Re: Good reasons to dont use RBLs

On 12-Nov-2009, at 21:55, McDonald, Dan wrote: > On 11/12/09 9:42 PM , > luis.daniel.lu...@gmail.com wrote: >> Again me, Well, in the security scope i use a principle that states that >> you > souldnt use a lower layer solution to fix a >higher one. So SPAM is a Layer > 7 >> problem that is u

Re: Good reasons to dont use RBLs

On 11/12/09 9:42 PM , luis.daniel.lu...@gmail.com wrote: >Again me, Well, in the security scope i use a principle that states that you souldnt use a lower layer solution to fix a >higher one. So SPAM is a Layer 7 >problem that is used to fixed with a Layer 3 solution (RBL). So, worms like co

Re: Good reasons to dont use RBLs

On 11/12/2009 10:50 PM, LuKreme wrote: On 12-Nov-2009, at 20:41, Luis Daniel Lucio Quiroz wrote: I'd like a brainstorm to convince that a RBL solution is not the best stoping SPAM, and we should look for L7 solution such as Bayes. I reject the notion that spam is a L7 problem. It is more of

Re: Good reasons to dont use RBLs

On 12-Nov-2009, at 20:41, Luis Daniel Lucio Quiroz wrote: > I'd like a brainstorm to convince that a RBL solution is not the best stoping > SPAM, and we should look for L7 solution such as Bayes. I reject the notion that spam is a L7 problem. -- Ninety percent of true love is acute, ear-burnin

Good reasons to dont use RBLs

Hi all, Again me, Well, in the security scope i use a principle that states that you souldnt use a lower layer solution to fix a higher one. So SPAM is a Layer 7 problem that is used to fixed with a Layer 3 solution (RBL). I'd like a brainstorm to convince that a RBL solution is not the bes

Re: Relation bettwen MAIL FROM: <> and From:

Le jeudi 12 novembre 2009 20:28:51, David B Funk a écrit : > If you search the archives of this list you will find a long-winded > discussion of this idea and an explanation of why it is a bad idea. > > To make a long story short, you will block lots of legitimate mail > including almost every mai

Re: Relation bettwen MAIL FROM: <> and From:

Luis Daniel Lucio Quiroz wrote: > > Hi All, > > I'm wondering if some know is this is possible to stop using SA. Look. > MAIL FROM and From: are commonly mismatched in legitimate mail. For example, every message that you receive from this list (and every other sanely configured mailing list) will

Re: Relation bettwen MAIL FROM: <> and From:

If you search the archives of this list you will find a long-winded discussion of this idea and an explanation of why it is a bad idea. To make a long story short, you will block lots of legitimate mail including almost every mail-list type message. For example, check the Header-From and Envelope-

Relation bettwen MAIL FROM: <> and From:

Hi All, I'm wondering if some know is this is possible to stop using SA. Look. [r...@cyrus postfix]# telnet localhost 25 Trying 127.0.0.1... Connected to cyrus.sat.gob.mx (127.0.0.1). Escape character is '^]'. 220 mx2.sat.gob.mx ESMTP Postfix EHLO

Apparently, we're talking about non-Windows viruses now...

There are several academic viruses for non-Windows systems out there, plus maybe a few actual ones. The rest are all just exploits and root-kits that typically don't fall into the "virus" category. Non-Windows-based worms are almost exclusive to Apache (and within that category, heavily favoring P

Re: use passwd file to control senders

Martin Gregorie wrote: > Do we know the OIP is using sendmail? Yes. Here's a quote: >> I'm using SpamAssassin 3.2.3, milter-limit and sendmail > Postfix checks local recipients against /etc/passwd and /etc/aliases by > default. It can also be configured to apply the same checks to local > sender

Re: use passwd file to control senders

At 04:19 PM 11/12/2009, you wrote: Do we know the OIP is using sendmail? The OP has seem to just disappeared (nabble...) but from their post: "using SpamAssassin 3.2.3, milter-limit and sendmail"

Re: use passwd file to control senders

On Thu, 2009-11-12 at 18:07 -0500, Adam Katz wrote: > Neroxyr may have been asking something else. Is this regarding mail > *received* from unknown senders? Do you want to check for forged > senders? Do you want to check for invalid recipients? > > Forgery can be mitigated with SPF* and/or DKIM

Re: use passwd file to control senders

Neroxyr started: >>> our internal mail server has encountered some unknown senders >>> and we want to control them by validating the users that are in >>> the passwd file Chris Hoogendyk wrote: > make sure you are not an open relay, and you want your own users to > have to authenticate to send mai

Re: [Fwd: Re: Getting off the "Cloudmark" formerly "spamnet" blacklist]

Ted Mittelstaedt wrote: PS, if your really the SA porter, thanks for your effort! easy enough to verify: -- Michael Scheidell, CTO Phone: 561-999-5000, x 1259 > *| *SECNAP Network Security Corporation * Certified S

Re: spamd SIGCHLD

> "L" == LuKreme writes: L> I guess I just don't understand what these various notes mean. II? L> BB? BBSI? lib/Mail/SpamAssassin/SpamdForkScaling.pm, look for $statestr. I=idle, B=busy, K=killed, E=error, S=starting, Z="GOT_SIGCHLD" (probably zombie), ?=anything else. - J<

Re: spamd SIGCHLD

On 12-Nov-2009, at 10:12, Matus UHLAR - fantomas wrote: >> spamd[10989]: prefork: child states: BB >> spamd[10989]: prefork: child states: BBI >> spamd[10989]: prefork: child states: BBII >> spamd[10989]: prefork: child states: BBS >> spamd[10989]: prefork: child states: BBSI >> spamd[10989]:

Re: [Fwd: Re: Getting off the "Cloudmark" formerly "spamnet" blacklist]

John Hardin wrote: On Thu, 12 Nov 2009, Ted Mittelstaedt wrote: Chris Hoogendyk wrote: I also heard stories of my son doing battle with hackers who had gotten into his Linux system. Keep in mind that those were not the Linus-written Linux programs, those were programs like Telnet, Sendma

Re: [Fwd: Re: Getting off the "Cloudmark" formerly "spamnet" blacklist]

Michael Scheidell wrote: Ted Mittelstaedt wrote: Giampaolo Tomassoni wrote: Dream on. Obviously your a pro-Windows person and anti-Linux person and you cannot tolerate your image of Windows being torn down. I seriously doubt Giampaolo is 'pro-windows', and your argument started with me, thin

RE: spamd SIGCHLD

On Thu, 12 Nov 2009, Jose Luis Marin Perez wrote: > > Thanks Bowie, > > It would be good idea to increase the maximum amount of SPARE? > > Thanks > > Jose Luis > > > Date: Wed, 11 Nov 2009 15:30:58 -0500 > > From: bowie_bai...@buc.com > > To: users@spamassassin.apache.org > > Subject: Re: spamd SI

Re: [Fwd: Re: Getting off the "Cloudmark" formerly "spamnet" blacklist]

On Thu, 12 Nov 2009, Ted Mittelstaedt wrote: Chris Hoogendyk wrote: I also heard stories of my son doing battle with hackers who had gotten into his Linux system. Keep in mind that those were not the Linus-written Linux programs, those were programs like Telnet, Sendmail, etc. which preda

Re: use passwd file to control senders

Evan Platt wrote: At 10:58 AM 11/12/2009, neroxyr wrote: Hi, i've searching all over the net, yet I can't find a solution for the problem I have. Let me explain it to you: Over the past months, our internal mail server has encountered some unknown senders and we want to control them by val

Re: [Fwd: Re: Getting off the "Cloudmark" formerly "spamnet" blacklist]

Chris Hoogendyk wrote: Ted Mittelstaedt wrote: LuKreme wrote: On 11-Nov-2009, at 18:34, Ted Mittelstaedt wrote: I will point out that MacOS 7, os* & os9 were HIGHLY virus-prone, yet there were far fewer of them than OSX today. Er… that is simply not true. Not in anyway. As I recall, there

Re: use passwd file to control senders

At 10:58 AM 11/12/2009, neroxyr wrote: Hi, i've searching all over the net, yet I can't find a solution for the problem I have. Let me explain it to you: Over the past months, our internal mail server has encountered some unknown senders and we want to control them by validating the users that a

use passwd file to control senders

Hi, i've searching all over the net, yet I can't find a solution for the problem I have. Let me explain it to you: Over the past months, our internal mail server has encountered some unknown senders and we want to control them by validating the users that are in the passwd file, can it be done? I'

Re: [Fwd: Re: Getting off the "Cloudmark" formerly "spamnet" blacklist]

Ted Mittelstaedt wrote: LuKreme wrote: On 11-Nov-2009, at 18:34, Ted Mittelstaedt wrote: I will point out that MacOS 7, os* & os9 were HIGHLY virus-prone, yet there were far fewer of them than OSX today. Er… that is simply not true. Not in anyway. As I recall, there were a total of 31 viru

Re: [Fwd: Re: Getting off the "Cloudmark" formerly "spamnet" blacklist]

LuKreme wrote: On 11-Nov-2009, at 18:34, Ted Mittelstaedt wrote: I will point out that MacOS 7, os* & os9 were HIGHLY virus-prone, yet there were far fewer of them than OSX today. Er… that is simply not true. Not in anyway. As I recall, there were a total of 31 viruses for System 7 and one C

Re: spamd SIGCHLD

> On 12-Nov-2009, at 09:27, Matus UHLAR - fantomas wrote: > > > Ops, "child" of course. Unless you need many spamd processes, you don't need > > many spare spamd's. On 12.11.09 09:58, LuKreme wrote: > I see things like: > > spamd[10989]: prefork: child states: BB > spamd[10989]: prefork: child

Re: spamd SIGCHLD

On 12-Nov-2009, at 09:27, Matus UHLAR - fantomas wrote: > Ops, "child" of course. Unless you need many spamd processes, you don't need > many spare spamd's. I see things like: spamd[10989]: prefork: child states: BB spamd[10989]: prefork: child states: BBI spamd[10989]: prefork: child states:

SA EXTRA MPART TYPE

Hi, a lot of mails end up with this code. Checking through one of them (sent from outlook express), probably the Content-type following the MIME version is the only one that could be responsible. Could someone confirm that this is the trouble spot - and how should the header really read? Wol

Re: spamd SIGCHLD

> On 12.11.09 10:09, Jose Luis Marin Perez wrote: > > I have increased the maximum amount of SPARE to 5 (--max-spare=5) and I'm > > monitoring the behavior of the RAM and SWAP. On 12.11.09 16:34, Matus UHLAR - fantomas wrote: > grep your spamd log for 'shild' to have some hints how much of childs

Re: More of a philosophical question

Philip A. Prindeville wrote: And I report this to Yahoo!. They then answer: We understand your frustration in receiving unsolicited email. While we investigate all reported violations against the Yahoo! Terms of Service (TOS), in this particular case the message you received was n

Re: spamd SIGCHLD

On 12.11.09 10:09, Jose Luis Marin Perez wrote: > I have increased the maximum amount of SPARE to 5 (--max-spare=5) and I'm > monitoring the behavior of the RAM and SWAP. grep your spamd log for 'shild' to have some hints how much of childs do you need. -- Matus UHLAR - fantomas, uh...@fantomas.

RE: spamd SIGCHLD

Dear Bowie, I have increased the maximum amount of SPARE to 5 (--max-spare=5) and I'm monitoring the behavior of the RAM and SWAP. Thanks Jose Luis > Date: Thu, 12 Nov 2009 09:42:36 -0500 > From: bowie_bai...@buc.com > To: users@spamassassin.apache.org > Subject: Re: spamd SIGCHLD > > Jose

RE: spamd SIGCHLD

Dear John, Thanks, now I have the concept more clear about this. Jose Luis I'm more clear about this. > Date: Thu, 12 Nov 2009 06:39:08 -0800 > From: jhar...@impsec.org > To: users@spamassassin.apache.org > CC: bowie_bai...@buc.com > Subject: RE: spamd SIGCHLD > > On Thu, 12 Nov 2009, Jose L

Re: spamd SIGCHLD

Jose Luis Marin Perez wrote: > > > Date: Wed, 11 Nov 2009 15:30:58 -0500 > > From: bowie_bai...@buc.com > > To: users@spamassassin.apache.org > > Subject: Re: spamd SIGCHLD > > > > > > This is just the normal child cleanup. You have set a maximum of 2 idle > > children, so when there were 3, it kil

RE: spamd SIGCHLD

On Thu, 12 Nov 2009, Jose Luis Marin Perez wrote: It would be good idea to increase the maximum amount of SPARE? Not just to make the SIGCHLD warnings go away. The decision is based on your email volume and available resources (CPU, RAM, etc.) Take a look at your memory allocation and swap

RE: spamd SIGCHLD

Thanks Bowie, It would be good idea to increase the maximum amount of SPARE? Thanks Jose Luis > Date: Wed, 11 Nov 2009 15:30:58 -0500 > From: bowie_bai...@buc.com > To: users@spamassassin.apache.org > Subject: Re: spamd SIGCHLD > > Jose Luis Marin Perez wrote: > > Dear Sir, > > > > Some add

Re: [Fwd: Re: Getting off the "Cloudmark" formerly "spamnet" blacklist]

Ted Mittelstaedt wrote: Giampaolo Tomassoni wrote: Dream on. Obviously your a pro-Windows person and anti-Linux person and you cannot tolerate your image of Windows being torn down. I seriously doubt Giampaolo is 'pro-windows', and your argument started with me, thinking that somehow I was pr

Re: [sa] More of a philosophical question

> On Wed, 11 Nov 2009, Philip A. Prindeville wrote: >> Return-Path: >> Received: from web.biz.mail.sk1.yahoo.com On 11.11.09 17:15, Charles Gregory wrote: > The 'not from our server' response makes me think that Yahell needs > to update their e-mail response robot. > > A while ago Yahell

Re: More of a philosophical question

On Thu, 2009-11-12 at 02:54 +, RW wrote: > On Thu, 12 Nov 2009 01:45:00 +0100 > Mark Martinec wrote: > > > > The IP address is not registered as belonging to Yahoo. > > The message is also missing their DKIM and DK signatures. > > OTOH it does have full-circle dns that ends in yahoo.com. >