Should be blatantly obvious, but since you asked...
Lack of volunteer time, manpower or a paid position? Maybe
also a mass- check run, since this might have more overall
impact? Possibly?
i wouldnt know about the internal stuff you mentioned although i didnt
really ponder that.
is this DKIM-Reputation setup for any *general* current spamassassin
deployment or does it only work with certain MTA setups ???
i am asking because i believe what i saw was that Amavis was mentioned, and
nothing else.
TIA
- rh
i was checking a server the other day and i noticed a bunch of these in the
logs
from='=?utf-8?Q?Joe=20Blow?=
the Joe Blow part is what shows in the email as if it was a real name
i changed it so it was more exaple'ish
how should this be dealt with in a rule ?
i would take that rule and put
from='=?utf-8?Q?Joe=20Blow?=
how should this be dealt with in a rule ?
i would take that rule and put it in a meta combination
That's a perfectly valid way to encode text that contains
non-ASCII characters. Does it appear in mails that you know
are spam, and that did not score
But this is all *OT* and has no relevance to SA. Why this
list was spammed with an unscientific spin of a claim in the
first instance just shows the dark hand of Barracuda at work.
Richard,
i imagine you are far more knowledgable than me (and others) in most
respects re: spam
Richard Wrote:
No. Here is why. When someone posts a Barracuda send-up that
is questionable, it will still end up in the archives. It is,
therefore, relevant that any counter argument and supporting
material be archived with it for balance. My follow ups have
been entirely within the
i want to publicly apologize to richard and the list.
although i firmly stand behind what i posted, i should have done it off
list.
i ask richard and the list to please forgive me
thanks you
- rh
RW wrote:
The idea that I'm attacking you is just your paranoid fantasy.
RW,
there is a song in those last 4 words...
just need lyrics and a major recording star and you will be more wealthy !
- rh
Then why do it?
If it causes you frustration, is the time worthwhile?. Surely
readers of this list aren't expecting anyone to develop an
Aneurysm from dealing with non-subscribers to the list..
Cheers,
Mike
i seem to recall that the SA list software accepts submissions from
have many, or any of you folks on the list migrated your production servers
to the 3.3.0 alpha 2 or later release?
- rh
if spf_pass yes :-)
reject neotral and softfail for hotmail.com reduce it nicely
here without reject valid mail from hotmail, oh yes there is
still spam sent from hotmail that gets pass, but then its
surely more easy to complain it was not me
benny,
at what stage are you dealing
Sorry for the OT post, but the simscan list appears to be
completely dead and I need to figure this out. I've used
simscan in the past with no problems; I just can't figure out
what's happening to spam scoring higher than 6.0 but less
than 12.0, so anybody who's familiar with the
but it could be nice that sare rules was checked in the mass
check for 3.3.x to get the best rules out in new rule sets
or would some other try this ?
--
xpoint
Benny!
excellent idea in general...
will those in authority in SA team please act upon this and tell us in some
positive
RCVD_HOSTKARMA_BL Black
RCVD_HOSTKARMA_WL White
RCVD_HOSTKARMA_YL Yellow
RCVD_HOSTKARMA_BR Brown
OTOH, I really like these new names. My brain thinks less
hard to recognize them.
How do other people feel. Should we stick to his old names
with JMF in the Wiki or these new
Marc,
Could you please decide between the existing JMF rule names
or the above proposed HOSTKARMA names? It seems opinions are
split here.
Warren
warren,
marc already decided once, please dont give more choices...
you should have thought that out before putting the list in a
I'll note that he's the one that said he prefers HOSTKARMA
names, despite his own Wiki saying JMF.
Warren
Warren,
so noted...
:-)
his wiki and his entries in the SA wiki too...
and this isnt a witch hunt by any means...
you desiring to set it up and run it through the SA
marc
dont forget this one
http://wiki.apache.org/spamassassin/MarcPerkelsExperiments
- rh
_
From: Marc Perkel [mailto:m...@perkel.com]
snip
Yes - the wiki is updated.
I have no explanation,
Their supposed complaint is, they don't know *nix. But my
coworker and I manage those boxes, so even if one of us left,
there would be at least one person to run those boxes.
SA/ClamAV has been working great. Our BSD box sits in front
of the Exchange,
I grew up in Guadalajara and still have friends there, and in
'el De Effe' as well as scattered around a few other places
in Mexico and I can confirm this is simply not true. No one
uses all caps as a sign of respect.
I can't speak to other Latin American countries. Perhaps this
Probably because you are not short-circuiting on the whitelist. ;)
Any whitelist rule is just that -- a plain, ordinary rule.
With a score.
There is no magic, and other matching rules always can
overrule any other fraction of the equation.
If you *know* a given message is not
Funny, after the discussions yesterday, I did the same thing
only to wake up this morning with a mess of mis-marked
messages due to hits on hostkarma. Until I can do further
analysis, I've dropped RCVD_IN_HOSTKARMA_BL and
RCVD_IN_HOSTKARMA_WL to .001 and -.001 respectively.
jason
All I can say is that if these numbers were real or typical I
would be out of business.
perkel,
i might be wrong, yet it doesnt appear to me that Jari have enough mail
volume to have a reasonable statistical base...
- rh
i used to be able to use wget to easily download rules from jhardin and
other sandboxes
now with this new viewvc, it is a total pain in the backside to do anything.
how do we make it so it is easy to get the sandbox rules again?
- rh
I am running a qmail + simscan + spamassassin + clamav on a
centos 5.3.
Regards
s..a..l...@gmail,
there are many ways to do it...
you could try
@example.com
in your
/var/qmail/control/badmailfrom
might work... depending on some factors...
you could smtp reject above a certain
Any other DNSBL's out there that you folks use that are worth
comparing?
Warren Togami
wtog...@redhat.com
Warren,
ask michael scheidell... he has a list for you that is 100% effective...
:-)
- rh
Complaints liks this keep coming up for various whitelists.
The usage alternative I just suggested may solve this problem
for many people.
--
Rob McEwen
Mc,
what usage alternative?
- rh
here is a fine chance for everyone to vote on some new rule names...
ill seed it...
CONSTANT_PITA_BULK1
let's be creative now, it's Friday!
well, it is always Friday, but you get the point...
- rh
So, even though I cringe when I hear a name like Constant
Contact, it does serve a legitimate business need.
snip
Chris Hoogendyk
Chris,
-1
no disrespect to you intended, yet says who?
our general experience with Constant Contact is negative.
- rh
That domain name should earn an email that came through their
servers an additional 2.5 points IMO. It has been a thorn in
my side since 3, maybe 4 years now.
snip
--
Cheers, Gene
Gene,
and anyone else that cares to share please...
what are you using for your various rules to up
I wouldn't say they are perfect but they try to be. It's
close enough for my white list. They shut down abusers and
the opt out works.
marc,
we shouldnt have to opt out...
-rh
marc,
yes, yes it does make it spam if i have no idea who they are or why they are
emailing me and/or my clients.
it sure as all get out makes it spam.
marc, are you boozing or just tired?
- rh
Perhaps, but it doesn't make it spam.
It's amazing to me you have ANY Mac users as customers.
Tell you what, the guys down the hall from me run a
Mac-oriented hosting service, MacHighway.com. Refer your Mac
users there. They will not be treated as if they are 'dumb as
a stamp'.
LuKreme!!!
please fly my family over
some centos people are having a pub party and the kings and queens in
london
it might be over already based upon time difference from usa
maybe all of you could go there and drink beer and duke it out or something
constructive
;-
- rh
looking for theoretical and practical insight on general multi domain email
hosting type servers...
Q1) on high volume email servers, is it wise to expire more than once a day,
or is once a day the right amount so that once is not always in some form
of expiring ???
the setup questions is so
didnt anyone think that the emailBL project was good enough in adding an
extra factor of protection to continue development?
- rh
From: Hajdú Zoltán wrote
Then whos job? :) Habeas doesnt monitor Your Inbox.
If You have the time to write here just for 'flaming' against
a ~good concept...
...Maybe it would be a better idea to spend that time on
supporting them with Your feedback.
Cheers,
Hajdu,
we took a
just got spammed via constant contact via Aloha Communications Group on our
email lists email address from afrit...@aloha-com.ccsend.com
obviously trolling for email addresses
would the Constant Contact employee(s) and advocate on this list please kick
some hiney after you are done rolling
thanks Tara, not the hugest biggie...
yet since we are only on a few select lists and use this email address, i
figured several others on this list were getting it too
i did forward both to abuse at your site with headers
happy gobble gobble everyone!
- rh
I've got Compliance on it
uri LOCAL_URI_C_CONTACT m{constantcontact\.com\b}
score LOCAL_URI_C_CONTACT 12
describe LOCAL_URI_C_CONTACT contains link to
constant contact [dot] com
thanks Ned,
i do have a coupla companies that use CC for email so i wont totally whack.
they are
I'm interested in people's opinion of UCEPROTECT. I'm aware
of how it works, but even UCEPROTECT1 seems to catch an awful
lot of ham, and I wondered if I was doing something wrong.
I've set the score to 0.01 for now, while I watch and see how
it works here. What's a more reasonable
if it was just for me you would post it on maillists ? :)
thanks for clearify it, atleast for me
Benny,
sure we would! as ummm ...well, you know, you are just so lovable... :-)
seriously, and the reason you are so lovable is that even if i read some
(not all) of your posts over and
If you disagree with a particular entry on either the
(formerly Habeas) Safe list or the Certified list, we've made
it extremely easy for you to tell the people who operate
those lists. Hint: insulting me on this mailing list has no effect.
--
J.D. Falk jdf...@returnpath.net
From: LuKreme
Look, get a room. Or at least take this twisted courtship
dance offlist and spare us, please.
LuKreme,
certainly we understand your point here, yet what about accountability for
Return Path Inc (and other RPI companies) related rules in the default
Spamassassin configs?
I'm sure we would all live with the occasional true 'opt-in'
request, if we knew that the end result would be that it
would stifle spam by giving the legitimate mailers, the ones
whose mail we *want* anyway, a better chance to reach us.
- Charles
Charles,
Nyet, nyet, nyet... we
After all this debate about a negatively scored rule I'd
disable it anyway, because the spammers on the list will
target it specifically now, knowing it works well for them.
Stucki
Stucki,
it seems to me that you, of all people, would want a small negative or
positive score on that
forgive me for asking this in the middle of this thread yet in all
seriousness...
Q) what is the inverse of Spamassassin ?
i am quite certain that those in the know have spent a lot of time thinking
about HAM signatures.
maybe that isnt quite the right way to say the question...
so, what do
Nonsense. I had to score this list -2000 just to keep it from
scoring so darn high that it was hitting the 'automatic'
rejection at the SMTP gate before any of my whitelists could
function. Sometimes legit mail scores high. A 'truly clean
company' should be permitted to enjoy a
in the post there was mention of
- added or updated many rules; incomplete list in no particular order:
vbounce, lotsa_money, muchmoney, image spam, fill_this_form,
FreeMail...snipped
Q1)is there a location that shows the complete list at this time?
if not,
Q2) will there be a complete
This should be fairly easy to do: configure SA with the
language(s) you will accept and the ratio of misspellings to
total words that you'll accept as meaning 'unwanted language'
after numbers and HTML tags have been excluded from the
check. Apply the test to the whole body of a
perkel wrote:
I have yet to find ANY use for SPF. And SPF causes nothing but problems.
Marc,
why nothing but problems?
is a lot of your system mail forward orientated?
care to elaborate w/o going into the same old SPF diatribe?
maybe there is something useful you havent had the aha
i spose we are concerned about renames of rules although there are pry not
many of those...
the main concern would be duplicate rule(s) functionality based upon the
long lifespan of 3.2.5 and ummm sharing on the list and otherwise...
could be same function with different name etc
all will come
snip
But, as I said, I highly trust my well-placed contact who
vouches for emailreg.org, so I'm satisfied.
snip
--
Rob McEwen
Rob,
:-)
um you did say it a coupla times.
once was enough though right?
:-)
we know who *you* are, yet if you are going to reference this trusted well
Still doesn't answer my question. Perhaps I'm dense. But to
spell out my question more explicitly:
what do you mean by personal response spam? Is that just
Richard's on-list responses we've all seen? Or something
else? (did I miss that part of the conversation?). And what
do you
When running site wide, how do you get ham to train bayes? I
can manage spam by spam reporting and such, but getting ham
without breaching the privacy of our users is my problem.
raj
Raj,
one potential option is to setup bayes autolearn thresholds with proper
scores for your
Axb
PS: If JM posts a link to his Amazon wishlist, maybe we can
all help him decorate the new place :-)
+1
- rh
marc,
what if there is no RDNS ?
;-)
- rh
I'm the only one? Really? That doesn't jibe with my memory,
but I'm not scanning the entire list to prove you wrong.
Really?
Yeah, sorry, not buying it.
LuKreme et al,
you were not the only one much goes under or over the radar on the
list...
re those rules, we see 2 to 4
I believe on the whole Warren Togami's posting about a
whitelist performance on a masscheck settles the affair.
White lists are very reliable. They are also very unnecessary
within SpamAssassin. So perhaps the whole topic can die.
I also note that the people complaining about the white
as far as museum pieces go, i submit that my first was an Apple 2E if i
remember correctly..
BRUN BEERRUN
was an interesting game, or something to that effect... ;-)
...and (snore) i also programmed a helicopter to fly across the top and drop
a bomb on a space invader and go boom...
wow
The absolute, without a doubt, biggest POS I ever had to live
with was an
11/23 that had more hdwe bugs than all issues of windows
combined since DOS5.0. Dec field engineers changed every
piece in that thing except the frame rail with the serial
number and all they managed to do was
is this older link still working and keeping realtime track of updates?
http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/
specifically this link
http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/jhardin/
since i have been watching these devels
thanks
- rh
or create a bug to have dnswl use trusted_networks from
local.cf in spamassassin
Benny
can you help me / us better understand what you are getting at here and why?
something you already do or implement?
i wish i knew a better way to ask the question(s) so that you could better
help
In the absence of evidence to the contrary, yes.
If it's that big a problem for you in real life, then you
should be able to provide FNs to the masscheck corpora that
will _prove_ these scores are too generous.
We understand your philosophical objection. Providing hard
evidence of
Justin,
We were able to knock off 4 items in the Amazon USA list with expedited
shipping 8 to 16 days from USA.
hopefully it will take them off your wish list...
Yes, we would love to see your ummm Sought rules back online if they are not
already
are they?
if you need us to put an
Hopefully you didn't buy him that brewing book, or we'll
NEVER get any more rules out of him! :^)
snip
Is there anything that would help out the cause,
hardware-wise? I think I remember Justin saying that privacy
concerns about the email corpus made sharing the load
impossible --
It would be nice to be able to throw some cycles at this
problem, but it might take more more to figure out how to do
that safely than it's worth?
Anyway, if something gets figured out count me in on
contributing space CPU time.
couldnt the data be encoded and then unencoded during
do i need to read the apache foundation docs somewhere?
You're of course more than welcome to. Perhaps the best
place to start is here [4] and here [5].
[1] http://spamassassin.apache.org/
[2] http://svn.apache.org/repos/asf/spamassassin/trunk/CREDITS
[3]
Nope. It works. I'm looking at 3.3 carefully but nothing
stands out.
--
Jo Rhett
Jo,
do you have changes / hopes / ideas / suggestions for SA to make it better
or more better or whatever?
- rh
Cc: Spamassassin users list
Subject: Re: [sa] Re: FH_DATE_PAST_20XX
Damn -- mea culpa. When we fixed the bug in SVN trunk in bug
5852, I should have immediately backported it to the 3.2.x
sa-update channel when I commited that patch, but I didn't.
It's now fixed in updates, but
The easiest way to see what is being changed since your last
sa-update is to first sa-update /tmp and diff. The change is
trivial but significant...
snip
-jeff
thanks Jeff,
umm what we saw was that the first FH_DATE_PAST_20XX update rule push wasnt
actually corrected...
the
/20[1-9][0-9]/ -- /20[2-9][0-9]/
RW,
thank you...
exactly what we thought.
exactly what others said/thought.
we changed it to this before the update and still had the issue.
so we changed back to the older version and then zero'd the score.
waitied for the update
after the update,
The rule is probably also defined in some other file.
Are you using 00_FVGT_File001.cf? If so check there.
00_FVGT_File001.cf is updated on the rulesemporium site also
where its based so you could fetch a new copy there also if needed.
From: Christian Brel
Sensible folk know people like Return Path will never grow
the balls to stand up to eBay, they will just take the money
and smile.
Christian Brel,
are you suggesting that orgs like Return Path buy some body part growth
pharma ?
;-
- rh
From: tonjg [mailto:t...@freeuk.com]
On 01/13/2010 07:22 PM, tonjg wrote:
thanks for your response Ned.
your last line describes exactly what I want to do - reject
mail, do it at the smtp stage in sendmail - but I don't know
how to achieve this.
--
TonJ,
From: Adam Katz
I can definitely relate. My $10 Titan Peeler is less
effective than a rusty old pocketknife, and it somehow cost
me $43 (had to buy two, shipping was about 2x the cost).
Not only that, but I never saw the total price until the
order had finished, and I couldn't
Ask your customers - block the ads for a while and see if
anyone complains.
/Per Jessen, Zürich
that's right, experts should always ask the uninformed or unqualified.
;-)
- rh
I have them blocked here because they have sent me two
totally unsolicited emails that got through hostkarma
whitelist. They were on my dubious list because of stories
I've heard about them. This places them on my specific
blacklist. This is a particularly large problem given their
This is a tricky decision. What they Free Credit Report /
Experian is doing is fraudulent. Although they aren't
stealing they way phishers are, just because they aren't just
as bad. In fact I suspect they rip off far more people than
phishers do. I'm thinking about black listing them but
Yes, complaining instead of notifying the right people. Way to go!
karsten,
woooh!
you are welcome! :-)
since i dont know who it is, what do you expect?
this isnt the first post to the list about it...
there was another thread or two about it in the recent past... i.e. 1 to 3
Per,
Must be why Marc asked the list too :-)
so, that is why you responded?
are you the uninformed, or the unqualified? or both?
;-
But seriously, in a case like this, who better to ask than
the people you are serving?
but seriously, *all* necessary things considered to make a
The spam/ham decision is always in the eye of the beholder.
One persons spam is another ones ham.
/Per Jessen, Zürich
Per,
you are right!
i am seeing you filling out those free credit report URL's frequently...
:-)
yet...
the thing really is, i havent figured how to block
in regards to
http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/jhardin/
Q1) what does this annotation mean?
* Do not publish the ADVANCE_FEE re-evolve test rules! *
we frequently check for updates and it appears that we shouldnt at this time
until ???
Q2) when? :-)
tia
-
-Original Message-
From: Spamassassin List [mailto:spamassassinl...@gmail.com]
Sent: Thursday, January 28, 2010 12:24 AM
To: 'Warren Togami'; 'SpamAssassin Dev'; 'SpamAssassin Users List'
Subject: RE: spamassassin-3.3.0 for Fedora/RHEL
http://wtogami.livejournal.com/33674.html
Just try it out. You will find that the detection rate
without SARE is excellent and there's likely no benefit from
SARE. Most SARE are well outdated. This applies to 3.2.5 as well.
Kai
Kai
i appreciate your input, yet i really wanted Warren to answer for his blog
post on it in
http://www.returnpath.net/blog/2010/01/spamassasin-rarely-misses.php
Yeah, it's partly self-serving, but that's what corporate
blogs are for. The people who read this blog are mostly
marketers with very little exposure to the open source
community, so this should help them
Now THAT is off-topic. We are discussing the use of SA at SMTP time.
Please stay on-topic for this group, and for this thread.
If you actually care to continue, I expect a reasonable
response to my arguments about rejection being better than
bouncing or silent diversion.
Geez, you
greetings, :-)
coupla days ago upgraded from 3.2.5 to 3.3.1 on a production centos4 machine
all 3.2.5 old files and dirs and all conflicting/duplicate rules removed
from machine.
it appears that overall things went quite well
2 days later doing some normal log parsing i noticed this
greetings :-)
config is centos4 SA 3.3.1 upgraded from SA 3.2.5
having spent the better part of a two days searching as well as trying
different configs and SA restarts
no good results
we do not have a hardware horsepower resource starvation issue
this machine does *not* use SQL for
notes:
when using flock as the file locking in
/etc/mail/spamassassin/local.cf we get
spamd[2489]: bayes: cannot open bayes databases
/home/spamd/.spamassassin/bayes_* R/W: lock failed:
Interrupted system call
spamd[2489]: bayes: cannot open bayes databases
I'd guess that you have a bayes expire running that is either
taking too long or not finishing and leaving lock files around.
Turn off bayes_auto_expire and use bayes_learn_to_journal.
Add a cron job to periodically sa-learn --sync (say hourly)
and another cron job to do sa-learn
That was going to be my guess, too. You're not swapping, or
having some other i/o issue are you?
/Jason
no sir
i shutdown spamassassin
backed it all up
dusted bayes
started spamassassin
retrained 200 plus of each
seems ok so far...
3.2.5 was working awesome overall yet
add to that rule
else
score
gmail is both spf and dkim meta this for this score in a
else, where one score is real users that use gmail properly,
and one that dont :=)
so here the rule will give 2 scores when it mathes depending
on dkim/spf pass
benny,
what do you mean
Having full rDNS isn't the issue.
What probably happened was something like this:
1) your ISP reported their dynamic addresses to SORBS, or
SORBS inferred them via various means.
2) SORBS listed those addresses in DUL
3) Your ISP ran low on static addresses, and allocated to
At 10:18 20-04-10, LuKreme wrote:
I got a mail from Paypal, but it is not FROM paypal, but it
appears to
have passed DKIM
If it passed DKIM and it is signed by info.paypal.com, it's
from Paypal.
Regards,
-sm
the biggest problem i ever saw was when paypal email was coming
In particular, I find these two paragraphs from
Mail::SpamAssassin::Conf to be contradictory:
Trusted relays that accept mail directly from
dial-up connections
(i.e. are also performing a role of mail submission
agents - MSA)
should not be listed in
Yes, it is a known issue. Fixed in SVN already, and will be
shipped with the next release 3.3.2.
when will 3.3.2 be pushed out?
- rh
Agreed. Seems to me that any discussion related to blocking
spam is relevant.
no Perkel, everthing posted is not necessarily acceptable, helpful and/or
relevant.
especially when spamming the list for your tarbaby stuff, free or not.
it appears to me that you used to be a lot more
this is not urls, but ip blacklisted dns ip
url is another test
--
xpoint
benny,
it appears you might have it backwards...
http://www.spamhaus.org/dbl/
http://www.spamhaus.org/faq/answers.lasso?section=Spamhaus%20DBL#287
- rh
benny
i meant your description of DBL
i went to their website and everything they said was opposite of what you
said
- rh
This is a misunderstanding. I am largely against
whitelisting or negative score rules. I merely intend to
increase the variety of legitimate mail in the nightly ham
corpus so our spam-hostile rules can be better tested for
safety. This will be interesting especially with non-English
1 - 100 of 117 matches
Mail list logo