# 2005/07/29, http://www.apnic.net/db/ranges.html
header RCVD_VIA_APNIC Received =~
/[^0-9.](?:5[89]|6[01]|12[456]|20[23]|21[0189]|22[012])(?:\.[012]?[0-9]{1,2}){3}(?:\]|\)|
)/
describe RCVD_VIA_APNIC Received through a relay in Asia/Pacific Network
Adam Katz had this rule in one of his
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Benny Pedersen a écrit :
On tor 01 okt 2009 18:09:38 CEST, to...@starbridge.org wrote
thank for your answers. It's done:
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6214
also
spamassassin 21 -D -t msg output.log and another time
On fre 02 okt 2009 04:47:56 CEST, Steven W. Orr wrote
I have all my SA tables up and running using InnoDB and using the
above table definitions. I just have one question:
Will the cronjob that was described here earlier
#!/bin/sh
howfar='where lastupdate date_sub(now(), interval 3 month)'
Hi,
When I add the string like:
whitelist_from s...@domain.mail
it works OK.
But:
whitelist_from_rcvd s...@domain.mail prefix.domain.mail
doesn't work.
I've checked rDNS of the prefix.domain.mail with 'host' utility - it's
all right.
And the appropriate mail header seems to be correct:
On fre 02 okt 2009 10:34:55 CEST, Igor Bogomazov wrote
And the appropriate mail header seems to be correct:
Received: from prefix.domain.mail (unknown [12.12.12.12])
What's the matter?
unknown reverse dns is postfix answer for not found reverse dns, so
host was in the test you did wrong
From: Igor Bogomazov b...@hl.ru
Date: Fri, 2 Oct 2009 12:34:55 +0400
When I add the string like:
whitelist_from s...@domain.mail
it works OK.
But:
whitelist_from_rcvd s...@domain.mail prefix.domain.mail
doesn't work.
I've checked rDNS of the
On Fri, 2 Oct 2009, Igor Bogomazov wrote:
whitelist_from_rcvd s...@domain.mail prefix.domain.mail
doesn't work.
I've checked rDNS of the prefix.domain.mail with 'host' utility - it's
all right.
You don't check rDNS using host, you check it using dig -x
host.ip.addr.here
And the
On Thu, 1 Oct 2009, empiric wrote:
Oct 1 13:22:39 mail postfix/smtp[17579]: E0EAD19B349:
to=u...@example.com, relay=mail.example.com[10.65.200.72]:25, delay=7.1,
delays=0.09/0/0.01/7, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as
3DD1212B701)
None of that really logs useful information to
I have some questions:
- How to calculate the amount of memory and CPU used by each process Spamd?
- Approximately 85% of spam are in Spanish, this can be a problem for
SpamAssassin?
- Which tool can I use to get statistics of SpamAssassin, I am currently using
the script sa-stats.pl.
John Hardin wrote:
You don't check rDNS using host, you check it using dig -x
host.ip.addr.here
Actually, unless your DNS configuration is doing something bizarre, they
should give back the same basic info - dig is just a lot more verbose:
[kdeu...@turboprop ~]$ host 209.91.179.62
On Thu, 1 Oct 2009 18:54:40 -0600
LuKreme krem...@kreme.com wrote:
On Oct 1, 2009, at 18:36, Karsten Bräckelmann
guent...@rudersport.de wrote:
Same for RCVD_IN_DNSWL. If it positively matches, it either it is
correct, or wrong. A false positive is a match, that is wrong. No
matter
John Hardin wrote:
On Fri, 2 Oct 2009, Igor Bogomazov wrote:
whitelist_from_rcvd s...@domain.mail prefix.domain.mail
doesn't work.
I've checked rDNS of the prefix.domain.mail with 'host' utility - it's
all right.
You don't check rDNS using host, you check it using dig -x
On Fri, 2 Oct 2009, Kris Deugau wrote:
John Hardin wrote:
You don't check rDNS using host, you check it using dig -x
host.ip.addr.here
Actually, unless your DNS configuration is doing something bizarre, they
should give back the same basic info - dig is just a lot more verbose:
-kgd,
On Fri, 2 Oct 2009, Jose Luis Marin Perez wrote:
- Approximately 85% of spam are in Spanish, this can be a problem for
SpamAssassin?
Possibly. Most of the default rules and most third-party rules are for
English. This would tend to reduce your hit rate, but a properly-trained
Bayes would
On Fri, 2 Oct 2009, RW wrote:
However, if you want to be understood you need to speak the Lingua
Franca. If you choose to use a term differently than everyone else
you WILL be misunderstood and corrected.
If everyone calls an apple an orange, then yeah, it's an orange.
A false match on a
I have recently updated to 3.2.4 - for some reason my required_score keeps
reverting to 5, basically ignoring or everriding the settings in local.cf.
The ruleset 10_default_prefs.cf has these settings, and this is where it
appears to come from. While I have commented out the offending
Hi All,
Regarding the .cn oddity, I added these to my rules, and of about 79k
messages today so far, I have the following:
uri LOC_URI_CN m;^https?://[^/?]+\.cn\b;
uri T_CN_8_URL /[\/.]+\w{8}\.cn(?:$|\/|\?)/i
LOC_URI_CN: 2926
T_CN_8_URL: 1634
HTH,
Alex
On Fri, 2 Oct 2009, Jefferson Davis wrote:
I have recently updated to 3.2.4 - for some reason my required_score keeps
reverting to 5, basically ignoring or everriding the settings in local.cf.
Some Linux (presumed) disties have non-standard configuration
directories - but when you manually
Charles Gregory wrote:
On Fri, 2 Oct 2009, RW wrote:
However, if you want to be understood you need to speak the Lingua
Franca. If you choose to use a term differently than everyone else
you WILL be misunderstood and corrected.
If everyone calls an apple an orange, then yeah, it's an
Some just mentioned sa-stats.pl statistics, and I then wrote a script for me to
post daily stats for me into email.
This is not nuclear science, but I still share it.
It is HTML formatted because I use Outlook Express to read mail, but it is easy
to fix
The file is named so that it runs
not to be outdone by hackers and thieves, phishing for PPI, southwest
airlines is sending out their own DKIM signed, SPF PASSED, from their
own servers, their very own phishing email. (didn't one of the major
banks do something like this 3 years ago?)
all servers in the links are http (not
On Fri, 2 Oct 2009, Bill Landry wrote:
John Hardin wrote:
On Fri, 2 Oct 2009, Igor Bogomazov wrote:
I've checked rDNS of the prefix.domain.mail with 'host' utility - it's
all right.
You don't check rDNS using host, you check it using dig -x
host.ip.addr.here
Why not, they come up with
http://ruleqa.spamassassin.org/
If you are capable of processing your mail nightly in cron, why don't
you join the nightly mass check? You can help to test the rules and
make the sa-update channel better. We especially need non-English ham
in the nightly masscheck.
On Fri, 2009-10-02 at 20:45 +0300, Jari Fredriksson wrote:
Sendmail command is available with sendmail and postfix emailers,
dunno about others.
You don't need to use sendmail: if the cron job writes anything to
stdout (or stderr) this is automatically mailed to root.
If you'd rather that
On Fri, 2009-10-02 at 20:45 +0300, Jari Fredriksson wrote:
Sendmail command is available with sendmail and postfix
emailers, dunno about others.
You don't need to use sendmail: if the cron job writes
anything to stdout (or stderr) this is automatically
mailed to root.
If you'd rather
http://ruleqa.spamassassin.org/
If you are capable of processing your mail nightly in
cron, why don't you join the nightly mass check? You can
help to test the rules and make the sa-update channel
better. We especially need non-English ham in the
nightly masscheck.
http://ruleqa.spamassassin.org/
If you are capable of processing your mail nightly in
cron, why don't you join the nightly mass check? You can
help to test the rules and make the sa-update channel
better. We especially need non-English ham in the
nightly masscheck.
On 10/02/09 13:52, quoth Michael Scheidell:
not to be outdone by hackers and thieves, phishing for PPI, southwest
airlines is sending out their own DKIM signed, SPF PASSED, from their own
servers, their very own phishing email. (didn't one of the major banks do
something like this 3 years
Steven W. Orr wrote:
On 10/02/09 13:52, quoth Michael Scheidell:
not to be outdone by hackers and thieves, phishing for PPI, southwest
airlines is sending out their own DKIM signed, SPF PASSED, from their own
servers, their very own phishing email. (didn't one of the major banks do
On Fri, 2009-10-02 at 21:33 +0300, Jari Fredriksson wrote:
On Fri, 2009-10-02 at 20:45 +0300, Jari Fredriksson wrote:
Sendmail command is available with sendmail and postfix
emailers, dunno about others.
You don't need to use sendmail: if the cron job writes
anything to stdout (or
On Fri, 2009-10-02 at 13:52 -0400, Michael Scheidell wrote:
not to be outdone by hackers and thieves, phishing for PPI, southwest
airlines is sending out their own DKIM signed, SPF PASSED, from their
own servers, their very own phishing email. (didn't one of the major
banks do something
My employer's travel department just sent out a memo asking for the same
information. No reference to Southwest Airlines in the memo.
Coincidence?
--
Art Greenberg
a...@eclipse.net
On fre 02 okt 2009 21:42:22 CEST, Michael Scheidell wrote
southwest's phone has a 1 hour hold time.
nope, in time waiting do this spamassassin 21 -D -t msg | grep
domain | less
what domains is listed ?, some trd party domains that does not use
known nameserver ?, eg why would a airliner
On Fri, 2009-10-02 at 15:42 -0400, Michael Scheidell wrote:
it REALLY looks like someone at southwest had this done.
its stupid.. it encourages users to disclose private data over an
insecure channel, and whoever authorized this (if its southwest) needs
a LONG vacation.
Should somebody ask
Benny Pedersen wrote:
On fre 02 okt 2009 21:42:22 CEST, Michael Scheidell wrote
southwest's phone has a 1 hour hold time.
nope, in time waiting do this spamassassin 21 -D -t msg | grep
domain | less
what domains is listed ?, some trd party domains that does not use
known nameserver ?, eg
from other that have see this email from other airlines:
(and, sw needs to protect my PPI by using SSL servers, not plain text
servers that belong to a marketing company)
Is the TSA “trying to scare me into providing personal information”?
June 2, 2009
Secure Flight. Just the mention of
On fre 02 okt 2009 22:03:23 CEST, Michael Scheidell wrote
still doesn't answer, dkim signed, spf passes, all domains end in
.southwest.com
then some using a smtp auth or hacked computer inside, or dkim-sign
any mails ?
send to abuse at theredomain dot tld, yes its a grey area where one
like
On Fri, 2009-10-02 at 21:33 +0300, Jari Fredriksson wrote:
On Fri, 2009-10-02 at 20:45 +0300, Jari Fredriksson
wrote:
Sendmail command is available with sendmail and postfix
emailers, dunno about others.
You don't need to use sendmail: if the cron job writes
anything to stdout (or
On Fri, 2009-10-02 at 23:28 +0300, Jari Fredriksson wrote:
There is a blank line between Content-Type and Hello, but the
Content-Type line WILL get to the body, and the html gets injected
after it as raw html code, not as html (because the actual content
type will be text not html).
Cron
On Fri, 2009-10-02 at 23:28 +0300, Jari Fredriksson wrote:
There is a blank line between Content-Type and Hello,
but the Content-Type line WILL get to the body, and the
html gets injected after it as raw html code, not as
html (because the actual content type will be text not
html).
Cron
Warren Togami wrote:
# 2005/07/29, http://www.apnic.net/db/ranges.html
header RCVD_VIA_APNIC Received =~
/[^0-9.](?:5[89]|6[01]|12[456]|20[23]|21[0189]|22[012])(?:\.[012]?[0-9]{1,2}){3}(?:\]|\)|
)/
describe RCVD_VIA_APNIC Received through a relay in Asia/Pacific Network
Adam Katz
RW wrote:
On Fri, 02 Oct 2009 00:14:52 +0200
mouss mo...@ml.netoyen.net wrote:
RW wrote:
The term false-positive can apply to any test. A test for ham
that matches a spam is a false-positive, it's a matter of context.
spam too can be (re)defined. and actually any term. but it is assumed
Karsten Bräckelmann wrote:
On Fri, 2009-10-02 at 00:08 +0200, mouss wrote:
Karsten Bräckelmann wrote:
False positive. Something, that matches (positive) the criterion for a
certain test, but should not (false).
I stand to what I said.
I'm not surprised:)
you can certainly devise a
Benny Pedersen wrote:
On fre 02 okt 2009 22:03:23 CEST, Michael Scheidell wrote
still doesn't answer, dkim signed, spf passes, all domains end in
.southwest.com
then some using a smtp auth or hacked computer inside, or dkim-sign
any mails ?
SUPPRIZE.. its legit folks.
SF phone lines, and
Warren Togami wrote:
# 2005/07/29, http://www.apnic.net/db/ranges.html
header RCVD_VIA_APNIC Received =~
/[^0-9.](?:5[89]|6[01]|12[456]|20[23]|21[0189]|22[012])(?:\.[012]?[0-9]{1,2}){3}(?:\]|\)|
)/
describe RCVD_VIA_APNIC Received through a relay in Asia/Pacific Network
Adam Katz had
What causes a spamd 3.2.5 child process to be terminated by receiving a
SIGCHLD signal?
I've looked at the spamc and spamd manpages but there's no mention of
them there. I can't remember seeing them discussed on this maillist
either.
My last month's logs show 7 of them and I can't work out what
On Sat, 2009-10-03 at 00:03 +0300, Jari Fredriksson wrote:
This is something that I have no knowledge.
It was a surprise to me too!
Could you see the source format of the mail? I can't think anything
except it being in HTML format, as there is no AFAIK no other formats
for rich text in
On Sat, 2009-10-03 at 00:25 +0200, mouss wrote:
Karsten Bräckelmann wrote:
False positive. Something, that matches (positive) the criterion for a
certain test, but should not (false).
I stand to what I said.
I'm not surprised:)
;)
IFF you are talking about the black box that
On Sat, 03 Oct 2009 00:12:37 +0200
mouss mo...@ml.netoyen.net wrote:
RW wrote:
On Fri, 02 Oct 2009 00:14:52 +0200
mouss mo...@ml.netoyen.net wrote:
The source of your confusion is that you are mixing-up the
terminology of the overall classification and individual test
results.
On Sat, 2009-10-03 at 00:03 +0300, Jari Fredriksson wrote:
This is something that I have no knowledge.
It was a surprise to me too!
Could you see the source format of the mail? I can't
think anything except it being in HTML format, as there
is no AFAIK no other formats for rich text in
On Sat, 2009-10-03 at 03:57 +0300, Jari Fredriksson wrote:
But let us keep in mind that it is the client that renders the mail
for us to see.
it must be some format the the client must understand.
postfix.sendmail is not a client, and whatever it does must be
understandable by the client.
On 10/02/09 02:43, quoth Warren Togami:
# 2005/07/29, http://www.apnic.net/db/ranges.html header RCVD_VIA_APNIC
Received =~
/[^0-9.](?:5[89]|6[01]|12[456]|20[23]|21[0189]|22[012])(?:\.[012]?[0-9]{1,2}){3}(?:\]|\)|
)/ describe RCVD_VIA_APNIC Received through a relay in Asia/Pacific
Network
52 matches
Mail list logo