timeout:3
retrans:0
retry:1
And a
Bill Landry wrote:
Also, I'm not sure if John Rudd is still supporting Botnet or not, since
I have sent him 3 e-mails to the address listed in Botnet.pm off-list
over the past week about this, and asked him if he would consider adding
user configurable timeout values, but have not received
John Rudd wrote:
Bill Landry wrote:
Also, I'm not sure if John Rudd is still supporting Botnet or not,
since I have sent him 3 e-mails to the address listed in Botnet.pm
off-list over the past week about this, and asked him if he would
consider adding user configurable timeout values, but
John Rudd wrote the following on 6/15/2007 3:00 PM -0800:
Bill Landry wrote:
Also, I'm not sure if John Rudd is still supporting Botnet or not,
since I have sent him 3 e-mails to the address listed in Botnet.pm
off-list over the past week about this, and asked him if he would
consider
Daniel J McDonald wrote the following on 6/15/2007 2:54 PM -0800:
On Fri, 2007-06-15 at 22:08 +0100, Randal, Phil wrote:
Bill,
The problem is that Botnet uses Net::DNS::Resolver's default retry and
timeout values, which are way too high.
Spamassassin's DnsResolver.pm uses these values:
On Fri, 2007-06-15 at 15:27 -0700, Bill Landry wrote:
Daniel J McDonald wrote the following on 6/15/2007 2:54 PM -0800:
On Fri, 2007-06-15 at 22:08 +0100, Randal, Phil wrote:
And a few others... Might as well be completely consistent. Try this
patch:
--- Botnet.pm.orig 2007-06-15
Daniel J McDonald wrote the following on 6/15/2007 3:37 PM -0800:
On Fri, 2007-06-15 at 15:27 -0700, Bill Landry wrote:
Daniel J McDonald wrote the following on 6/15/2007 2:54 PM -0800:
On Fri, 2007-06-15 at 22:08 +0100, Randal, Phil wrote:
And a few others... Might as well be
Bret Miller wrote:
The subject says it. I installed 3.2.1 on Windows Server 2003 with
ActivePerl 5.8.8.820 yesterday. No problems since installing. Good job
as usual.
Similar result under Cygwin installing from the source package (over an old cpan
install), plus sa-compile (with some manual
WLamotte wrote:
Sorry if this is an obvious question but why isn't there an option for
Spamassassin to bounce spam? Sure it does a good job at filtering spam but I
don't want it from my web(mail)server to my inbox. I want my web- or
mailserver to bounce suspected spam. Is this a feature that
69 matches
Mail list logo